Jump to content

XP Security 2012 / Resident Shield Alert


Recommended Posts

About a week and a half ago, my desktop was infected with XP Security 2012. I was able to remove it by identifying and renaming the 3 letter exe file (changed it to ._dl) and then fixing the registry and then running Malwarebytes, which then purported to remove the virus. After the removal, while the XP Security 2012 warnings didn't pop up anymore, my Google searches kept diverting to other websites. A few days later, XP 2012 came back; I removed it again. Then I started getting "Resident Shield Alert" and "AVG Resident Shield Alert" warnings, and then XP 2012 came back again. I was able to remove them with Malwarebytes. Clearly this sucker is lurking somewhere in my computer, and I have run a host of virus scans, which cannot identify the virus when it is temporarily dormant, only to pop up again in a few days.

Here is some of the log info. Please let me know if you need anymore information, and thanks so much in advance.

--Andrew

From DDS.txt (Malwarebytes log below; attach.txt is zipped and attached as requested). I ran the GMER Rootkit Scanner several times but the program just stops and closes and I have no option to save the log.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Run by Andrew & Una at 16:41:58 on 2011-07-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1117 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UIUCU.EXE

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\PC Tools Security\BDT\FGuard.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Brownie\brpjp04a.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:55333

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [uIUCU] c:\docume~1\admini~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S

mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"

mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI

mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

Trusted Zone: dpw.com\newyork

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174537892913

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{F029A846-7AAF-4804-AF6B-F8F5DD0D83F9} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\andrew & una\application data\mozilla\firefox\profiles\7tcgmxqx.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 55333

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-7-9 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-7-9 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-7-9 656320]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-7-9 233976]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-7-9 337872]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-20 366640]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-7-9 371472]

R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-7-9 1117144]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-20 22712]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-20 39984]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

.

=============== Created Last 30 ================

.

2011-07-10 18:45:15 352256 ----a-w- c:\documents and settings\andrew & una\local settings\application data\ctl._dl

2011-07-10 13:53:18 -------- d-----w- c:\documents and settings\andrew & una\local settings\application data\Threat Expert

2011-07-10 13:28:16 -------- d-----w- c:\documents and settings\andrew & una\application data\AVG10

2011-07-10 13:24:51 -------- d-----w- c:\windows\system32\drivers\AVG

2011-07-10 13:24:51 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-07-10 13:14:38 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-07-10 13:11:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-10 13:10:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-07-10 13:10:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-07-10 13:10:25 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-07-10 13:10:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-07-10 13:10:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-07-10 13:10:25 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-07-10 13:10:25 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-07-10 13:10:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-07-09 22:55:05 767952 ----a-w- c:\windows\BDTSupport.dll

2011-07-09 22:55:03 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-07-09 22:55:02 2078672 ----a-w- c:\windows\PCTBDCore.dll

2011-07-09 22:55:02 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-07-09 22:53:50 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-07-09 22:53:50 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-07-09 22:53:48 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-07-09 22:53:39 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-07-09 22:53:39 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-07-09 22:53:36 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-07-09 22:53:33 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-07-09 22:53:24 -------- d-----w- c:\program files\common files\PC Tools

2011-07-09 22:53:23 -------- d-----w- c:\program files\PC Tools Security

2011-07-09 22:51:58 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-07-06 00:19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-07-06 00:19:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-06-29 23:35:25 711728 ----a-w- c:\windows\is-3J77F.exe

2011-06-29 23:34:06 354 ----a-w- C:\fix.reg

2011-06-29 09:24:26 179 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33448921.bat

2011-06-29 09:24:14 177 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33436921.bat

2011-06-29 09:23:52 139 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33415171.bat

2011-06-29 09:23:31 205 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33394218.bat

2011-06-28 03:20:08 -------- d-----w- C:\Microsoft

2011-06-28 03:17:39 -------- d-----w- C:\Adobe

2011-06-28 03:08:18 -------- d-----w- C:\BlueFlare Antivirus

2011-06-28 03:05:53 -------- d--h--w- C:\$AVG

2011-06-16 07:29:08 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras

2011-06-16 07:02:41 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 01:22:25 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

.

============= FINISH: 16:44:22.70 ===============

From Malwarebytes log (most recent):

alwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7060

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/10/2011 4:29:28 PM

mbam-log-2011-07-10 (16-29-28).txt

Scan type: Full scan (C:\|)

Objects scanned: 265458

Time elapsed: 1 hour(s), 28 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 7

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\820274501 (Trojan.FakeAlert) -> Value: 820274501 -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Andrew & Una\Local Settings\Application Data\ctl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Andrew & Una\Local Settings\Application Data\ctl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Andrew & Una\Local Settings\Application Data\ctl.exe" -a "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("%1"%*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\andrew & una\local settings\Temp\0.577127414324346.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

attach.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Please don't attach the scans / logs, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

  • Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  • Then save the file as "fixme.bat" to your Desktop
  • In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
    @ECHO OFF
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
    netsh int ip reset resetlog.txt
    netsh winsock reset catalog


  • On Windows XP you can double-click the file to run it.
  • On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  • This will flash a black DOS box very quickly and go away, this is normal.
  • Restart your computer now.
  • Launch Internet Explorer and see if you can connect to the Internet.
  • Launch MBAM and check for Updates

Link to post
Share on other sites

Thanks. I followed your instructions. Just fyi, the proxy settings were already set to "no proxy." The original virus I had caused that problem but the subsequent infections have not changed the proxy settings. Also, I should have mentioned that the virus prevents me from turning on Automatic Updates for Windows. I tried to download directly from Microsoft's website, but the virus is apparently blocking me from accessing that specific web page. I can get to other websites that I want. Prior to getting your email, I had already downloaded the latest version of Malwarebytes, ran it, and found the virus came back. I removed it with Malwarebytes. Since getting your email, there were no new versions of Malwarebytes, and I re-ran a quick scan, results below.

I am still getting redirected from websites and still can't turn on Automatic Updates. Please let me know what is next. Thanks in advance.

