Jump to content

Recommended Posts

Hello-

Heres a timeline of what happened.

EVENING 1: Powered on computer and Windows XP did not open normally. Instead, DOS message saying something like "WINDOWS.CMD missing. Please run WIndows install disk repair program and hit R when requested...." (I'm paraphrasing here.) I did have to run my Windows XP install disk and repair (did not reformat).

After getting into Windows finally, my AVG antivirus popped on and said it couldn't find my license key and was shutting down. Immediately I got popups for the rogue "XP 2011 Antivirus" which I knew was malware. I kind of knew how to handle it and immediately wanted to repair my AVG. I changed to an unaffected user profile and was able to get my AVG repaired, and in turn, able to install Spybot S&D and run scans on AVG and also Spybot S&D. I found 10 trojans on AVG and 100 malware on Spybot S&D. I then went to bed while running a second scan on AVG.

DAY 2: I woke to find that on my user profile (the affected one) I had no desktop, no "my documents", indeed, nothing except a "cookies" folder and a recycle bin. The other unaffected user profile still worked. I ran alternating scans all day long of AVG and Spybot S&D and kept finding different trojans and malware. While watching the scans, I saw that my old files from my desktop and "my documents" are still, indeed, in the computer somewhere, presumably being held hostage by the malware, but I cannot find them.

DAY 3: I continued to run alternating scans of AVG and Spybot S&D but make little progress. I attempt to log into forums for help like this but my browser is also hijacked and shuts down when I go to sites like this. I finally manage to install Malwarebytes and run a scan, which finds a crop of 12 Malware that I don't think Spybot S&D had found. Afterward, my computer runs a "little" better but still, my files are missing and browser hijacked. I attempt to use self-help instructions from "bleepingcomputer" for taking care of the original malware XP 2011 antivirus. This calls for running a series of things, including eXplorer, Malwarebytes and something else at the beginning (I apologize, I don't remember) but it doesn't take care of the problem. At the end of the day, we uninstall AVG and install an alternate antivirus, partly because we are losing confidence in AVG since it did let all this into our computer in the first place even though it was running all the time. When the new antivirus seems to cause more problems than anything we uninstall it and then attempt to reinstall AVG, and cannot now.

I need help removing all bits of the old installation of AVG and the other antivirus so that I can reinstall AVG, in addition to help with the rogues, malware, trojans, etc. I doubt I have a functional antivirus on my computer at present, though my computer is not warning me about that right now.

I am unable to run a malwarebytes scan right now. It gave me two error messages and told me to tell you these errors. So here they are:

From MalwareBytes

ERROR: 702 (0, 453)

ERROR: 723 (3, 0)

Below is my DDS log pasted in. I have attached my GMER and DDS attach logs. Thank you so much for your patience with my story and I hope someone can help me.

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Rich at 9:57:39 on 2011-05-25

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.516 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\Shelly\Local Settings\Application Data\CrossLoop\CrossLoopService.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\Rich\Application Data\Dropbox\bin\Dropbox.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Documents and Settings\Rich\Desktop\dds.scr

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://click.marshallsonline.com/r/U0LKM/95WTN/IQBTH0/0DOLP/GE3JO/6V/h?a=M_EM600

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [bDAgent] "c:\program files\defender pro\defender pro 15-in-1\bdagent.exe"

mRun: [Defender Pro Antiphishing Helper] "c:\program files\defender pro\defender pro 15-in-1\ieshow.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNTEwMzU1NjA4LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzItTElDKzItRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VQKzMtU1AxUzIrMQ"&"prod=90"&"ver=10.0.1375

StartupFolder: c:\docume~1\rich\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rich\application data\dropbox\bin\Dropbox.exe

IE: &Search - ?s=100000341&p=GRfox000&si=&a=PjcYrHBHYYfTbL.vq8uJJA&n=2010082211

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\rich\application data\mozilla\firefox\profiles\in5o33rt.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R2 CrossLoopService;CrossLoop Service;c:\documents and settings\shelly\local settings\application data\crossloop\CrossLoopService.exe [2011-3-10 560848]

R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-21 203264]

S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2011-3-8 14336]

S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2011-3-8 18432]

S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2010-6-1 153760]

S3 tvnserver;TightVNC Server;c:\documents and settings\shelly\local settings\application data\crossloop\tvnserver.exe [2011-3-10 814080]

.

=============== Created Last 30 ================

.

2011-05-25 13:13:26 -------- d-----w- c:\documents and settings\all users\application data\bdch

2011-05-25 11:57:04 -------- d-sh--w- c:\documents and settings\rich\PrivacIE

2011-05-25 11:53:11 -------- d-sh--w- c:\documents and settings\rich\IETldCache

2011-05-25 11:33:16 -------- dc-h--w- c:\windows\ie8

2011-05-25 11:24:59 -------- d-----w- C:\c90852e77b64318d9926

2011-05-25 04:44:01 -------- d-----w- c:\documents and settings\all users\application data\BitDefender

2011-05-25 04:41:48 -------- d-----w- c:\documents and settings\rich\application data\Defender Pro

2011-05-25 04:39:22 -------- d-----w- c:\program files\Defender Pro

2011-05-25 04:06:41 -------- d-----w- c:\documents and settings\rich\application data\QuickScan

2011-05-25 03:24:51 -------- d-----w- c:\documents and settings\all users\application data\Defender Pro

2011-05-25 03:19:37 100723 ----a-w- c:\documents and settings\all users\application data\bdinstall.bin

2011-05-24 19:30:08 388096 ----a-r- c:\documents and settings\rich\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-24 19:30:07 -------- d-----w- c:\program files\Trend Micro

2011-05-24 15:37:40 -------- d-----w- c:\documents and settings\rich\application data\Malwarebytes

2011-05-24 15:37:33 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-24 15:37:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-05-24 15:37:28 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-24 15:37:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-23 22:00:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-23 22:00:00 711672 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2011-05-23 18:29:44 135168 ----a-w- c:\windows\system32\igfxres.dll

2011-05-23 06:12:06 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-05-23 06:12:06 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-05-23 03:22:42 -------- d-----w- c:\documents and settings\rich\local settings\application data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}

2011-05-23 03:10:57 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll

2011-05-23 03:09:59 7680 -c--a-w- c:\windows\system32\dllcache\kbdnecnt.dll

2011-05-23 03:08:56 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe

2011-05-23 03:05:45 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2011-05-23 03:05:45 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe

2011-05-23 02:52:36 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2011-05-23 02:52:36 24661 ----a-w- c:\windows\system32\spxcoins.dll

2011-05-23 02:52:36 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2011-05-23 02:52:36 13312 ----a-w- c:\windows\system32\irclass.dll

2011-05-23 02:52:05 13753 ----a-r- c:\windows\SETFB.tmp

2011-05-23 02:52:02 1086058 ----a-r- c:\windows\SETEF.tmp

2011-05-23 02:52:00 1042903 ----a-r- c:\windows\SETEC.tmp

2011-05-22 21:01:01 0 ----a-w- c:\windows\Tnisisequp.bin

2011-05-20 02:54:04 -------- d-----w- c:\documents and settings\rich\local settings\application data\ArcSoft

2011-05-19 13:14:38 -------- d-----w- c:\documents and settings\all users\application data\ArcSoft

2011-05-19 13:13:32 18688 ----a-w- c:\windows\system32\drivers\afc.sys

2011-05-04 17:10:58 -------- d-----w- c:\windows\LMI9.tmp

2011-05-03 01:21:32 -------- d-----w- c:\windows\ASTULogTemp

.

==================== Find3M ====================

.

2011-03-07 02:08:13 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll

2011-03-07 00:52:09 134512 ----a-w- c:\windows\system32\ElbyVCD.dll

2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST340014A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86E814D0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86e877f0]; MOV EAX, [0x86e8786c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E3D45] -> \Device\Harddisk0\DR0[0x86D22AB8]

3 CLASSPNP[0xF77F705B] -> nt!IofCallDriver[0x804E3D45] -> \Device\0000005c[0x86FAC030]

5 ACPI[0xF774D620] -> nt!IofCallDriver[0x804E3D45] -> [0x86F60940]

\Driver\atapi[0x86F92C78] -> IRP_MJ_CREATE -> 0x86E814D0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x86E8131B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 10:02:37.35 ===============

attach.txt

ark.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt in your reply.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt in your reply.

Thank you for your assistance.

I ran the TDSS as you asked and posted that log below.

I then attempted to update/run the MBAM and got the same errors I got the last time I tried to run it. I was wondering if I should uninstall it and do a fresh re-install of it but wanted to ask you first before doing that.