* * *

Here was the most recent Malwarebytes log, followed by the one that ID'd and removed the virus earlier today, followed by my AVG Resident Shield scan detection:

Most recent Malwarebytes quick scan:

Database version: 7092

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/12/2011 8:42:14 PM

mbam-log-2011-07-12 (20-42-14).txt

Scan type: Quick scan

Objects scanned: 186440

Time elapsed: 13 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the scan that picked up the virus earlier today (full scan):

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7092

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

7/12/2011 8:12:00 PM

mbam-log-2011-07-12 (20-12-00).txt

Scan type: Quick scan

Objects scanned: 186244

Time elapsed: 14 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\andrew & una\local settings\Temp\jar_cache1875157683955176062.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\andrew & una\local settings\Temp\jar_cache722322918722206046.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\andrew & una\local settings\application data\ctl._dl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Finally, here is my AVG log, which detected suspicious activity, for whatever it is worth:

Resident Shield detection

Infection;"Object";"Result";"Detection time";"Object Type";"Process"

Virus found JS/Agent;"c:\Documents and Settings\Andrew & Una\Local Settings\Temporary Internet Files\Content.IE5\5YOIWVJE\java_trust[1].htm";"Moved to Virus Vault";"7/12/2011, 8:33:20 PM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

Virus found JS/Agent;"c:\Documents and Settings\Andrew & Una\Local Settings\Temporary Internet Files\Content.IE5\5YOIWVJE\java_trust[1].htm";"Object is inaccessible.";"7/12/2011, 6:27:52 PM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

Trojan horse Generic23.AYLL;"c:\System Volume Information\_restore{773B7E7F-0214-4084-BD5B-0E2B383584BA}\RP1367\A0139628.exe";"Moved to Virus Vault";"7/10/2011, 5:51:39 PM";"file";"C:\Program Files\PC Tools Security\pctsSvc.exe"

Trojan horse Generic23.AYLL;"c:\System Volume Information\_restore{773B7E7F-0214-4084-BD5B-0E2B383584BA}\RP1367\A0139628.exe";"Object is inaccessible.";"7/10/2011, 4:04:15 PM";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

Trojan horse Generic23.AYLL;"c:\System Volume Information\_restore{773B7E7F-0214-4084-BD5B-0E2B383584BA}\RP1367\A0139628.exe";"Object is inaccessible.";"7/10/2011, 11:41:23 AM";"file";"C:\Program Files\PC Tools Security\pctsSvc.exe"

Link to post
Share on other sites

In case you were asking for me to paste the attach.txt file previously attached, it is below.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/22/2007 12:45:51 AM

System Uptime: 7/10/2011 4:39:42 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0WG855

Processor: Intel® Core2 CPU 6300 @ 1.86GHz | Microprocessor | 1861/1066mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 168.889 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\82BE3821D100

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\82BE3821D100

Service: NIC1394

.

==== System Restore Points ===================

.

RP1296: 4/11/2011 10:17:48 PM - System Checkpoint

RP1297: 4/12/2011 10:23:35 PM - System Checkpoint

RP1298: 4/16/2011 7:44:24 AM - Software Distribution Service 3.0

RP1299: 4/17/2011 3:00:17 AM - Software Distribution Service 3.0

RP1300: 4/19/2011 10:07:36 AM - System Checkpoint

RP1301: 4/20/2011 10:46:05 AM - System Checkpoint

RP1302: 4/21/2011 11:46:05 AM - System Checkpoint

RP1303: 4/22/2011 3:00:14 AM - Software Distribution Service 3.0

RP1304: 4/24/2011 10:18:42 PM - System Checkpoint

RP1305: 4/25/2011 10:49:51 PM - System Checkpoint

RP1306: 4/27/2011 12:01:51 AM - System Checkpoint

RP1307: 4/28/2011 3:00:15 AM - Software Distribution Service 3.0

RP1308: 4/29/2011 8:07:28 AM - System Checkpoint

RP1309: 4/30/2011 8:33:11 AM - System Checkpoint

RP1310: 5/1/2011 8:58:27 AM - System Checkpoint

RP1311: 5/2/2011 9:36:44 AM - System Checkpoint

RP1312: 5/3/2011 9:56:01 AM - System Checkpoint

RP1313: 5/5/2011 7:53:19 AM - System Checkpoint

RP1314: 5/6/2011 8:00:03 AM - System Checkpoint

RP1315: 5/6/2011 9:08:29 AM - Avg Update

RP1316: 5/7/2011 9:44:22 AM - System Checkpoint

RP1317: 5/8/2011 10:56:22 AM - System Checkpoint

RP1318: 5/9/2011 11:44:22 AM - System Checkpoint

RP1319: 5/10/2011 9:10:04 AM - Avg Update

RP1320: 5/12/2011 8:21:47 PM - Avg Update

RP1321: 5/13/2011 3:00:33 AM - Software Distribution Service 3.0

RP1322: 5/14/2011 3:31:50 AM - System Checkpoint

RP1323: 5/15/2011 3:32:02 AM - System Checkpoint

RP1324: 5/17/2011 10:12:12 AM - Configured Microsoft Office Professional 2007 Trial

RP1325: 5/18/2011 11:23:20 AM - System Checkpoint

RP1326: 5/19/2011 12:23:21 PM - System Checkpoint

RP1327: 5/20/2011 1:14:44 PM - System Checkpoint

RP1328: 5/20/2011 6:27:02 PM - Avg Update

RP1329: 5/21/2011 6:54:04 PM - System Checkpoint

RP1330: 5/22/2011 11:56:20 PM - System Checkpoint

RP1331: 5/23/2011 11:59:26 PM - System Checkpoint

RP1332: 5/25/2011 12:02:02 AM - System Checkpoint

RP1333: 5/26/2011 1:02:03 AM - System Checkpoint

RP1334: 5/27/2011 1:51:07 AM - System Checkpoint

RP1335: 5/28/2011 2:48:04 AM - System Checkpoint

RP1336: 5/30/2011 5:13:49 PM - System Checkpoint

RP1337: 5/31/2011 5:17:01 PM - System Checkpoint

RP1338: 6/2/2011 8:49:14 AM - System Checkpoint

RP1339: 6/3/2011 9:17:11 AM - System Checkpoint

RP1340: 6/4/2011 9:37:07 AM - System Checkpoint

RP1341: 6/5/2011 10:37:07 AM - System Checkpoint

RP1342: 6/6/2011 10:48:57 AM - System Checkpoint

RP1343: 6/7/2011 12:00:57 PM - System Checkpoint

RP1344: 6/8/2011 12:39:04 PM - System Checkpoint

RP1345: 6/9/2011 1:01:04 PM - System Checkpoint

RP1346: 6/10/2011 2:01:04 PM - System Checkpoint

RP1347: 6/11/2011 2:53:15 PM - System Checkpoint

RP1348: 6/12/2011 3:41:15 PM - System Checkpoint

RP1349: 6/14/2011 9:32:45 PM - System Checkpoint

RP1350: 6/15/2011 10:26:09 PM - System Checkpoint

RP1351: 6/16/2011 3:00:23 AM - Software Distribution Service 3.0

RP1352: 6/17/2011 8:01:14 PM - System Checkpoint

RP1353: 6/18/2011 8:35:14 PM - System Checkpoint

RP1354: 6/20/2011 7:42:40 PM - System Checkpoint

RP1355: 6/21/2011 8:25:26 PM - System Checkpoint

RP1356: 6/22/2011 9:19:21 PM - System Checkpoint

RP1357: 6/24/2011 8:03:51 AM - System Checkpoint

RP1358: 6/25/2011 8:07:44 PM - Software Distribution Service 3.0

RP1359: 6/28/2011 9:46:13 PM - System Checkpoint

RP1360: 6/29/2011 7:12:04 PM - Restore Operation

RP1361: 6/29/2011 10:45:47 PM - Restore Operation

RP1362: 6/29/2011 10:48:33 PM - Restore Operation

RP1363: 6/30/2011 7:44:47 PM - Configured Microsoft Office Professional 2007 Trial

RP1364: 6/30/2011 7:46:51 PM - Removed Microsoft Office Professional 2007 Trial

RP1365: 7/1/2011 7:56:43 PM - System Checkpoint

RP1366: 7/2/2011 8:13:13 PM - System Checkpoint

RP1367: 7/5/2011 9:10:34 PM - System Checkpoint

RP1368: 7/6/2011 9:30:43 PM - System Checkpoint

RP1369: 7/7/2011 9:44:14 PM - System Checkpoint

RP1370: 7/8/2011 10:30:43 PM - System Checkpoint

RP1371: 7/9/2011 11:02:58 PM - System Checkpoint

RP1372: 7/10/2011 9:16:30 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

RP1373: 7/10/2011 9:16:40 AM - Installed AVG 2011

RP1374: 7/10/2011 9:17:25 AM - Removed AVG Free 9.0

RP1375: 7/10/2011 9:24:25 AM - Installed AVG 2011

.

==== Installed Programs ======================

.

"Nero SoundTrax Help

3ivx MPEG-4 5.0.1 Decoder (remove only)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.3.0

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2011

BlackBerry Desktop Software 5.0

Bonjour

Brother HL-5340D

Browser Defender 3.0

BUM

Canon Camera Access Library

Canon Camera Support Core Library

Canon MP Drivers 6.0

Canon MP Navigator 1.0

Canon RAW Image Task for ZoomBrowser EX

Canon ScanGear Starter

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities Easy-PhotoPrint

Canon Utilities EOS Utility

Canon Utilities MyCamera

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CASIO USB Driver V1.0.8003.1229

Cisco Connect

Citrix Presentation Server Client - Web Only

Dell Resource CD

DellConnect

DolbyFiles

Easy-WebPrint

Garmin Communicator Plugin

Garmin USB Drivers

Garmin WebUpdater

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ImagXpress

Intel® PRO Network Connections Drivers

iTunes

J2SE Runtime Environment 5.0 Update 11

Japanese Fonts Support For Adobe Reader 8

Java 6 Update 17

KODAK EASYSHARE Gallery Easy Upload, v2.1

KODAK EASYSHARE Gallery Upload ActiveX Control

Korean Language Support

LG USB Modem driver

LimeWire PRO 5.0.11

Logitech Harmony Remote Software 7

Logitech QuickCam

Logitech QuickCam Driver Package

Malwarebytes' Anti-Malware version 1.51.0.1200

Menu Templates - Starter Kit

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Basic Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Movie Templates - Starter Kit

Mozilla Firefox 5.0 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

muvee Plugin 1.0

Nero 9

Nero Burning ROM Help

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DriveSpeed

Nero Express Help

Nero InfoTool

Nero Installer

Nero Live

Nero Live Help

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero WaveEditor

Nero WaveEditor Help

NeroBurningROM

NeroExpress

NeroLiveGadget

NeroLiveGadget Help

neroxml

Nikon Message Center

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OmniPage SE 2.0

PictureProject

PictureProject In Touch 1.0

PictureProject In Touch Downloader 1.0

Presto! PageManager 6.03

QuickTime

Remote Control USB Driver

SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SigmaTel Audio

Skype Toolbars

Skype™ 5.3

Smilebox

SoundTrax

Spybot - Search & Destroy

Spyware Doctor 8.0

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

V CAST Media Manager

V CAST Music with Rhapsody

WebFldrs XP

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Presentation Foundation

Windows XP Service Pack 3

WinZip 12.0

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

7/6/2011 7:33:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/5/2011 9:16:04 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

7/5/2011 10:36:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm

7/10/2011 2:49:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm PCTSD

.

==== End Of File ===========================

Link to post
Share on other sites

New DDS.txt and Attach.txt are below:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Run by Andrew & Una at 8:29:16 on 2011-07-13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1269 [GMT -4:00] .

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

============== Running Processes =============== .

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Brownie\brpjp04a.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

============== Pseudo HJT Report =============== .

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [uIUCU] c:\docume~1\admini~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S

mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"

mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: dpw.com\newyork

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174537892913

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{F029A846-7AAF-4804-AF6B-F8F5DD0D83F9} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX =================== .

FF - ProfilePath - c:\documents and settings\andrew & una\application data\mozilla\firefox\profiles\7tcgmxqx.default\

FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 55333 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll .

============= SERVICES / DRIVERS =============== .

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-20 366640]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-20 22712]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] .

=============== Created Last 30 ================ .

2011-07-10 13:53:18 -------- d-----w- c:\documents and settings\andrew & una\local settings\application data\Threat Expert

2011-07-10 13:28:16 -------- d-----w- c:\documents and settings\andrew & una\application data\AVG10

2011-07-10 13:24:51 -------- d-----w- c:\windows\system32\drivers\AVG

2011-07-10 13:24:51 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-07-10 13:14:38 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-07-10 13:11:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-10 13:10:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-07-10 13:10:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-07-10 13:10:25 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-07-10 13:10:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-07-10 13:10:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-07-10 13:10:25 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-07-10 13:10:25 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-07-10 13:10:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-07-09 22:53:23 -------- d-----w- c:\program files\PC Tools Security

2011-07-09 22:51:58 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-07-06 00:19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-07-06 00:19:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-06-29 23:35:25 711728 ----a-w- c:\windows\is-3J77F.exe

2011-06-29 23:34:06 354 ----a-w- C:\fix.reg

2011-06-29 09:24:26 179 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33448921.bat

2011-06-29 09:24:14 177 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33436921.bat

2011-06-29 09:23:52 139 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33415171.bat

2011-06-29 09:23:31 205 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33394218.bat

2011-06-28 03:20:08 -------- d-----w- C:\Microsoft

2011-06-28 03:17:39 -------- d-----w- C:\Adobe

2011-06-28 03:08:18 -------- d-----w- C:\BlueFlare Antivirus

2011-06-28 03:05:53 -------- d--h--w- C:\$AVG

2011-06-16 07:29:08 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras

2011-06-16 07:02:41 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 01:22:25 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

==================== Find3M ==================== .

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

.

============= FINISH: 8:31:04.46 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/22/2007 12:45:51 AM

System Uptime: 7/13/2011 8:24:43 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0WG855

Processor: Intel® Core2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 168.937 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\82BE3821D100

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\82BE3821D100

Service: NIC1394

.