I didn't do the DDS yet since I was not able to do MBAM yet. Please advise about how to handle the fact that MBAM still won't let me run it. Thanks-

Here's the TDSS log:

2011/05/26 16:53:51.0156 2300 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/05/26 16:53:51.0484 2300 ================================================================================

2011/05/26 16:53:51.0484 2300 SystemInfo:

2011/05/26 16:53:51.0484 2300

2011/05/26 16:53:51.0484 2300 OS Version: 5.1.2600 ServicePack: 2.0

2011/05/26 16:53:51.0484 2300 Product type: Workstation

2011/05/26 16:53:51.0484 2300 ComputerName: OFFICECOMPUTER

2011/05/26 16:53:51.0484 2300 UserName: Rich

2011/05/26 16:53:51.0484 2300 Windows directory: C:\WINDOWS

2011/05/26 16:53:51.0484 2300 System windows directory: C:\WINDOWS

2011/05/26 16:53:51.0484 2300 Processor architecture: Intel x86

2011/05/26 16:53:51.0484 2300 Number of processors: 1

2011/05/26 16:53:51.0484 2300 Page size: 0x1000

2011/05/26 16:53:51.0484 2300 Boot type: Normal boot

2011/05/26 16:53:51.0484 2300 ================================================================================

2011/05/26 16:53:53.0062 2300 Initialize success

2011/05/26 16:53:57.0328 2516 ================================================================================

2011/05/26 16:53:57.0328 2516 Scan started

2011/05/26 16:53:57.0328 2516 Mode: Manual;

2011/05/26 16:53:57.0328 2516 ================================================================================

2011/05/26 16:54:02.0609 2516 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/26 16:54:03.0093 2516 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/26 16:54:03.0859 2516 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/05/26 16:54:04.0359 2516 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/05/26 16:54:04.0765 2516 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys

2011/05/26 16:54:05.0640 2516 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2011/05/26 16:54:07.0484 2516 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/05/26 16:54:08.0703 2516 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/26 16:54:09.0078 2516 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/26 16:54:09.0687 2516 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/26 16:54:10.0078 2516 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/26 16:54:10.0625 2516 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/05/26 16:54:11.0156 2516 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/26 16:54:11.0781 2516 BENDER (fc6d0c2f327a5f716fdfdc24a305aceb) C:\WINDOWS\system32\drivers\bender.sys

2011/05/26 16:54:12.0187 2516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/26 16:54:12.0531 2516 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/05/26 16:54:13.0156 2516 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/26 16:54:13.0500 2516 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/26 16:54:13.0828 2516 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/26 16:54:15.0609 2516 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/26 16:54:16.0265 2516 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/26 16:54:16.0984 2516 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/26 16:54:17.0390 2516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/26 16:54:17.0765 2516 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/26 16:54:18.0359 2516 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/26 16:54:18.0703 2516 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

2011/05/26 16:54:19.0125 2516 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/26 16:54:19.0531 2516 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/05/26 16:54:19.0953 2516 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/26 16:54:20.0343 2516 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/05/26 16:54:20.0906 2516 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/05/26 16:54:21.0500 2516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/26 16:54:21.0890 2516 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/26 16:54:22.0265 2516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/05/26 16:54:22.0593 2516 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/26 16:54:22.0953 2516 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/26 16:54:23.0625 2516 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/05/26 16:54:24.0000 2516 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/05/26 16:54:24.0515 2516 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/05/26 16:54:25.0171 2516 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/26 16:54:26.0250 2516 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/26 16:54:27.0093 2516 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/05/26 16:54:27.0906 2516 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/26 16:54:28.0656 2516 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/05/26 16:54:28.0984 2516 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/26 16:54:29.0390 2516 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/05/26 16:54:29.0843 2516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/26 16:54:30.0281 2516 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/26 16:54:30.0671 2516 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/26 16:54:31.0078 2516 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/26 16:54:31.0453 2516 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/26 16:54:31.0968 2516 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/26 16:54:32.0500 2516 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/26 16:54:32.0890 2516 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/26 16:54:33.0421 2516 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/26 16:54:33.0906 2516 LGDDCDevice (87d6731f70d017590e12735ecc746cde) C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys

2011/05/26 16:54:34.0031 2516 LGII2CDevice (089010666d9ea3bd17afede301950b09) C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys

2011/05/26 16:54:34.0468 2516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/26 16:54:34.0828 2516 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/26 16:54:35.0281 2516 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/26 16:54:35.0671 2516 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/26 16:54:36.0250 2516 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/26 16:54:37.0000 2516 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/26 16:54:37.0593 2516 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/26 16:54:38.0140 2516 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/26 16:54:38.0531 2516 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/26 16:54:38.0875 2516 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/26 16:54:39.0265 2516 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/26 16:54:39.0609 2516 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/26 16:54:39.0984 2516 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/05/26 16:54:40.0421 2516 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/26 16:54:40.0781 2516 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/05/26 16:54:41.0203 2516 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/26 16:54:41.0609 2516 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/05/26 16:54:41.0937 2516 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/26 16:54:42.0296 2516 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/26 16:54:42.0687 2516 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/26 16:54:43.0062 2516 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/26 16:54:43.0484 2516 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/26 16:54:43.0890 2516 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/26 16:54:44.0406 2516 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/05/26 16:54:44.0781 2516 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/26 16:54:45.0390 2516 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/26 16:54:45.0921 2516 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/26 16:54:46.0328 2516 nuvaud2 (363be28dda6160610d7361ed368f1813) C:\WINDOWS\system32\DRIVERS\nuvaud2.sys

2011/05/26 16:54:46.0734 2516 NUVision (45c4a903426c96b5a824f69c859f9ca1) C:\WINDOWS\system32\DRIVERS\nuvvid2.sys

2011/05/26 16:54:47.0156 2516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/26 16:54:47.0578 2516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/26 16:54:47.0953 2516 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/05/26 16:54:48.0468 2516 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/26 16:54:48.0875 2516 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/26 16:54:49.0234 2516 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/26 16:54:49.0703 2516 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/26 16:54:50.0578 2516 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

2011/05/26 16:54:51.0000 2516 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/26 16:54:53.0593 2516 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/26 16:54:53.0968 2516 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/26 16:54:54.0468 2516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/26 16:54:56.0359 2516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/26 16:54:56.0718 2516 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/26 16:54:57.0140 2516 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/26 16:54:57.0531 2516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/26 16:54:57.0921 2516 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/26 16:54:58.0343 2516 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/26 16:54:58.0812 2516 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/26 16:54:59.0265 2516 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/26 16:54:59.0671 2516 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys

2011/05/26 16:55:00.0125 2516 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/05/26 16:55:00.0484 2516 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/05/26 16:55:00.0890 2516 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/26 16:55:01.0250 2516 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/26 16:55:01.0703 2516 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/26 16:55:02.0093 2516 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/26 16:55:02.0828 2516 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/05/26 16:55:03.0562 2516 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys

2011/05/26 16:55:04.0546 2516 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/26 16:55:04.0937 2516 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/26 16:55:05.0437 2516 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/26 16:55:05.0968 2516 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/05/26 16:55:06.0296 2516 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/26 16:55:06.0828 2516 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/26 16:55:08.0406 2516 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/26 16:55:08.0937 2516 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/26 16:55:09.0453 2516 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/26 16:55:09.0828 2516 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/26 16:55:10.0203 2516 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/26 16:55:10.0984 2516 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/26 16:55:11.0781 2516 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/26 16:55:12.0234 2516 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/05/26 16:55:12.0562 2516 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/26 16:55:12.0906 2516 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/26 16:55:13.0281 2516 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/26 16:55:13.0687 2516 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/26 16:55:14.0015 2516 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/26 16:55:14.0359 2516 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/26 16:55:14.0750 2516 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/26 16:55:15.0093 2516 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys

2011/05/26 16:55:15.0453 2516 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/05/26 16:55:16.0062 2516 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/26 16:55:16.0421 2516 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/26 16:55:16.0843 2516 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

2011/05/26 16:55:17.0343 2516 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/05/26 16:55:18.0140 2516 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/26 16:55:18.0578 2516 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/05/26 16:55:19.0000 2516 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/05/26 16:55:19.0375 2516 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/26 16:55:19.0796 2516 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/26 16:55:19.0921 2516 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/05/26 16:55:19.0937 2516 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/26 16:55:19.0937 2516 ================================================================================

2011/05/26 16:55:19.0937 2516 Scan finished

2011/05/26 16:55:19.0937 2516 ================================================================================

2011/05/26 16:55:19.0968 0356 Detected object count: 1

2011/05/26 16:55:19.0968 0356 Actual detected object count: 1

2011/05/26 16:55:28.0578 0356 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/26 16:55:28.0687 0356 \Device\Harddisk0\DR0 - ok

2011/05/26 16:55:28.0687 0356 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/05/26 16:55:38.0109 2416 Deinitialize success

Link to post
Share on other sites

I answered my own question. I decided to uninstall MBAM and reinstall it. I was never going to get anywhere with it the way it was installed before.

Having said that, here are my current MBAM logs and my DDS logs, and attached the DDS log that it creates for that purpose also. Thanks again-

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6686

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

5/26/2011 6:10:18 PM

mbam-log-2011-05-26 (18-10-18).txt

Scan type: Quick scan

Objects scanned: 214049

Time elapsed: 30 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Rich\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Rich at 18:13:57 on 2011-05-26

.

============== Running Processes ===============

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\Shelly\Local Settings\Application Data\CrossLoop\CrossLoopService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Documents and Settings\Rich\Application Data\Dropbox\bin\Dropbox.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\Rich\Desktop\dds.scr

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://click.marshallsonline.com/r/U0LKM/95WTN/IQBTH0/0DOLP/GE3JO/6V/h?a=M_EM600

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [bDAgent] "c:\program files\defender pro\defender pro 15-in-1\bdagent.exe"

mRun: [Defender Pro Antiphishing Helper] "c:\program files\defender pro\defender pro 15-in-1\ieshow.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNTEwMzU1NjA4LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzItTElDKzItRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VQKzMtU1AxUzIrMQ"&"prod=90"&"ver=10.0.1375

IE: &Search - ?s=100000341&p=GRfox000&si=&a=PjcYrHBHYYfTbL.vq8uJJA&n=2010082211

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\rich\application data\mozilla\firefox\profiles\in5o33rt.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R? LGDDCDevice;LGDDCDevice

R? LGII2CDevice;LGII2CDevice

R? NUVision;NUVision II Video Service

R? tvnserver;TightVNC Server

S? BENDER;Pinnacle AV/DV2 Capture

S? CrossLoopService;CrossLoop Service

.

=============== Created Last 30 ================

.

2011-05-26 21:34:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-26 21:34:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-26 21:34:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-25 13:13:26 -------- d-----w- c:\documents and settings\all users\application data\bdch

2011-05-25 11:57:04 -------- d-sh--w- c:\documents and settings\rich\PrivacIE

2011-05-25 11:53:11 -------- d-sh--w- c:\documents and settings\rich\IETldCache

2011-05-25 11:33:16 -------- dc-h--w- c:\windows\ie8

2011-05-25 11:24:59 -------- d-----w- C:\c90852e77b64318d9926

2011-05-25 04:44:01 -------- d-----w- c:\documents and settings\all users\application data\BitDefender

2011-05-25 04:41:48 -------- d-----w- c:\documents and settings\rich\application data\Defender Pro

2011-05-25 04:39:22 -------- d-----w- c:\program files\Defender Pro

2011-05-25 04:06:41 -------- d-----w- c:\documents and settings\rich\application data\QuickScan

2011-05-25 03:24:51 -------- d-----w- c:\documents and settings\all users\application data\Defender Pro

2011-05-25 03:19:37 100723 ----a-w- c:\documents and settings\all users\application data\bdinstall.bin

2011-05-24 19:30:08 388096 ----a-r- c:\documents and settings\rich\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-05-24 19:30:07 -------- d-----w- c:\program files\Trend Micro

2011-05-24 15:37:40 -------- d-----w- c:\documents and settings\rich\application data\Malwarebytes

2011-05-24 15:37:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-05-23 22:00:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-23 22:00:00 711672 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2011-05-23 18:29:44 135168 ----a-w- c:\windows\system32\igfxres.dll

2011-05-23 06:12:06 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-05-23 06:12:06 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-05-23 03:22:42 -------- d-----w- c:\documents and settings\rich\local settings\application data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}

2011-05-23 03:10:57 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll

2011-05-23 03:09:59 7680 -c--a-w- c:\windows\system32\dllcache\kbdnecnt.dll

2011-05-23 03:08:56 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe

2011-05-23 03:05:45 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2011-05-23 03:05:45 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe

2011-05-23 02:52:36 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2011-05-23 02:52:36 24661 ----a-w- c:\windows\system32\spxcoins.dll

2011-05-23 02:52:36 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2011-05-23 02:52:36 13312 ----a-w- c:\windows\system32\irclass.dll

2011-05-23 02:52:05 13753 ----a-r- c:\windows\SETFB.tmp

2011-05-23 02:52:02 1086058 ----a-r- c:\windows\SETEF.tmp

2011-05-23 02:52:00 1042903 ----a-r- c:\windows\SETEC.tmp

2011-05-22 21:01:01 0 ----a-w- c:\windows\Tnisisequp.bin

2011-05-20 02:54:04 -------- d-----w- c:\documents and settings\rich\local settings\application data\ArcSoft

2011-05-19 13:14:38 -------- d-----w- c:\documents and settings\all users\application data\ArcSoft

2011-05-19 13:13:32 18688 ----a-w- c:\windows\system32\drivers\afc.sys

2011-05-04 17:10:58 -------- d-----w- c:\windows\LMI9.tmp

2011-05-03 01:21:32 -------- d-----w- c:\windows\ASTULogTemp

.

==================== Find3M ====================

.

2011-03-07 02:08:13 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll

2011-03-07 00:52:09 134512 ----a-w- c:\windows\system32\ElbyVCD.dll

2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

.

============= FINISH: 18:16:36.01 ===============

attach1.txt

Link to post
Share on other sites

As I am unwilling to wait 3+ days without a working antivirus on my system with "who-knows-what going on"... I went ahead and figured out how to completely remove AVG and reinstall it without your help.

I also figured out how to reveal my files that the malware had hidden.

My computer is running better. I did everything asked yesterday in the one message that I did receive. I need to know what the next step is or if my computer is clean at this time. I do appreciate the help.

Link to post
Share on other sites

  • Staff

shelly89,

Please accept my sincerest apologies for the delay. I wasn't notified of your responses and will ensure that it doesn't happen again.

Please download Unhide.exe by Grinler and save it to your Desktop.

Run it, then restart your computer.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Of course I accept your apologies. Thanks so much for your help and time.

I am unable to run "unhide". I think the file associations are messed up. It is asking me what to use to open the program. The icon looks okay, like a (white suitcase with a red cross) so I thought that it downloaded okay, but as I said, when I double clicked on it, the computer asked me what to use to run it.

Also, right clicking is lagging/freezing up on my computer now. I right clicked on my desktop hoping to rearrange the icons in order to find "unhide" in the first place, and it never did bring up the menu for arranging icons. Then, I right clicked on "unhide" in order to maybe see the properties of it, and never did get properties of it. I decided to come here instead and let you know what is going on.

Didn't get too far, in other words. Just downloaded "unhide".

Link to post
Share on other sites

Of course I accept your apologies. Thanks so much for your help and time.

I am unable to run "unhide". I think the file associations are messed up. It is asking me what to use to open the program. The icon looks okay, like a (white suitcase with a red cross) so I thought that it downloaded okay, but as I said, when I double clicked on it, the computer asked me what to use to run it.

Also, right clicking is lagging/freezing up on my computer now. I right clicked on my desktop hoping to rearrange the icons in order to find "unhide" in the first place, and it never did bring up the menu for arranging icons. Then, I right clicked on "unhide" in order to maybe see the properties of it, and never did get properties of it. I decided to come here instead and let you know what is going on.

Didn't get too far, in other words. Just downloaded "unhide".

Yes, unfortunately, I'm getting nowhere. I was unable to run "unhide". It tries to run it as a WinRAR file. I vaguely remember a glitch years ago where my computer changed winzip files to winrar files but I cannot remember why. I think this has more to do with the virus this time though.

Then, I tried to do the ESET program. It keeps hanging on step 3 of 4 at a certain point. I tried twice and spent about 3 hours on it. The file it is hanging on is an old installation of a bad antivirus called defender pro 15 in 1. So, I tried to delete that with Revo. Again, my computer will not let me run the revo.exe file, treating it as a winRAR file instead. Something is wrong with associations.

Sorry that I cannot follow the directions you left for me, but I guess you will have to help me with this association problem first. I tried to research it myself but I'm thinking I'd rather you direct me.

Thanks again.

Link to post
Share on other sites

Okay, I managed to run "unhide" although it didn't seem to do much.

Then I did manage to run "Revo" uninstaller which I simply HAD to do because every time I tried to run ESET it would hang on a certain file (an installation file for an old antivirus we had on the computer). I had to get all the old remnants of that off the computer. I went into a less affected user profile and the file associations are not affected on that user profile. I am able to run .exe files okay, in other words. I ran Revo, completely uninstalled all registry components of that old antivirus we are no longer using, and then was able to run ESET, albeit it took 4 hours to run a scan of my computer. I pasted the log below.

Then I ran your Security Check and posted that log below as well.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=65525a783a0e8e4bb2d76b7ff273b3bc

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-05-29 05:58:44

# local_time=2011-05-29 01:58:44 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1032 16777173 100 95 0 49755045 0 0

# compatibility_mode=4864 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=25379

# found=0

# cleaned=0

# scan_time=3839

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=65525a783a0e8e4bb2d76b7ff273b3bc

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2011-05-30 05:11:15

# local_time=2011-05-30 01:11:15 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1032 16777173 100 95 0 49841200 0 0

# compatibility_mode=4864 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=19471

# found=0

# cleaned=0

# scan_time=1226

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=65525a783a0e8e4bb2d76b7ff273b3bc

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-05-30 08:51:52

# local_time=2011-05-30 04:51:52 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1032 16777173 100 95 0 49842546 0 0

# compatibility_mode=4864 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=175167

# found=4

# cleaned=4

# scan_time=13114

C:\Documents and Settings\Shelly\Application Data\Sun\Java\Deployment\cache\6.0\12\3cc664c-59e71813 probably a variant of Java/Exploit.CVE-2010-4452.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Shelly\Local Settings\Temp\nsm102.tmp\seekapp.exe Win32/Adware.OneStep.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\Annies amazing things\More stuff from old computer\dxplayer.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.12

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2011

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 23

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.2.159.1

Adobe Reader 9.4.4

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..)

Mozilla Thunderbird (3.1.9)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

You asked me to let you know how things are running afterward. I am posting the scans immediately in order to get a response from you as soon as possible, to be perfectly honest. I'm guessing that the remaining issues are going to be the trouble with file associations (trouble running .exe files on the affected user profile) unless that was cleared up when ESET scanned and quarantined some nasties. I'll tinker around and see how things run I guess. Thanks again for your help.

I really do need this computer to be operational as I have missed an entire week of work on it, although an insecure computer is of no use to me in my line of work, so it has to be done correctly, and again, many thanks for your volunteering your time to help me out.

Link to post
Share on other sites

Okay, since you asked me to let you know how it is running after I did the scans, and now that I have been tinkering around with it a bit.... some information. I managed to fix the .exe error myself, I believe, by following instructions provided by other people in adjusting registry settings for the keys in "HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command" and also "HKEY_CLASSES_ROOT\.exe". Seems to have worked like a charm.

Now... I see in your Security scan that it is saying I am running on Windows Service pack 2 and that all my Java, Adobe, etc... are out of date. I think the virus somehow did that. I was on Service pack 3, I'm sure I was. My computer, during this virus ordeal, started showing the red shield and telling me that my automatic update is not turned on. When I click on it, it says it cannot activate automatic update from that location and that I must go to the control panel to activate automatic update. However, when I go to the control panel to activate automatic updates, I already have them turned on. Something screwy going on there.

I am going to send you a private message as I have posted multiple times here in the last 24 hours and haven't heard anything, so I am wondering if possibly the notification is not working again (although I acknowledge you might be busy... it is just too difficult for me to konw for sure...). Not complaining, just covering all the bases by sending a message. Hope I'm not being rude.

Thanks.

Link to post
Share on other sites

  • Staff

Hi,

Thanks for the poke, but keep in mind that every time you reply, you get pushed to the bottom of my reply-to list.

Please download exeHelper from one of these two places:

http://www.raktor.net/exeHelper/exeHelper.com

http://www.raktor.net/exeHelper/exeHelper.scr

Save it to your Desktop and run it. When it finishes, restart your computer.

Run unhide.exe again (grab a fresh copy first).

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

Sorry about that, I actually did not realize that I was going to the end of the line every time I posted a reply to my topic.

Anyway... regarding your instructions.

I did most of what you asked. You had never asked me to run Combofix, but in case you saw some installation that I was unaware of, I attempted to uninstall it per your instructions, and it told me that it couldn't find an installation (which is kind of what I expected) so I stopped trying that.