==== System Restore Points ===================

.

RP1298: 4/16/2011 7:44:24 AM - Software Distribution Service 3.0

RP1299: 4/17/2011 3:00:17 AM - Software Distribution Service 3.0

RP1300: 4/19/2011 10:07:36 AM - System Checkpoint

RP1301: 4/20/2011 10:46:05 AM - System Checkpoint

RP1302: 4/21/2011 11:46:05 AM - System Checkpoint

RP1303: 4/22/2011 3:00:14 AM - Software Distribution Service 3.0

RP1304: 4/24/2011 10:18:42 PM - System Checkpoint

RP1305: 4/25/2011 10:49:51 PM - System Checkpoint

RP1306: 4/27/2011 12:01:51 AM - System Checkpoint

RP1307: 4/28/2011 3:00:15 AM - Software Distribution Service 3.0

RP1308: 4/29/2011 8:07:28 AM - System Checkpoint

RP1309: 4/30/2011 8:33:11 AM - System Checkpoint

RP1310: 5/1/2011 8:58:27 AM - System Checkpoint

RP1311: 5/2/2011 9:36:44 AM - System Checkpoint

RP1312: 5/3/2011 9:56:01 AM - System Checkpoint

RP1313: 5/5/2011 7:53:19 AM - System Checkpoint

RP1314: 5/6/2011 8:00:03 AM - System Checkpoint

RP1315: 5/6/2011 9:08:29 AM - Avg Update

RP1316: 5/7/2011 9:44:22 AM - System Checkpoint

RP1317: 5/8/2011 10:56:22 AM - System Checkpoint

RP1318: 5/9/2011 11:44:22 AM - System Checkpoint

RP1319: 5/10/2011 9:10:04 AM - Avg Update

RP1320: 5/12/2011 8:21:47 PM - Avg Update

RP1321: 5/13/2011 3:00:33 AM - Software Distribution Service 3.0

RP1322: 5/14/2011 3:31:50 AM - System Checkpoint

RP1323: 5/15/2011 3:32:02 AM - System Checkpoint

RP1324: 5/17/2011 10:12:12 AM - Configured Microsoft Office Professional 2007 Trial

RP1325: 5/18/2011 11:23:20 AM - System Checkpoint

RP1326: 5/19/2011 12:23:21 PM - System Checkpoint

RP1327: 5/20/2011 1:14:44 PM - System Checkpoint

RP1328: 5/20/2011 6:27:02 PM - Avg Update

RP1329: 5/21/2011 6:54:04 PM - System Checkpoint

RP1330: 5/22/2011 11:56:20 PM - System Checkpoint

RP1331: 5/23/2011 11:59:26 PM - System Checkpoint

RP1332: 5/25/2011 12:02:02 AM - System Checkpoint

RP1333: 5/26/2011 1:02:03 AM - System Checkpoint

RP1334: 5/27/2011 1:51:07 AM - System Checkpoint

RP1335: 5/28/2011 2:48:04 AM - System Checkpoint

RP1336: 5/30/2011 5:13:49 PM - System Checkpoint

RP1337: 5/31/2011 5:17:01 PM - System Checkpoint

RP1338: 6/2/2011 8:49:14 AM - System Checkpoint

RP1339: 6/3/2011 9:17:11 AM - System Checkpoint

RP1340: 6/4/2011 9:37:07 AM - System Checkpoint

RP1341: 6/5/2011 10:37:07 AM - System Checkpoint

RP1342: 6/6/2011 10:48:57 AM - System Checkpoint

RP1343: 6/7/2011 12:00:57 PM - System Checkpoint

RP1344: 6/8/2011 12:39:04 PM - System Checkpoint

RP1345: 6/9/2011 1:01:04 PM - System Checkpoint

RP1346: 6/10/2011 2:01:04 PM - System Checkpoint

RP1347: 6/11/2011 2:53:15 PM - System Checkpoint

RP1348: 6/12/2011 3:41:15 PM - System Checkpoint

RP1349: 6/14/2011 9:32:45 PM - System Checkpoint

RP1350: 6/15/2011 10:26:09 PM - System Checkpoint

RP1351: 6/16/2011 3:00:23 AM - Software Distribution Service 3.0

RP1352: 6/17/2011 8:01:14 PM - System Checkpoint

RP1353: 6/18/2011 8:35:14 PM - System Checkpoint

RP1354: 6/20/2011 7:42:40 PM - System Checkpoint

RP1355: 6/21/2011 8:25:26 PM - System Checkpoint

RP1356: 6/22/2011 9:19:21 PM - System Checkpoint

RP1357: 6/24/2011 8:03:51 AM - System Checkpoint

RP1358: 6/25/2011 8:07:44 PM - Software Distribution Service 3.0

RP1359: 6/28/2011 9:46:13 PM - System Checkpoint

RP1360: 6/29/2011 7:12:04 PM - Restore Operation

RP1361: 6/29/2011 10:45:47 PM - Restore Operation

RP1362: 6/29/2011 10:48:33 PM - Restore Operation

RP1363: 6/30/2011 7:44:47 PM - Configured Microsoft Office Professional 2007 Trial

RP1364: 6/30/2011 7:46:51 PM - Removed Microsoft Office Professional 2007 Trial

RP1365: 7/1/2011 7:56:43 PM - System Checkpoint

RP1366: 7/2/2011 8:13:13 PM - System Checkpoint

RP1367: 7/5/2011 9:10:34 PM - System Checkpoint

RP1368: 7/6/2011 9:30:43 PM - System Checkpoint

RP1369: 7/7/2011 9:44:14 PM - System Checkpoint

RP1370: 7/8/2011 10:30:43 PM - System Checkpoint

RP1371: 7/9/2011 11:02:58 PM - System Checkpoint

RP1372: 7/10/2011 9:16:30 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

RP1373: 7/10/2011 9:16:40 AM - Installed AVG 2011

RP1374: 7/10/2011 9:17:25 AM - Removed AVG Free 9.0

RP1375: 7/10/2011 9:24:25 AM - Installed AVG 2011

RP1376: 7/11/2011 8:40:01 PM - System Checkpoint

RP1377: 7/12/2011 9:30:27 PM - System Checkpoint

.

==== Installed Programs ======================

.