Windows XP SP3 installed okay I believe.

The Adobe reader and flash installed okay I believe. However, every time I try to install the new Java, it tells me that something else is trying to install and I have to wait for that to finish installing before I can install the Java. This happens even after I restart the computer. I have tried about 4 times. I am not aware that I am installing anything.

Lastly, every time I do a restart, when I first enter my user profile, I get a DLL error. It says

DLL ERROR

C:\WINDOWS\mshovct.dll

The specified module could not be found

I tried googling but came up with no hits on what program uses mshovct.dll

Other than those things, everything seems to be running so much better and I am eager to use my computer again. Looking forward to hearing the "all clear". Thanks again for your help.

Link to post
Share on other sites

Okay. Ran Combofix. It required me to completely uninstall my AVG antivirus, so I have no antivirus installed right now. I am going to reinstall it, I hope I won't have to run Combofix again.

Also, at the end of Combofix, it seemed to freeze up. My desktop was completely gone, the window for Combofix said to wait a few seconds for the log file to pop up but I waited several minutes and it never did. Eventually, I went to task manager (which it did easily) and logged out and restarted the computer in that way.

In any event, here is my Combofix log. Under that, is my new DDS log, and I attached the DDS attach log. Thanks again.

ComboFix 11-05-31.01 - Shelly 05/31/2011 15:59:43.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.559 [GMT -4:00]

Running from: C:\Documents and Settings\Shelly\Desktop\ComboFix.exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Mrs. Holcomb\Local Settings\Application Data\{4C79B0D2-E4A2-4EA6-B7E9-87FD8FB1286C}

C:\Documents and Settings\Mrs. Holcomb\Local Settings\Application Data\{4C79B0D2-E4A2-4EA6-B7E9-87FD8FB1286C}\chrome.manifest

C:\Documents and Settings\Mrs. Holcomb\Local Settings\Application Data\{4C79B0D2-E4A2-4EA6-B7E9-87FD8FB1286C}\chrome\content\_cfg.js

C:\Documents and Settings\Mrs. Holcomb\Local Settings\Application Data\{4C79B0D2-E4A2-4EA6-B7E9-87FD8FB1286C}\chrome\content\overlay.xul

C:\Documents and Settings\Mrs. Holcomb\Local Settings\Application Data\{4C79B0D2-E4A2-4EA6-B7E9-87FD8FB1286C}\install.rdf

C:\Documents and Settings\Rich\Application Data\Dealio

C:\Documents and Settings\Rich\Application Data\Dealio\res\widgets.xml

C:\Documents and Settings\Rich\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml

C:\Documents and Settings\Rich\Desktop\Scanner.lnk

C:\Documents and Settings\Rich\Local Settings\Application Data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}

C:\Documents and Settings\Rich\Local Settings\Application Data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}\chrome.manifest

C:\Documents and Settings\Rich\Local Settings\Application Data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}\chrome\content\_cfg.js

C:\Documents and Settings\Rich\Local Settings\Application Data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}\chrome\content\overlay.xul

C:\Documents and Settings\Rich\Local Settings\Application Data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}\install.rdf

C:\Documents and Settings\Rich\WINDOWS

C:\Documents and Settings\Shelly\Application Data\Adobe\plugs

C:\Documents and Settings\Shelly\Application Data\Adobe\shed

C:\Documents and Settings\Shelly\Application Data\Adobe\shed\thr1.chm

C:\Documents and Settings\Shelly\g2mdlhlpx.exe

C:\Documents and Settings\Shelly\grep.exe

C:\Documents and Settings\Shelly\pev.exe

C:\Documents and Settings\Shelly\sed.exe

C:\Documents and Settings\Shelly\setpath.exe

C:\Documents and Settings\Shelly\WINDOWS

C:\Program Files\Search Toolbar

C:\Program Files\Search Toolbar\icon.ico

C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe

C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe

E:\Autorun.inf

E:\install.exe

((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))

2011-05-31 15:08:38 . 2011-05-31 15:08:38 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2011-05-31 14:35:17 . 2011-05-31 14:35:17 -------- d-----w- C:\Program Files\Common Files\Adobe AIR

2011-05-31 03:03:05 . 2011-05-31 03:03:05 -------- d-----w- C:\Program Files\MSXML 6.0

2011-05-31 01:55:06 . 2008-06-13 11:05:51 272128 -c----w- C:\WINDOWS\system32\dllcache\bthport.sys

2011-05-31 01:54:09 . 2009-12-31 16:50:03 353792 -c----w- C:\WINDOWS\system32\dllcache\srv.sys

2011-05-31 01:53:07 . 2010-02-24 13:11:07 455680 -c----w- C:\WINDOWS\system32\dllcache\mrxsmb.sys

2011-05-31 01:52:55 . 2009-11-21 15:51:04 471552 -c----w- C:\WINDOWS\system32\dllcache\aclayers.dll

2011-05-31 01:52:11 . 2010-06-14 14:31:20 744448 -c----w- C:\WINDOWS\system32\dllcache\helpsvc.exe

2011-05-31 01:50:36 . 2009-10-15 16:28:26 81920 -c----w- C:\WINDOWS\system32\dllcache\fontsub.dll

2011-05-31 01:50:36 . 2009-10-15 16:28:26 119808 -c----w- C:\WINDOWS\system32\dllcache\t2embed.dll

2011-05-31 01:49:29 . 2009-03-06 14:22:18 284160 -c----w- C:\WINDOWS\system32\dllcache\pdh.dll

2011-05-31 01:49:28 . 2009-02-09 12:10:48 401408 -c----w- C:\WINDOWS\system32\dllcache\rpcss.dll

2011-05-31 01:49:27 . 2009-02-06 11:11:05 110592 -c----w- C:\WINDOWS\system32\dllcache\services.exe

2011-05-31 01:49:26 . 2009-02-09 12:10:48 473600 -c----w- C:\WINDOWS\system32\dllcache\fastprox.dll

2011-05-31 01:49:25 . 2009-02-06 10:10:02 227840 -c----w- C:\WINDOWS\system32\dllcache\wmiprvse.exe

2011-05-31 01:49:24 . 2009-02-09 12:10:48 453120 -c----w- C:\WINDOWS\system32\dllcache\wmiprvsd.dll

2011-05-31 01:49:22 . 2009-02-09 12:10:48 617472 -c----w- C:\WINDOWS\system32\dllcache\advapi32.dll

2011-05-31 01:49:21 . 2009-02-09 12:10:48 714752 -c----w- C:\WINDOWS\system32\dllcache\ntdll.dll

2011-05-31 01:49:12 . 2010-02-16 14:08:49 2146304 -c----w- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2011-05-31 01:49:06 . 2010-02-17 13:10:28 2189952 -c----w- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2011-05-31 01:48:54 . 2010-02-16 13:25:04 2024448 -c----w- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2011-05-31 01:44:13 . 2008-05-08 14:02:52 203136 -c----w- C:\WINDOWS\system32\dllcache\rmcast.sys

2011-05-31 01:43:36 . 2010-05-06 10:41:51 599040 -c----w- C:\WINDOWS\system32\dllcache\msfeeds.dll

2011-05-31 01:43:36 . 2010-05-06 10:41:51 55296 -c----w- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2011-05-31 01:43:32 . 2010-05-06 10:41:53 12800 -c----w- C:\WINDOWS\system32\dllcache\xpshims.dll

2011-05-31 01:43:21 . 2010-05-06 10:41:48 743424 -c----w- C:\WINDOWS\system32\dllcache\iedvtool.dll

2011-05-31 01:43:20 . 2010-05-06 10:41:50 247808 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll

2011-05-31 01:43:11 . 2010-05-06 10:41:50 1985536 -c----w- C:\WINDOWS\system32\dllcache\iertutil.dll

2011-05-31 01:41:58 . 2010-05-06 10:41:49 11076096 -c----w- C:\WINDOWS\system32\dllcache\ieframe.dll

2011-05-31 01:33:32 . 2008-10-15 16:34:24 337408 -c----w- C:\WINDOWS\system32\dllcache\netapi32.dll

2011-05-31 00:53:27 . 2008-04-13 17:27:18 79872 -c----w- C:\WINDOWS\system32\dllcache\msxml6r.dll

2011-05-31 00:53:26 . 2009-07-31 14:05:44 1372672 -c----w- C:\WINDOWS\system32\dllcache\msxml6.dll

2011-05-31 00:49:24 . 2008-04-14 00:11:54 81920 ------w- C:\WINDOWS\system32\ieencode.dll

2011-05-31 00:48:33 . 2006-12-28 19:01:31 19569 ----a-w- C:\WINDOWS\003052_.tmp

2011-05-31 00:47:53 . 2008-04-14 00:12:17 294912 -c----w- C:\WINDOWS\system32\dllcache\dlimport.exe

2011-05-31 00:20:12 . 2008-04-21 12:08:15 215552 -c----w- C:\WINDOWS\system32\dllcache\wordpad.exe

2011-05-30 23:15:13 . 2011-05-30 23:15:13 -------- d-----w- C:\Documents and Settings\Shelly\Application Data\Malwarebytes

2011-05-30 21:39:25 . 2011-05-30 21:39:25 -------- d-sh--w- C:\Documents and Settings\Shelly\IECompatCache

2011-05-30 16:33:14 . 2011-05-31 05:27:28 -------- d-----w- C:\Program Files\VS Revo Group

2011-05-29 16:07:52 . 2011-05-27 14:00:34 2338 ----a-w- C:\Documents and Settings\Shelly\unhide.bat

2011-05-29 16:07:52 . 2011-05-15 16:34:25 472 ----a-w- C:\Documents and Settings\Shelly\unhide.reg

2011-05-29 15:08:39 . 2011-05-29 15:08:39 -------- d-sh--w- C:\Documents and Settings\Shelly\PrivacIE

2011-05-27 12:27:58 . 2011-05-31 16:54:03 -------- d-----w- C:\WINDOWS\system32\drivers\AVG

2011-05-27 11:55:37 . 2011-05-27 11:55:37 -------- d-sh--w- C:\Documents and Settings\Shelly\IETldCache

2011-05-26 21:34:28 . 2010-12-20 22:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011-05-26 21:34:24 . 2011-05-26 21:34:30 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2011-05-26 21:34:24 . 2010-12-20 22:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2011-05-25 13:39:56 . 2011-05-25 13:39:56 -------- d-sh--w- C:\Documents and Settings\LocalService\IETldCache

2011-05-25 13:13:26 . 2011-05-25 13:13:26 -------- d-----w- C:\Documents and Settings\All Users\Application Data\bdch

2011-05-25 11:59:15 . 2011-05-25 12:09:24 -------- d-----w- C:\WINDOWS\BDOSCAN8

2011-05-25 11:57:04 . 2011-05-25 11:57:07 -------- d-sh--w- C:\Documents and Settings\Rich\PrivacIE

2011-05-25 11:53:11 . 2011-05-25 11:53:11 -------- d-sh--w- C:\Documents and Settings\Rich\IETldCache

2011-05-25 11:50:42 . 2011-05-25 11:50:42 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache

2011-05-25 11:33:16 . 2011-05-25 11:41:08 -------- dc----w- C:\WINDOWS\ie8

2011-05-25 11:24:59 . 2011-05-25 11:35:15 -------- d-----w- C:\c90852e77b64318d9926

2011-05-25 04:51:30 . 2011-05-25 04:51:30 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\QuickScan

2011-05-25 04:44:01 . 2011-05-25 04:44:01 -------- d-----w- C:\Documents and Settings\All Users\Application Data\BitDefender

2011-05-25 04:41:48 . 2011-05-25 04:41:48 -------- d-----w- C:\Documents and Settings\Rich\Application Data\Defender Pro

2011-05-25 04:39:22 . 2011-05-30 16:44:42 -------- d-----w- C:\Program Files\Defender Pro

2011-05-25 04:06:41 . 2011-05-25 04:06:41 -------- d-----w- C:\Documents and Settings\Rich\Application Data\QuickScan

2011-05-25 03:24:51 . 2011-05-25 04:40:48 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Defender Pro

2011-05-25 03:19:37 . 2011-05-25 13:30:31 100723 ----a-w- C:\Documents and Settings\All Users\Application Data\bdinstall.bin

2011-05-24 19:30:08 . 2011-05-24 19:30:08 388096 ----a-r- C:\Documents and Settings\Rich\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-24 19:30:07 . 2011-05-24 19:30:08 -------- d-----w- C:\Program Files\Trend Micro

2011-05-24 15:37:40 . 2011-05-24 15:37:40 -------- d-----w- C:\Documents and Settings\Rich\Application Data\Malwarebytes

2011-05-24 15:37:32 . 2011-05-24 15:37:32 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2011-05-23 22:03:18 . 2011-05-29 20:47:01 -------- d-----w- C:\Documents and Settings\Mrs. Holcomb

2011-05-23 22:00:01 . 2011-04-14 16:26:02 142296 ----a-w- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

2011-05-23 22:00:00 . 2011-04-14 16:26:03 711672 ----a-w- C:\Program Files\Mozilla Firefox\uninstall\helper.exe

2011-05-23 18:29:44 . 2005-09-20 14:31:32 135168 ----a-w- C:\WINDOWS\system32\igfxres.dll

2011-05-23 12:54:12 . 2011-05-23 12:54:12 -------- d-s---w- C:\Documents and Settings\LocalService\UserData

2011-05-23 06:12:06 . 2011-05-27 12:59:37 -------- d-----w- C:\Program Files\Spybot - Search & Destroy

2011-05-23 06:12:06 . 2011-05-27 12:56:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2011-05-23 05:10:30 . 2011-05-23 05:10:34 -------- d-----w- C:\Documents and Settings\Administrator

2011-05-23 03:40:17 . 2011-05-23 03:40:17 -------- d-sh--w- C:\Documents and Settings\NetworkService\UserData

2011-05-23 03:10:57 . 2004-08-04 12:00:00 79872 -c--a-w- C:\WINDOWS\system32\dllcache\rwia330.dll

2011-05-23 03:09:59 . 2004-08-04 12:00:00 7680 -c--a-w- C:\WINDOWS\system32\dllcache\kbdnecnt.dll

2011-05-23 03:08:56 . 2004-08-04 12:00:00 480256 -c--a-w- C:\WINDOWS\system32\dllcache\cintsetp.exe

2011-05-23 03:05:45 . 2004-08-04 12:00:00 16384 -c--a-w- C:\WINDOWS\system32\dllcache\isignup.exe

2011-05-23 03:05:45 . 2004-08-04 12:00:00 16384 ----a-w- C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe

2011-05-23 02:52:36 . 2004-08-04 12:00:00 24661 -c--a-w- C:\WINDOWS\system32\dllcache\spxcoins.dll

2011-05-23 02:52:36 . 2004-08-04 12:00:00 24661 ----a-w- C:\WINDOWS\system32\spxcoins.dll

2011-05-23 02:52:36 . 2004-08-04 12:00:00 13312 -c--a-w- C:\WINDOWS\system32\dllcache\irclass.dll

2011-05-23 02:52:36 . 2004-08-04 12:00:00 13312 ----a-w- C:\WINDOWS\system32\irclass.dll

2011-05-23 02:52:05 . 2004-08-04 12:00:00 13753 ----a-r- C:\WINDOWS\SETFB.tmp

2011-05-23 02:52:02 . 2004-08-04 12:00:00 1086058 ----a-r- C:\WINDOWS\SETEF.tmp

2011-05-23 02:52:00 . 2004-08-04 12:00:00 1042903 ----a-r- C:\WINDOWS\SETEC.tmp

2011-05-22 21:01:01 . 2011-05-24 05:17:59 0 ----a-w- C:\WINDOWS\Tnisisequp.bin

2011-05-22 21:00:59 . 2011-05-22 21:01:00 -------- d-----w- C:\Documents and Settings\Shelly\Local Settings\Application Data\{CDD9DDDC-A01B-4E75-B019-766CC1135A9D}

2011-05-20 02:54:04 . 2011-05-20 02:54:04 -------- d-----w- C:\Documents and Settings\Rich\Local Settings\Application Data\ArcSoft

2011-05-20 02:54:02 . 2011-05-20 02:54:32 -------- d-----w- C:\Documents and Settings\Rich\Application Data\ArcSoft

2011-05-19 13:15:19 . 2011-05-19 13:15:19 -------- d-----w- C:\Documents and Settings\Shelly\Local Settings\Application Data\ArcSoft

2011-05-19 13:14:38 . 2011-05-20 02:55:39 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ArcSoft

2011-05-19 13:13:32 . 2006-11-10 19:05:00 18688 ----a-w- C:\WINDOWS\system32\drivers\afc.sys

2011-05-19 13:13:27 . 2011-05-23 20:48:31 -------- d-----w- C:\Program Files\Common Files\ArcSoft

2011-05-19 13:13:05 . 2011-05-19 19:33:16 -------- d-----w- C:\Documents and Settings\Shelly\Application Data\ArcSoft

2011-05-04 17:10:58 . 2011-05-04 17:10:59 -------- d-----w- C:\WINDOWS\LMI9.tmp

2011-05-03 01:21:32 . 2011-05-03 01:21:32 -------- d-----w- C:\WINDOWS\ASTULogTemp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-04-15 01:28:42 . 2011-04-15 01:28:42 134480 ----a-w- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys

2011-04-05 04:59:56 . 2011-04-05 04:59:56 297168 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys

2011-03-16 20:03:20 . 2011-03-16 20:03:20 32592 ----a-w- C:\WINDOWS\system32\drivers\avgrkx86.sys

2011-03-07 02:08:13 . 2011-03-07 02:08:13 93552 ----a-w- C:\WINDOWS\system32\ElbyCDIO.dll

2011-03-07 00:52:09 . 2011-03-07 00:52:09 134512 ----a-w- C:\WINDOWS\system32\ElbyVCD.dll

2010-07-08 14:37:14 . 2010-07-08 14:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe

2011-04-14 16:26:02 . 2011-05-23 22:00:01 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 14:14:36 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2008-10-24 14:14:36 206112]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 14:14:38 79136]

"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 13:33:08 89456]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 14:35:40 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 14:32:24 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 14:36:20 114688]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-03-18 01:53:36 421888]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 15:45:14 35736]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 03:07:44 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

C:\Documents and Settings\Rich\Start Menu\Programs\Startup\

Dropbox.lnk - C:\Documents and Settings\Shelly\Application Data\Dropbox\bin\Dropbox.exe [N/A]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 02:41:34 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync\0C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^forteManager.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\forteManager.lnk

backup=C:\WINDOWS\pss\forteManager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Shelly^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=C:\Documents and Settings\Shelly\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Shelly^Start Menu^Programs^Startup^Yuuguu.lnk]

path=C:\Documents and Settings\Shelly\Start Menu\Programs\Startup\Yuuguu.lnk

backup=C:\WINDOWS\pss\Yuuguu.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 03:07:44 932288 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-11-20 03:29:16 623960 ----a-w- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-03-05 15:32:28 1135912 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 01:52:38 49152 ----a-w- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2008-10-24 14:14:36 206112 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-04-28 19:06:30 142120 ----a-w- E:\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 01:53:36 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44:46 248552 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"E:\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Documents and Settings\\Rich\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"E:\\iTunes.exe"=

"C:\\Documents and Settings\\Shelly\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=

"C:\\Documents and Settings\\Shelly\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"C:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"5910:TCP"= 5910:TCP:vnc5910

R0 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\drivers\AVGIDSEH.sys [02/22/2011 08:13:02 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\drivers\avgrkx86.sys [03/16/2011 16:03:20 32592]

R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [01/07/2011 06:41:46 248656]

R1 Avgtdix;AVG TDI Driver;C:\WINDOWS\system32\drivers\avgtdix.sys [04/05/2011 00:59:56 297168]

R3 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\system32\drivers\AVGIDSDriver.sys [04/14/2011 21:28:42 134480]

R3 AVGIDSFilter;AVGIDSFilter;C:\WINDOWS\system32\drivers\AVGIDSFilter.sys [02/10/2011 07:53:52 24144]

R3 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\drivers\AVGIDSShim.sys [02/10/2011 07:53:54 27216]

R3 BENDER;Pinnacle AV/DV2 Capture;C:\WINDOWS\system32\drivers\bender.sys [11/21/2006 14:34:24 203264]

S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]

S2 avgwd;AVG WatchDog;"C:\Program Files\AVG\AVG10\avgwdsvc.exe" --> C:\Program Files\AVG\AVG10\avgwdsvc.exe [?]