"Nero SoundTrax Help

3ivx MPEG-4 5.0.1 Decoder (remove only)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.3.0

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2011

BlackBerry Desktop Software 5.0

Bonjour

Brother HL-5340D

BUM

Canon Camera Access Library

Canon Camera Support Core Library

Canon MP Drivers 6.0

Canon MP Navigator 1.0

Canon RAW Image Task for ZoomBrowser EX

Canon ScanGear Starter

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities Easy-PhotoPrint

Canon Utilities EOS Utility

Canon Utilities MyCamera

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CASIO USB Driver V1.0.8003.1229

Cisco Connect

Citrix Presentation Server Client - Web Only

Dell Resource CD

DellConnect

DolbyFiles

Easy-WebPrint

Garmin Communicator Plugin

Garmin USB Drivers

Garmin WebUpdater

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ImagXpress

Intel® PRO Network Connections Drivers

iTunes

J2SE Runtime Environment 5.0 Update 11

Japanese Fonts Support For Adobe Reader 8

Java 6 Update 17

KODAK EASYSHARE Gallery Easy Upload, v2.1

KODAK EASYSHARE Gallery Upload ActiveX Control

Korean Language Support

LG USB Modem driver

LimeWire PRO 5.0.11

Logitech Harmony Remote Software 7

Logitech QuickCam

Logitech QuickCam Driver Package

Malwarebytes' Anti-Malware version 1.51.0.1200

Menu Templates - Starter Kit

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Basic Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Movie Templates - Starter Kit

Mozilla Firefox 5.0 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

muvee Plugin 1.0

Nero 9

Nero Burning ROM Help

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DriveSpeed

Nero Express Help

Nero InfoTool

Nero Installer

Nero Live

Nero Live Help

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero WaveEditor

Nero WaveEditor Help

NeroBurningROM

NeroExpress

NeroLiveGadget

NeroLiveGadget Help

neroxml

Nikon Message Center

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OmniPage SE 2.0

PictureProject

PictureProject In Touch 1.0

PictureProject In Touch Downloader 1.0

Presto! PageManager 6.03

QuickTime

Remote Control USB Driver

SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SigmaTel Audio

Skype Toolbars

Skype™ 5.3

Smilebox

SoundTrax

Spybot - Search & Destroy

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

V CAST Media Manager

V CAST Music with Rhapsody

WebFldrs XP

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Presentation Foundation

Windows XP Service Pack 3

WinZip 12.0

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

7/6/2011 7:38:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm

7/11/2011 7:23:47 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

7/10/2011 2:51:49 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

7/10/2011 2:49:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/10/2011 2:49:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm PCTSD

.

==== End Of File ===========================

Link to post
Share on other sites

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 55333

FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FireFox is still showing a proxy server being used

Link to post
Share on other sites

You might need to uninstall AVG

Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix.

AVG > AVG Removal Tool (x86) - AVG Removal Tool (x64)

AVG Identity Protection > AVGIDPUninstaller

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Three items:

1. I clicked on the links to uninstall AVG. The first and last links apperead to work. The second did not. The AVG icon still exists in my toolbar, so I tried to unistall via Windows. I tried several times but keep running into an uninstall error. ComboFix won't run unless I remove AVG. Any suggestions?

2. You indicated that the Firefox proxy was on. I checked again, and "no prox" is checked. Not sure what is happening here.

3. I should note that only once I have been able to successfully post a message to this site from the infected computer. (I have tried both IE and Firefox.

I re-ran DDS, just in case. Let me know if you don't want me to post this without instruction b/c it is long.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Run by Andrew & Una at 19:21:26 on 2011-07-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1347 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Brownie\brpjp04a.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [uIUCU] c:\docume~1\admini~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S

mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"

mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: dpw.com\newyork

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174537892913

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{F029A846-7AAF-4804-AF6B-F8F5DD0D83F9} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\andrew & una\application data\mozilla\firefox\profiles\7tcgmxqx.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 55333

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

.

============= SERVICES / DRIVERS ===============

.

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-20 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-20 22712]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

.

=============== Created Last 30 ================

.

2011-07-10 13:53:18 -------- d-----w- c:\documents and settings\andrew & una\local settings\application data\Threat Expert

2011-07-10 13:28:16 -------- d-----w- c:\documents and settings\andrew & una\application data\AVG10

2011-07-10 13:24:51 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-07-10 13:14:38 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-07-10 13:11:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-10 13:10:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-07-10 13:10:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-07-10 13:10:25 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-07-10 13:10:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-07-10 13:10:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-07-10 13:10:25 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-07-10 13:10:25 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-07-10 13:10:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-07-09 22:53:23 -------- d-----w- c:\program files\PC Tools Security

2011-07-09 22:51:58 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-07-06 00:19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-07-06 00:19:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-06-29 23:35:25 711728 ----a-w- c:\windows\is-3J77F.exe

2011-06-29 23:34:06 354 ----a-w- C:\fix.reg

2011-06-29 09:24:26 179 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33448921.bat

2011-06-29 09:24:14 177 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33436921.bat

2011-06-29 09:23:52 139 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33415171.bat

2011-06-29 09:23:31 205 ----a-w- c:\documents and settings\andrew & una\application data\microsoft\gb_33394218.bat

2011-06-28 03:20:08 -------- d-----w- C:\Microsoft

2011-06-28 03:17:39 -------- d-----w- C:\Adobe

2011-06-28 03:08:18 -------- d-----w- C:\BlueFlare Antivirus

2011-06-28 03:05:53 -------- d--h--w- C:\$AVG

2011-06-16 07:29:08 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras

2011-06-16 07:02:41 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 01:22:25 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 19:23:04.03 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/22/2007 12:45:51 AM

System Uptime: 7/13/2011 6:56:31 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0WG855

Processor: Intel® Core2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 168.887 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\82BE3821D100

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\82BE3821D100

Service: NIC1394

.

==== System Restore Points ===================

.

RP1298: 4/16/2011 7:44:24 AM - Software Distribution Service 3.0

RP1299: 4/17/2011 3:00:17 AM - Software Distribution Service 3.0

RP1300: 4/19/2011 10:07:36 AM - System Checkpoint

RP1301: 4/20/2011 10:46:05 AM - System Checkpoint

RP1302: 4/21/2011 11:46:05 AM - System Checkpoint

RP1303: 4/22/2011 3:00:14 AM - Software Distribution Service 3.0

RP1304: 4/24/2011 10:18:42 PM - System Checkpoint

RP1305: 4/25/2011 10:49:51 PM - System Checkpoint

RP1306: 4/27/2011 12:01:51 AM - System Checkpoint

RP1307: 4/28/2011 3:00:15 AM - Software Distribution Service 3.0

RP1308: 4/29/2011 8:07:28 AM - System Checkpoint

RP1309: 4/30/2011 8:33:11 AM - System Checkpoint

RP1310: 5/1/2011 8:58:27 AM - System Checkpoint

RP1311: 5/2/2011 9:36:44 AM - System Checkpoint

RP1312: 5/3/2011 9:56:01 AM - System Checkpoint

RP1313: 5/5/2011 7:53:19 AM - System Checkpoint

RP1314: 5/6/2011 8:00:03 AM - System Checkpoint

RP1315: 5/6/2011 9:08:29 AM - Avg Update

RP1316: 5/7/2011 9:44:22 AM - System Checkpoint

RP1317: 5/8/2011 10:56:22 AM - System Checkpoint

RP1318: 5/9/2011 11:44:22 AM - System Checkpoint

RP1319: 5/10/2011 9:10:04 AM - Avg Update

RP1320: 5/12/2011 8:21:47 PM - Avg Update

RP1321: 5/13/2011 3:00:33 AM - Software Distribution Service 3.0

RP1322: 5/14/2011 3:31:50 AM - System Checkpoint

RP1323: 5/15/2011 3:32:02 AM - System Checkpoint

RP1324: 5/17/2011 10:12:12 AM - Configured Microsoft Office Professional 2007 Trial