S2 CrossLoopService;CrossLoop Service;C:\Documents and Settings\Shelly\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [03/10/2011 21:17:17 560848]

S3 LGDDCDevice;LGDDCDevice;C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys [03/08/2011 09:05:25 14336]

S3 LGII2CDevice;LGII2CDevice;C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys [03/08/2011 09:05:25 18432]

S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\drivers\nuvvid2.sys [06/01/2010 14:40:23 153760]

S3 tvnserver;TightVNC Server;C:\Documents and Settings\Shelly\Local Settings\Application Data\CrossLoop\tvnserver.exe [03/10/2011 21:17:17 814080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - C:\Documents and Settings\Shelly\Application Data\Mozilla\Firefox\Profiles\0j631dmk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKCU-Run-kJoCBjsHlcALP - C:\Documents and Settings\All Users\Application Data\kJoCBjsHlcALP.exe

HKCU-Run-Qdoduvonejecuxiq - C:\WINDOWS\mshovct.dll

HKLM-Run-BDAgent - C:\Program Files\Defender Pro\Defender Pro 15-in-1\bdagent.exe

HKLM-Run-Defender Pro Antiphishing Helper - C:\Program Files\Defender Pro\Defender Pro 15-in-1\ieshow.exe

HKLM-Run-AVG_TRAY - C:\Program Files\AVG\AVG10\avgtray.exe

MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-InCD - C:\Program Files\Nero\Nero 7\InCD\InCD.exe

MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

MSConfigStartUp-RoxWatchTray - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

MSConfigStartUp-SecurDisc - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Shelly at 16:37:54 on 2011-05-31

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.372 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Shelly\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

uRun: [kJoCBjsHlcALP] c:\documents and settings\all users\application data\kJoCBjsHlcALP.exe

uRun: [Qdoduvonejecuxiq] rundll32.exe "c:\windows\mshovct.dll",Startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [bDAgent] "c:\program files\defender pro\defender pro 15-in-1\bdagent.exe"

mRun: [Defender Pro Antiphishing Helper] "c:\program files\defender pro\defender pro 15-in-1\ieshow.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNTEwMzU1NjA4LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzItTElDKzItRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VQKzMtU1AxUzIrMQ"&"prod=90"&"ver=10.0.1375

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306800289906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\shelly\application data\mozilla\firefox\profiles\0j631dmk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-21 203264]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]

S2 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?]

S2 CrossLoopService;CrossLoop Service;c:\documents and settings\shelly\local settings\application data\crossloop\CrossLoopService.exe [2011-3-10 560848]

S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2011-3-8 14336]

S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2011-3-8 18432]

S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2010-6-1 153760]

S3 tvnserver;TightVNC Server;c:\documents and settings\shelly\local settings\application data\crossloop\tvnserver.exe [2011-3-10 814080]

.

=============== Created Last 30 ================

.

2011-05-31 19:55:06 -------- d-sha-r- C:\cmdcons

2011-05-31 19:45:02 98816 ----a-w- c:\windows\sed.exe

2011-05-31 19:45:02 518144 ----a-w- c:\windows\SWREG.exe

2011-05-31 19:45:02 256512 ----a-w- c:\windows\PEV.exe

2011-05-31 19:45:02 208896 ----a-w- c:\windows\MBR.exe

2011-05-31 19:44:26 -------- d-----w- C:\ComboFix

2011-05-31 15:08:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-31 03:03:05 -------- d-----w- c:\program files\MSXML 6.0

2011-05-31 02:32:08 -------- d-----w- c:\windows\ie8updates

2011-05-31 01:55:06 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-05-31 01:54:09 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2011-05-31 01:53:07 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-05-31 01:52:55 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-05-31 01:52:11 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2011-05-31 01:50:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2011-05-31 01:50:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2011-05-31 01:49:29 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2011-05-31 01:49:28 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2011-05-31 01:49:27 110592 -c----w- c:\windows\system32\dllcache\services.exe

2011-05-31 01:49:26 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2011-05-31 01:49:25 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2011-05-31 01:49:24 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-05-31 01:49:22 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2011-05-31 01:49:21 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2011-05-31 01:49:12 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-05-31 01:49:06 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-05-31 01:48:54 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-05-31 01:44:13 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2011-05-31 01:43:36 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-05-31 01:43:36 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-05-31 01:43:32 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-05-31 01:43:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-05-31 01:43:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-05-31 01:43:11 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-05-31 01:41:58 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-05-31 01:33:32 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-05-31 00:53:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2011-05-31 00:53:26 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2011-05-31 00:49:24 81920 ------w- c:\windows\system32\ieencode.dll

2011-05-31 00:48:33 19569 ----a-w- c:\windows\003052_.tmp

2011-05-31 00:47:53 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2011-05-31 00:20:12 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2011-05-30 23:15:13 -------- d-----w- c:\documents and settings\shelly\application data\Malwarebytes

2011-05-30 21:39:25 -------- d-sh--w- c:\documents and settings\shelly\IECompatCache

2011-05-30 16:33:14 -------- d-----w- c:\program files\VS Revo Group

2011-05-29 16:07:52 472 ----a-w- c:\documents and settings\shelly\unhide.reg

2011-05-29 16:07:52 2338 ----a-w- c:\documents and settings\shelly\unhide.bat

2011-05-29 15:08:39 -------- d-sh--w- c:\documents and settings\shelly\PrivacIE

2011-05-27 12:27:58 -------- d-----w- c:\windows\system32\drivers\AVG

2011-05-27 11:55:37 -------- d-sh--w- c:\documents and settings\shelly\IETldCache

2011-05-26 21:34:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-26 21:34:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-26 21:34:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-25 13:13:26 -------- d-----w- c:\documents and settings\all users\application data\bdch

2011-05-25 11:33:16 -------- dc----w- c:\windows\ie8

2011-05-25 11:24:59 -------- d-----w- C:\c90852e77b64318d9926

2011-05-25 04:44:01 -------- d-----w- c:\documents and settings\all users\application data\BitDefender

2011-05-25 04:39:22 -------- d-----w- c:\program files\Defender Pro

2011-05-25 03:24:51 -------- d-----w- c:\documents and settings\all users\application data\Defender Pro

2011-05-25 03:19:37 100723 ----a-w- c:\documents and settings\all users\application data\bdinstall.bin

2011-05-24 19:30:07 -------- d-----w- c:\program files\Trend Micro

2011-05-24 15:37:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-05-23 22:00:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-23 22:00:00 711672 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2011-05-23 18:29:44 135168 ----a-w- c:\windows\system32\igfxres.dll

2011-05-23 06:12:06 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-05-23 06:12:06 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-05-23 03:10:57 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll

2011-05-23 03:09:59 7680 -c--a-w- c:\windows\system32\dllcache\kbdnecnt.dll

2011-05-23 03:08:56 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe

2011-05-23 03:05:45 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2011-05-23 03:05:45 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe

2011-05-23 02:52:36 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2011-05-23 02:52:36 24661 ----a-w- c:\windows\system32\spxcoins.dll

2011-05-23 02:52:36 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2011-05-23 02:52:36 13312 ----a-w- c:\windows\system32\irclass.dll

2011-05-23 02:52:05 13753 ----a-r- c:\windows\SETFB.tmp

2011-05-23 02:52:02 1086058 ----a-r- c:\windows\SETEF.tmp

2011-05-23 02:52:00 1042903 ----a-r- c:\windows\SETEC.tmp

2011-05-22 21:01:01 0 ----a-w- c:\windows\Tnisisequp.bin

2011-05-22 21:00:59 -------- d-----w- c:\documents and settings\shelly\local settings\application data\{CDD9DDDC-A01B-4E75-B019-766CC1135A9D}

2011-05-19 13:15:19 -------- d-----w- c:\documents and settings\shelly\local settings\application data\ArcSoft

2011-05-19 13:14:38 -------- d-----w- c:\documents and settings\all users\application data\ArcSoft

2011-05-19 13:13:32 18688 ----a-w- c:\windows\system32\drivers\afc.sys

2011-05-04 17:10:58 -------- d-----w- c:\windows\LMI9.tmp

2011-05-03 01:21:32 -------- d-----w- c:\windows\ASTULogTemp

.

==================== Find3M ====================

.

2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-03-07 02:08:13 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll

2011-03-07 00:52:09 134512 ----a-w- c:\windows\system32\ElbyVCD.dll

2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

.

============= FINISH: 16:38:14.76 ===============

Link to post
Share on other sites

  • Staff

Hi,

Leave AVG uninstalled until we are all the way through.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

DDS::
uRun: [kJoCBjsHlcALP] c:\documents and settings\all users\application data\kJoCBjsHlcALP.exe
uRun: [Qdoduvonejecuxiq] rundll32.exe "c:\windows\mshovct.dll",Startup
KILLALL::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

OK, did as requested.

Here are the Combofix log and DDS log.

ComboFix 11-05-31.01 - Shelly 05/31/2011 21:41:23.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.671 [GMT -4:00]

Running from: c:\documents and settings\Shelly\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Shelly\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Mrs. Holcomb\Local Settings\Application Data\{4C79B0D2-E4A2-4EA6-B7E9-87FD8FB1286C}

c:\documents and settings\Mrs. Holcomb\Local Settings\Application Data\{4C79B0D2-E4A2-4EA6-B7E9-87FD8FB1286C}\chrome.manifest

c:\documents and settings\Mrs. Holcomb\Local Settings\Application Data\{4C79B0D2-E4A2-4EA6-B7E9-87FD8FB1286C}\chrome\content\_cfg.js

c:\documents and settings\Mrs. Holcomb\Local Settings\Application Data\{4C79B0D2-E4A2-4EA6-B7E9-87FD8FB1286C}\chrome\content\overlay.xul

c:\documents and settings\Mrs. Holcomb\Local Settings\Application Data\{4C79B0D2-E4A2-4EA6-B7E9-87FD8FB1286C}\install.rdf

c:\documents and settings\Rich\Application Data\Dealio

c:\documents and settings\Rich\Application Data\Dealio\res\widgets.xml

c:\documents and settings\Rich\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml

c:\documents and settings\Rich\Desktop\Scanner.lnk

c:\documents and settings\Rich\Local Settings\Application Data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}

c:\documents and settings\Rich\Local Settings\Application Data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}\chrome.manifest

c:\documents and settings\Rich\Local Settings\Application Data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}\chrome\content\_cfg.js

c:\documents and settings\Rich\Local Settings\Application Data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}\chrome\content\overlay.xul

c:\documents and settings\Rich\Local Settings\Application Data\{BAA8212F-E423-4A81-ABCE-E12CD64784BE}\install.rdf

c:\documents and settings\Rich\WINDOWS

c:\documents and settings\Shelly\Application Data\Adobe\plugs

c:\documents and settings\Shelly\Application Data\Adobe\shed

c:\documents and settings\Shelly\Application Data\Adobe\shed\thr1.chm

c:\documents and settings\Shelly\g2mdlhlpx.exe

c:\documents and settings\Shelly\grep.exe

c:\documents and settings\Shelly\pev.exe

c:\documents and settings\Shelly\sed.exe

c:\documents and settings\Shelly\setpath.exe

c:\documents and settings\Shelly\WINDOWS

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

E:\Autorun.inf

E:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))

.

.

2011-05-31 21:17 . 2011-06-01 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-05-31 15:08 . 2011-05-31 15:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-31 14:35 . 2011-05-31 14:35 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-05-31 03:03 . 2011-05-31 03:03 -------- d-----w- c:\program files\MSXML 6.0

2011-05-31 01:55 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-05-31 01:54 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2011-05-31 01:53 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-05-31 01:52 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-05-31 01:52 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2011-05-31 01:50 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2011-05-31 01:50 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2011-05-31 01:49 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2011-05-31 01:49 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2011-05-31 01:49 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2011-05-31 01:49 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2011-05-31 01:49 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2011-05-31 01:49 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-05-31 01:49 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2011-05-31 01:49 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2011-05-31 01:49 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-05-31 01:49 . 2010-02-17 13:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-05-31 01:48 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-05-31 01:44 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2011-05-31 01:43 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-05-31 01:43 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-05-31 01:43 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-05-31 01:43 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-05-31 01:43 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-05-31 01:43 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-05-31 01:41 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-05-31 01:33 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-05-31 00:53 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2011-05-31 00:53 . 2009-07-31 14:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2011-05-31 00:49 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll

2011-05-31 00:48 . 2006-12-28 19:01 19569 ----a-w- c:\windows\003052_.tmp

2011-05-31 00:47 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2011-05-31 00:20 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2011-05-30 23:15 . 2011-05-30 23:15 -------- d-----w- c:\documents and settings\Shelly\Application Data\Malwarebytes

2011-05-30 21:39 . 2011-05-30 21:39 -------- d-sh--w- c:\documents and settings\Shelly\IECompatCache

2011-05-30 16:33 . 2011-05-31 05:27 -------- d-----w- c:\program files\VS Revo Group

2011-05-29 16:07 . 2011-05-27 14:00 2338 ----a-w- c:\documents and settings\Shelly\unhide.bat

2011-05-29 16:07 . 2011-05-15 16:34 472 ----a-w- c:\documents and settings\Shelly\unhide.reg

2011-05-29 15:08 . 2011-05-29 15:08 -------- d-sh--w- c:\documents and settings\Shelly\PrivacIE

2011-05-27 11:55 . 2011-05-27 11:55 -------- d-sh--w- c:\documents and settings\Shelly\IETldCache

2011-05-26 21:34 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-26 21:34 . 2011-05-26 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-26 21:34 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-25 13:39 . 2011-05-25 13:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-05-25 13:13 . 2011-05-25 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\bdch

2011-05-25 11:59 . 2011-05-25 12:09 -------- d-----w- c:\windows\BDOSCAN8

2011-05-25 11:57 . 2011-05-25 11:57 -------- d-sh--w- c:\documents and settings\Rich\PrivacIE

2011-05-25 11:53 . 2011-05-25 11:53 -------- d-sh--w- c:\documents and settings\Rich\IETldCache

2011-05-25 11:50 . 2011-05-25 11:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-05-25 11:33 . 2011-05-25 11:41 -------- dc----w- c:\windows\ie8

2011-05-25 11:24 . 2011-05-25 11:35 -------- d-----w- C:\c90852e77b64318d9926

2011-05-25 04:51 . 2011-05-25 04:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan

2011-05-25 04:44 . 2011-05-25 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2011-05-25 04:41 . 2011-05-25 04:41 -------- d-----w- c:\documents and settings\Rich\Application Data\Defender Pro

2011-05-25 04:39 . 2011-05-30 16:44 -------- d-----w- c:\program files\Defender Pro

2011-05-25 04:06 . 2011-05-25 04:06 -------- d-----w- c:\documents and settings\Rich\Application Data\QuickScan

2011-05-25 03:24 . 2011-05-25 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Defender Pro

2011-05-25 03:19 . 2011-05-25 13:30 100723 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin

2011-05-24 19:30 . 2011-05-24 19:30 388096 ----a-r- c:\documents and settings\Rich\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-24 19:30 . 2011-05-24 19:30 -------- d-----w- c:\program files\Trend Micro

2011-05-24 15:37 . 2011-05-24 15:37 -------- d-----w- c:\documents and settings\Rich\Application Data\Malwarebytes

2011-05-24 15:37 . 2011-05-24 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-23 22:00 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-05-23 22:00 . 2011-04-14 16:26 711672 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe

2011-05-23 18:29 . 2005-09-20 14:31 135168 ----a-w- c:\windows\system32\igfxres.dll

2011-05-23 12:54 . 2011-05-23 12:54 -------- d-s---w- c:\documents and settings\LocalService\UserData

2011-05-23 06:12 . 2011-05-27 12:59 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-05-23 06:12 . 2011-05-27 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-05-23 05:10 . 2011-05-23 05:10 -------- d-----w- c:\documents and settings\Administrator

2011-05-23 03:40 . 2011-05-23 03:40 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

2011-05-23 03:10 . 2004-08-04 12:00 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll

2011-05-23 03:09 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\kbdnecnt.dll

2011-05-23 03:08 . 2004-08-04 12:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe

2011-05-23 03:05 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2011-05-23 03:05 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe

2011-05-23 02:52 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2011-05-23 02:52 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2011-05-23 02:52 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2011-05-23 02:52 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2011-05-23 02:52 . 2004-08-04 12:00 13753 ----a-r- c:\windows\SETFB.tmp

2011-05-23 02:52 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SETEF.tmp

2011-05-23 02:52 . 2004-08-04 12:00 1042903 ----a-r- c:\windows\SETEC.tmp

2011-05-22 21:01 . 2011-05-24 05:17 0 ----a-w- c:\windows\Tnisisequp.bin

2011-05-22 21:00 . 2011-05-22 21:01 -------- d-----w- c:\documents and settings\Shelly\Local Settings\Application Data\{CDD9DDDC-A01B-4E75-B019-766CC1135A9D}

2011-05-20 02:54 . 2011-05-20 02:54 -------- d-----w- c:\documents and settings\Rich\Local Settings\Application Data\ArcSoft

2011-05-20 02:54 . 2011-05-20 02:54 -------- d-----w- c:\documents and settings\Rich\Application Data\ArcSoft

2011-05-19 13:15 . 2011-05-19 13:15 -------- d-----w- c:\documents and settings\Shelly\Local Settings\Application Data\ArcSoft

2011-05-19 13:14 . 2011-05-20 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft

2011-05-19 13:13 . 2006-11-10 19:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys

2011-05-19 13:13 . 2011-05-23 20:48 -------- d-----w- c:\program files\Common Files\ArcSoft

2011-05-19 13:13 . 2011-05-19 19:33 -------- d-----w- c:\documents and settings\Shelly\Application Data\ArcSoft

2011-05-04 17:10 . 2011-05-04 17:10 -------- d-----w- c:\windows\LMI9.tmp

2011-05-03 01:21 . 2011-05-03 01:21 -------- d-----w- c:\windows\ASTULogTemp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 02:08 . 2011-03-07 02:08 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll

2011-03-07 00:52 . 2011-03-07 00:52 134512 ----a-w- c:\windows\system32\ElbyVCD.dll

2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

2011-04-14 16:26 . 2011-05-23 22:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2008-10-24 206112]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

.

c:\documents and settings\Rich\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Shelly\Application Data\Dropbox\bin\Dropbox.exe [N/A]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^forteManager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\forteManager.lnk

backup=c:\windows\pss\forteManager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Shelly^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\documents and settings\Shelly\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Shelly^Start Menu^Programs^Startup^Yuuguu.lnk]

path=c:\documents and settings\Shelly\Start Menu\Programs\Startup\Yuuguu.lnk

backup=c:\windows\pss\Yuuguu.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-11-20 03:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

c:\program files\Nero\Nero 7\InCD\InCD.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2008-10-24 14:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-04-28 19:06 142120 ----a-w- E:\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

c:\program files\Nero\Nero 7\InCD\NBHGui.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"e:\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Documents and Settings\\Rich\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"e:\\iTunes.exe"=

"c:\\Documents and Settings\\Shelly\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=

"c:\\Documents and Settings\\Shelly\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"5910:TCP"= 5910:TCP:vnc5910

.