RP1325: 5/18/2011 11:23:20 AM - System Checkpoint

RP1326: 5/19/2011 12:23:21 PM - System Checkpoint

RP1327: 5/20/2011 1:14:44 PM - System Checkpoint

RP1328: 5/20/2011 6:27:02 PM - Avg Update

RP1329: 5/21/2011 6:54:04 PM - System Checkpoint

RP1330: 5/22/2011 11:56:20 PM - System Checkpoint

RP1331: 5/23/2011 11:59:26 PM - System Checkpoint

RP1332: 5/25/2011 12:02:02 AM - System Checkpoint

RP1333: 5/26/2011 1:02:03 AM - System Checkpoint

RP1334: 5/27/2011 1:51:07 AM - System Checkpoint

RP1335: 5/28/2011 2:48:04 AM - System Checkpoint

RP1336: 5/30/2011 5:13:49 PM - System Checkpoint

RP1337: 5/31/2011 5:17:01 PM - System Checkpoint

RP1338: 6/2/2011 8:49:14 AM - System Checkpoint

RP1339: 6/3/2011 9:17:11 AM - System Checkpoint

RP1340: 6/4/2011 9:37:07 AM - System Checkpoint

RP1341: 6/5/2011 10:37:07 AM - System Checkpoint

RP1342: 6/6/2011 10:48:57 AM - System Checkpoint

RP1343: 6/7/2011 12:00:57 PM - System Checkpoint

RP1344: 6/8/2011 12:39:04 PM - System Checkpoint

RP1345: 6/9/2011 1:01:04 PM - System Checkpoint

RP1346: 6/10/2011 2:01:04 PM - System Checkpoint

RP1347: 6/11/2011 2:53:15 PM - System Checkpoint

RP1348: 6/12/2011 3:41:15 PM - System Checkpoint

RP1349: 6/14/2011 9:32:45 PM - System Checkpoint

RP1350: 6/15/2011 10:26:09 PM - System Checkpoint

RP1351: 6/16/2011 3:00:23 AM - Software Distribution Service 3.0

RP1352: 6/17/2011 8:01:14 PM - System Checkpoint

RP1353: 6/18/2011 8:35:14 PM - System Checkpoint

RP1354: 6/20/2011 7:42:40 PM - System Checkpoint

RP1355: 6/21/2011 8:25:26 PM - System Checkpoint

RP1356: 6/22/2011 9:19:21 PM - System Checkpoint

RP1357: 6/24/2011 8:03:51 AM - System Checkpoint

RP1358: 6/25/2011 8:07:44 PM - Software Distribution Service 3.0

RP1359: 6/28/2011 9:46:13 PM - System Checkpoint

RP1360: 6/29/2011 7:12:04 PM - Restore Operation

RP1361: 6/29/2011 10:45:47 PM - Restore Operation

RP1362: 6/29/2011 10:48:33 PM - Restore Operation

RP1363: 6/30/2011 7:44:47 PM - Configured Microsoft Office Professional 2007 Trial

RP1364: 6/30/2011 7:46:51 PM - Removed Microsoft Office Professional 2007 Trial

RP1365: 7/1/2011 7:56:43 PM - System Checkpoint

RP1366: 7/2/2011 8:13:13 PM - System Checkpoint

RP1367: 7/5/2011 9:10:34 PM - System Checkpoint

RP1368: 7/6/2011 9:30:43 PM - System Checkpoint

RP1369: 7/7/2011 9:44:14 PM - System Checkpoint

RP1370: 7/8/2011 10:30:43 PM - System Checkpoint

RP1371: 7/9/2011 11:02:58 PM - System Checkpoint

RP1372: 7/10/2011 9:16:30 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

RP1373: 7/10/2011 9:16:40 AM - Installed AVG 2011

RP1374: 7/10/2011 9:17:25 AM - Removed AVG Free 9.0

RP1375: 7/10/2011 9:24:25 AM - Installed AVG 2011

RP1376: 7/11/2011 8:40:01 PM - System Checkpoint

RP1377: 7/12/2011 9:30:27 PM - System Checkpoint

RP1378: 7/13/2011 6:59:58 PM - Removed AVG 2011

RP1379: 7/13/2011 7:01:39 PM - Removed AVG 2011

RP1380: 7/13/2011 7:09:11 PM - Removed AVG 2011

.

==== Installed Programs ======================

.

"Nero SoundTrax Help

3ivx MPEG-4 5.0.1 Decoder (remove only)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.3.0

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2011

BlackBerry Desktop Software 5.0

Bonjour

Brother HL-5340D

BUM

Canon Camera Access Library

Canon Camera Support Core Library

Canon MP Drivers 6.0

Canon MP Navigator 1.0

Canon RAW Image Task for ZoomBrowser EX

Canon ScanGear Starter

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities Easy-PhotoPrint

Canon Utilities EOS Utility

Canon Utilities MyCamera

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CASIO USB Driver V1.0.8003.1229

Cisco Connect

Citrix Presentation Server Client - Web Only

Dell Resource CD

DellConnect

DolbyFiles

Easy-WebPrint

Garmin Communicator Plugin

Garmin USB Drivers

Garmin WebUpdater

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ImagXpress

Intel® PRO Network Connections Drivers

iTunes

J2SE Runtime Environment 5.0 Update 11

Japanese Fonts Support For Adobe Reader 8

Java 6 Update 17

KODAK EASYSHARE Gallery Easy Upload, v2.1

KODAK EASYSHARE Gallery Upload ActiveX Control

Korean Language Support

LG USB Modem driver

LimeWire PRO 5.0.11

Logitech Harmony Remote Software 7

Logitech QuickCam

Logitech QuickCam Driver Package

Malwarebytes' Anti-Malware version 1.51.0.1200

Menu Templates - Starter Kit

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Basic Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Movie Templates - Starter Kit

Mozilla Firefox 5.0 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

muvee Plugin 1.0

Nero 9

Nero Burning ROM Help

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DriveSpeed

Nero Express Help

Nero InfoTool

Nero Installer

Nero Live

Nero Live Help

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero WaveEditor

Nero WaveEditor Help

NeroBurningROM

NeroExpress

NeroLiveGadget

NeroLiveGadget Help

neroxml

Nikon Message Center

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OmniPage SE 2.0

PictureProject

PictureProject In Touch 1.0

PictureProject In Touch Downloader 1.0

Presto! PageManager 6.03

QuickTime

Remote Control USB Driver

SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SigmaTel Audio

Skype Toolbars

Skype 5.3

Smilebox

SoundTrax

Spybot - Search & Destroy

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

V CAST Media Manager

V CAST Music with Rhapsody

WebFldrs XP

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Presentation Foundation

Windows XP Service Pack 3

WinZip 12.0

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

7/6/2011 7:38:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm

7/13/2011 7:03:13 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

7/13/2011 6:53:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH

7/11/2011 7:23:47 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

7/10/2011 2:59:37 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

7/10/2011 2:58:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/10/2011 2:49:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm PCTSD

.

==== End Of File ===========================

Link to post
Share on other sites

OK. AVG uninstalled and ran combofix. Here is the log:

ComboFix 11-07-13.04 - Andrew & Una 07/14/2011 8:26.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1414 [GMT -4:00]

Running from: c:\documents and settings\Andrew & Una\Desktop\ComboFix.exe

AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\20100126163026.log

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.ico

c:\documents and settings\All Users\Desktop\Malware Protection.lnk

C:\Microsoft

.

.

((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))

.

.

2011-07-10 13:53 . 2011-07-10 13:53 -------- d-----w- c:\documents and settings\Andrew & Una\Local Settings\Application Data\Threat Expert

2011-07-10 13:11 . 2011-07-10 13:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-10 13:10 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-07-10 13:10 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-07-10 13:10 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-07-10 13:10 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-07-10 13:10 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-07-10 13:10 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-07-10 13:10 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-07-10 13:10 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-07-09 22:53 . 2011-07-11 00:14 -------- d-----w- c:\program files\PC Tools Security

2011-07-09 22:53 . 2011-07-11 00:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-07-09 22:51 . 2011-07-11 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-07-06 00:19 . 2011-07-06 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-07-06 00:19 . 2011-07-06 00:24 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-30 00:23 . 2011-06-30 00:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-06-29 23:35 . 2011-06-29 23:35 711728 ----a-w- c:\windows\is-3J77F.exe

2011-06-29 23:35 . 2011-06-29 23:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-06-29 23:34 . 2011-06-29 23:34 354 ----a-w- C:\fix.reg

2011-06-29 23:02 . 2011-06-29 23:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-06-29 23:02 . 2011-06-29 23:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-06-29 09:24 . 2011-06-29 09:24 179 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33448921.bat

2011-06-29 09:24 . 2011-06-29 09:24 177 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33436921.bat

2011-06-29 09:23 . 2011-06-29 09:23 139 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33415171.bat

2011-06-29 09:23 . 2011-06-29 09:23 205 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33394218.bat

2011-06-28 03:36 . 2011-06-28 03:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-06-28 03:17 . 2011-06-28 03:17 -------- d-----w- C:\Adobe

2011-06-28 03:08 . 2011-06-28 03:08 -------- d-----w- C:\BlueFlare Antivirus

2011-06-28 03:05 . 2011-06-28 03:05 -------- d-----w- C:\$AVG

2011-06-28 03:01 . 2011-06-28 03:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-06-16 07:29 . 2011-07-09 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras

2011-06-16 07:02 . 2011-06-16 07:24 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 01:22 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2010-08-20 22:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2010-08-20 22:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31 . 2007-03-22 04:42 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-06-16 04:17 . 2011-07-10 13:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]

"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/20/2010 6:55 PM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/20/2010 6:55 PM 22712]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2010-02-10 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: dpw.com\newyork

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\documents and settings\Andrew & Una\Application Data\Mozilla\Firefox\Profiles\7tcgmxqx.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 55333

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-UIUCU - c:\docume~1\ADMINI~1\LOCALS~1\Temp\UIUCU.EXE

AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe

AddRemove-{E7269FD6-34EA-4617-8752-6739AA384080} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{E7269~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-14 08:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(568)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(628)

c:\windows\system32\WININET.dll

.

Completion time: 2011-07-14 08:39:45

ComboFix-quarantined-files.txt 2011-07-14 12:39

.

Pre-Run: 185,413,607,424 bytes free

Post-Run: 186,277,552,128 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - F3E63EDF0E5C24E88384E52ACE542AFD

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::


FireFox::
FF - ProfilePath - c:\documents and settings\Andrew & Una\Application Data\Mozilla\Firefox\Profiles\7tcgmxqx.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55333
FF - prefs.js: network.proxy.type - 0

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

New log below.

I did a few tests. In IE, I still get redirected. In Firefox, when I run a Google search and then click on a search result, most web pages come back completely blank.

One note: I shut down my PC and apparently some updates uploaded upon closing. This is the first time that has happened, so it appears that CF worked on that at least. But I am still blocked form accessing the website: http://windowsupdate.microsoft.com/ from both IE and Firefox.

ComboFix 11-07-14.05 - Andrew & Una 07/14/2011 16:18:57.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1401 [GMT -4:00]

Running from: c:\documents and settings\Andrew & Una\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Andrew & Una\Desktop\CFScript.txt

AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))

.

.

2011-07-10 13:53 . 2011-07-10 13:53 -------- d-----w- c:\documents and settings\Andrew & Una\Local Settings\Application Data\Threat Expert

2011-07-10 13:11 . 2011-07-10 13:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-10 13:10 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-07-10 13:10 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-07-10 13:10 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-07-10 13:10 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-07-10 13:10 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-07-10 13:10 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-07-10 13:10 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-07-10 13:10 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-07-09 22:53 . 2011-07-11 00:14 -------- d-----w- c:\program files\PC Tools Security

2011-07-09 22:53 . 2011-07-11 00:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-07-09 22:51 . 2011-07-11 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-07-06 00:19 . 2011-07-06 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-07-06 00:19 . 2011-07-06 00:24 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-30 00:23 . 2011-06-30 00:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-06-29 23:35 . 2011-06-29 23:35 711728 ----a-w- c:\windows\is-3J77F.exe

2011-06-29 23:35 . 2011-06-29 23:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-06-29 23:34 . 2011-06-29 23:34 354 ----a-w- C:\fix.reg

2011-06-29 23:02 . 2011-06-29 23:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-06-29 23:02 . 2011-06-29 23:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-06-29 09:24 . 2011-06-29 09:24 179 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33448921.bat

2011-06-29 09:24 . 2011-06-29 09:24 177 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33436921.bat

2011-06-29 09:23 . 2011-06-29 09:23 139 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33415171.bat

2011-06-29 09:23 . 2011-06-29 09:23 205 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33394218.bat