R2 CrossLoopService;CrossLoop Service;c:\documents and settings\Shelly\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [03/10/2011 21:17 560848]

R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [11/21/2006 14:34 203264]

S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [03/08/2011 09:05 14336]

S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [03/08/2011 09:05 18432]

S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [06/01/2010 14:40 153760]

S3 tvnserver;TightVNC Server;c:\documents and settings\Shelly\Local Settings\Application Data\CrossLoop\tvnserver.exe [03/10/2011 21:17 814080]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\documents and settings\Shelly\Application Data\Mozilla\Firefox\Profiles\0j631dmk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

MSConfigStartUp-BDAgent - c:\program files\Defender Pro\Defender Pro 15-in-1\bdagent.exe

MSConfigStartUp-Defender Pro Antiphishing Helper - c:\program files\Defender Pro\Defender Pro 15-in-1\ieshow.exe

MSConfigStartUp-kJoCBjsHlcALP - c:\documents and settings\All Users\Application Data\kJoCBjsHlcALP.exe

MSConfigStartUp-Qdoduvonejecuxiq - c:\windows\mshovct.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-31 21:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3340)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\msiexec.exe

c:\program files\Microsoft ActiveSync\wcescomm.exe

c:\progra~1\MICROS~4\rapimgr.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Internet Explorer\iexplore.exe

c:\windows\system32\MsiExec.exe

.

**************************************************************************

.

Completion time: 2011-05-31 22:07:30 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-01 02:07

.

Pre-Run: 6,068,006,912 bytes free

Post-Run: 6,069,714,944 bytes free

.

- - End Of File - - D96C240A026C12819E07ACE5EC17B2C0

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Shelly at 22:08:49 on 2011-05-31

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.595 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\Shelly\Local Settings\Application Data\CrossLoop\CrossLoopService.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Shelly\Desktop\dds.scr

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNTEwMzU1NjA4LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzItTElDKzItRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VQKzMtU1AxUzIrMS1TUDFTMysx"&"prod=90"&"ver=10.0.1375

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306800289906

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\shelly\application data\mozilla\firefox\profiles\0j631dmk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

============= SERVICES / DRIVERS ===============

.

R2 CrossLoopService;CrossLoop Service;c:\documents and settings\shelly\local settings\application data\crossloop\CrossLoopService.exe [2011-3-10 560848]

R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-21 203264]

S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2011-3-8 14336]

S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2011-3-8 18432]

S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2010-6-1 153760]

S3 tvnserver;TightVNC Server;c:\documents and settings\shelly\local settings\application data\crossloop\tvnserver.exe [2011-3-10 814080]

.

=============== Created Last 30 ================

.

2011-05-31 21:17:09 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-05-31 19:55:06 -------- d-sha-r- C:\cmdcons

2011-05-31 19:45:02 98816 ----a-w- c:\windows\sed.exe

2011-05-31 19:45:02 518144 ----a-w- c:\windows\SWREG.exe

2011-05-31 19:45:02 256512 ----a-w- c:\windows\PEV.exe

2011-05-31 19:45:02 208896 ----a-w- c:\windows\MBR.exe

2011-05-31 15:08:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-31 03:03:05 -------- d-----w- c:\program files\MSXML 6.0

2011-05-31 02:32:08 -------- d-----w- c:\windows\ie8updates

2011-05-31 01:55:06 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-05-31 01:54:09 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2011-05-31 01:53:07 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-05-31 01:52:55 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-05-31 01:52:11 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2011-05-31 01:50:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2011-05-31 01:50:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2011-05-31 01:49:29 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2011-05-31 01:49:28 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2011-05-31 01:49:27 110592 -c----w- c:\windows\system32\dllcache\services.exe

2011-05-31 01:49:26 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2011-05-31 01:49:25 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2011-05-31 01:49:24 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-05-31 01:49:22 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2011-05-31 01:49:21 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2011-05-31 01:49:12 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-05-31 01:49:06 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-05-31 01:48:54 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-05-31 01:44:13 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2011-05-31 01:43:36 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-05-31 01:43:36 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-05-31 01:43:32 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-05-31 01:43:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-05-31 01:43:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-05-31 01:43:11 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-05-31 01:41:58 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-05-31 01:33:32 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-05-31 00:53:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2011-05-31 00:53:26 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2011-05-31 00:49:24 81920 ------w- c:\windows\system32\ieencode.dll

2011-05-31 00:48:33 19569 ----a-w- c:\windows\003052_.tmp

2011-05-31 00:47:53 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2011-05-31 00:20:12 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2011-05-30 23:15:13 -------- d-----w- c:\documents and settings\shelly\application data\Malwarebytes

2011-05-30 21:39:25 -------- d-sh--w- c:\documents and settings\shelly\IECompatCache

2011-05-30 16:33:14 -------- d-----w- c:\program files\VS Revo Group

2011-05-29 16:07:52 472 ----a-w- c:\documents and settings\shelly\unhide.reg

2011-05-29 16:07:52 2338 ----a-w- c:\documents and settings\shelly\unhide.bat

2011-05-29 15:08:39 -------- d-sh--w- c:\documents and settings\shelly\PrivacIE

2011-05-27 11:55:37 -------- d-sh--w- c:\documents and settings\shelly\IETldCache

2011-05-26 21:34:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-26 21:34:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-26 21:34:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-25 13:13:26 -------- d-----w- c:\documents and settings\all users\application data\bdch

2011-05-25 11:33:16 -------- dc----w- c:\windows\ie8

2011-05-25 11:24:59 -------- d-----w- C:\c90852e77b64318d9926

2011-05-25 04:44:01 -------- d-----w- c:\documents and settings\all users\application data\BitDefender

2011-05-25 04:39:22 -------- d-----w- c:\program files\Defender Pro

2011-05-25 03:24:51 -------- d-----w- c:\documents and settings\all users\application data\Defender Pro

2011-05-25 03:19:37 100723 ----a-w- c:\documents and settings\all users\application data\bdinstall.bin

2011-05-24 19:30:07 -------- d-----w- c:\program files\Trend Micro

2011-05-24 15:37:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-05-23 22:00:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-23 22:00:00 711672 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2011-05-23 18:29:44 135168 ----a-w- c:\windows\system32\igfxres.dll

2011-05-23 06:12:06 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-05-23 06:12:06 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-05-23 03:10:57 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll

2011-05-23 03:09:59 7680 -c--a-w- c:\windows\system32\dllcache\kbdnecnt.dll

2011-05-23 03:08:56 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe

2011-05-23 03:05:45 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2011-05-23 03:05:45 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe

2011-05-23 02:52:36 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2011-05-23 02:52:36 24661 ----a-w- c:\windows\system32\spxcoins.dll

2011-05-23 02:52:36 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2011-05-23 02:52:36 13312 ----a-w- c:\windows\system32\irclass.dll

2011-05-23 02:52:05 13753 ----a-r- c:\windows\SETFB.tmp

2011-05-23 02:52:02 1086058 ----a-r- c:\windows\SETEF.tmp

2011-05-23 02:52:00 1042903 ----a-r- c:\windows\SETEC.tmp

2011-05-22 21:01:01 0 ----a-w- c:\windows\Tnisisequp.bin

2011-05-22 21:00:59 -------- d-----w- c:\documents and settings\shelly\local settings\application data\{CDD9DDDC-A01B-4E75-B019-766CC1135A9D}

2011-05-19 13:15:19 -------- d-----w- c:\documents and settings\shelly\local settings\application data\ArcSoft

2011-05-19 13:14:38 -------- d-----w- c:\documents and settings\all users\application data\ArcSoft

2011-05-19 13:13:32 18688 ----a-w- c:\windows\system32\drivers\afc.sys

2011-05-04 17:10:58 -------- d-----w- c:\windows\LMI9.tmp

2011-05-03 01:21:32 -------- d-----w- c:\windows\ASTULogTemp

.

==================== Find3M ====================

.

2011-03-07 02:08:13 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll

2011-03-07 00:52:09 134512 ----a-w- c:\windows\system32\ElbyVCD.dll

2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

.

============= FINISH: 22:09:13.54 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Okay, here you go.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6522

# api_version=3.0.2

# EOSSerial=a7e9e3f9565d8c4cb39bb80a78b4396e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-06 04:01:32

# local_time=2011-06-06 12:01:32 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 177958 177958 0 0

# compatibility_mode=1029 16777214 0 1 14805452 14805452 0 0

# compatibility_mode=4864 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=167206

# found=2

# cleaned=2

# scan_time=11128

C:\Documents and Settings\Shelly\Application Data\Sun\Java\Deployment\cache\6.0\5\7c18d505-5a69a22e a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Shelly\Application Data\Sun\Java\Deployment\cache\6.0\5\7c18d505-7925b406 a variant of Java/TrojanDownloader.OpenStream.NCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.12

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player

Adobe Reader X (10.0.1)

Mozilla Firefox (x86 en-US..)

Mozilla Thunderbird (3.1.9)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Computer has been running okay lately although I am eagerly waiting your "all clear" declaration and waiting for you to tell me it is okay to reinstall AVG antivirus, remember I still do not have an antivirus installed because Combofix required me to uninstall. Obviously I am skittish about not having one installed right now.

Finally the computer is not "whirring" 100% of the time. I take that as a good sign.

Thanks again for your help.

Link to post
Share on other sites

  • Staff

Hi,

Please download ATF Cleaner by Atribune from here, and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the whole lot, check Select All.

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Restart your computer.

Here is my antivirus recommendation list.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials (what I use)

AntiVir

avast!.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

OK, I did all the above. I installed antivirus. I installed Java because that had not been installed yet ever since you asked me to do that (when I tried to before, it wouldn't let me and kept telling me that something else was installing while I tried to install the Java).

Everything seems a-ok. Thanks a lot for all of your help.

Link to post
Share on other sites

  • Staff

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.