2011-06-28 03:36 . 2011-06-28 03:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-06-28 03:17 . 2011-06-28 03:17 -------- d-----w- C:\Adobe

2011-06-28 03:08 . 2011-06-28 03:08 -------- d-----w- C:\BlueFlare Antivirus

2011-06-28 03:05 . 2011-06-28 03:05 -------- d-----w- C:\$AVG

2011-06-28 03:01 . 2011-06-28 03:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-06-16 07:29 . 2011-07-09 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras

2011-06-16 07:02 . 2011-06-16 07:24 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 01:22 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2010-08-20 22:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2010-08-20 22:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31 . 2007-03-22 04:42 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-06-16 04:17 . 2011-07-10 13:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-14_12.36.40 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-14 20:27 . 2011-07-14 20:27 16384 c:\windows\temp\Perflib_Perfdata_18c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]

"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/20/2010 6:55 PM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/20/2010 6:55 PM 22712]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-14 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: dpw.com\newyork

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\documents and settings\Andrew & Una\Application Data\Mozilla\Firefox\Profiles\7tcgmxqx.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-14 16:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(552)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(612)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(1596)

c:\windows\system32\WININET.dll

c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\stsystra.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Completion time: 2011-07-14 16:31:59 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-14 20:31

ComboFix2.txt 2011-07-14 12:39

.

Pre-Run: 186,398,883,840 bytes free

Post-Run: 186,397,876,224 bytes free

.

- - End Of File - - F1BB91A9B7B6C15243F4991663B758FD

Link to post
Share on other sites

Did you install this?

C:\BlueFlare Antivirus

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\windows\is-3J77F.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Link to post
Share on other sites

Not sure what Blue Flare is. I ran Eset and some others that had been posted to this site, but don't recognize that one.

As to the exe file you ID'd:

Here is the first link, and then Kaspersky, and then Jotti:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: c8de25fefb17627e2237b320ccf30ee1

Date first seen: 2011-05-31 21:01:18 (UTC)

Date last seen: 2011-07-13 23:02:37 (UTC)

Detection ratio: 0/43

Kaspersky:

Kaspersky File Scanner

Scanned file: is-3J77F.exe

You're clean!

Kaspersky File Scanner has not detected any viruses at this time in the file you submitted.

However, only a fully-functional antivirus solution with regularly updated virus definitions can ensure comprehensive protection against malware. If you do not have an antivirus solution installed, you may wish to consider purchasing one today.

Download a trial version of Kaspersky Internet Security

Purchase Kaspersky Internet Security in our E-Store

Purchase Kaspersky Internet Security from a certified partner

Jotti:

Jotti's malware scan

This file has been scanned before. The results for this previous scan are listed below.

Filename: is-CB483.exe

Status:

Scan finished. 0 out of 12 scanners reported malware.

Scan taken on: Fri 1 Jul 2011 02:57:15 (CET) Permalink

Additional info

File size: 711728 bytes

Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5: c8de25fefb17627e2237b320ccf30ee1

SHA1: 1eb76f645e9a74e9e45b33fdf4793c889c5a6744

Link to post
Share on other sites

Isn't that interesting.

Did the file change names to hide itself?

Kaspersky File Scanner

Scanned file: is-3J77F.exe

Jotti's malware scan

This file has been scanned before. The results for this previous scan are listed below.

Filename: is-CB483.exeStatus:

Run a new Combofix scan please

Link to post
Share on other sites

I ran Jotti again and came back with the same result. Anyway, here is the new CF log:

ComboFix 11-07-14.05 - Andrew & Una 07/14/2011 18:43:46.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1522 [GMT -4:00]

Running from: c:\documents and settings\Andrew & Una\Desktop\ComboFix.exe

AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))

.

.

2011-07-10 13:53 . 2011-07-10 13:53 -------- d-----w- c:\documents and settings\Andrew & Una\Local Settings\Application Data\Threat Expert

2011-07-10 13:11 . 2011-07-10 13:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-10 13:10 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-07-10 13:10 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-07-10 13:10 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-07-10 13:10 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-07-10 13:10 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-07-10 13:10 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-07-10 13:10 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-07-10 13:10 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-07-09 22:53 . 2011-07-11 00:14 -------- d-----w- c:\program files\PC Tools Security

2011-07-09 22:53 . 2011-07-11 00:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-07-09 22:51 . 2011-07-11 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-07-06 00:19 . 2011-07-06 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-07-06 00:19 . 2011-07-06 00:24 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-30 00:23 . 2011-06-30 00:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-06-29 23:35 . 2011-06-29 23:35 711728 ----a-w- c:\windows\is-3J77F.exe

2011-06-29 23:35 . 2011-06-29 23:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-06-29 23:34 . 2011-06-29 23:34 354 ----a-w- C:\fix.reg

2011-06-29 23:02 . 2011-06-29 23:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-06-29 23:02 . 2011-06-29 23:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-06-29 09:24 . 2011-06-29 09:24 179 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33448921.bat

2011-06-29 09:24 . 2011-06-29 09:24 177 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33436921.bat

2011-06-29 09:23 . 2011-06-29 09:23 139 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33415171.bat

2011-06-29 09:23 . 2011-06-29 09:23 205 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33394218.bat

2011-06-28 03:36 . 2011-06-28 03:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-06-28 03:17 . 2011-06-28 03:17 -------- d-----w- C:\Adobe

2011-06-28 03:08 . 2011-06-28 03:08 -------- d-----w- C:\BlueFlare Antivirus

2011-06-28 03:05 . 2011-06-28 03:05 -------- d-----w- C:\$AVG

2011-06-28 03:01 . 2011-06-28 03:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-06-16 07:29 . 2011-07-09 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras

2011-06-16 07:02 . 2011-06-16 07:24 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 01:22 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-29 13:11 . 2010-08-20 22:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2010-08-20 22:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31 . 2007-03-22 04:42 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-06-16 04:17 . 2011-07-10 13:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-14_12.36.40 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll

+ 2011-07-14 20:52 . 2011-07-14 20:52 16384 c:\windows\temp\Perflib_Perfdata_884.dat

- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2007-03-24 14:45 . 2011-07-14 20:48 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2007-03-24 14:45 . 2011-07-13 00:42 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2007-03-24 14:45 . 2011-07-13 00:42 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2007-03-24 14:45 . 2011-07-14 20:48 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2007-03-24 14:45 . 2011-07-13 00:42 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2007-03-24 14:45 . 2011-07-14 20:48 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2007-03-24 14:45 . 2011-07-13 00:42 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2007-03-24 14:45 . 2011-07-14 20:48 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2007-03-24 14:45 . 2011-07-14 20:48 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2007-03-24 14:45 . 2011-07-13 00:42 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll

+ 2007-03-21 15:34 . 2011-07-14 20:52 277352 c:\windows\system32\FNTCACHE.DAT

- 2007-03-21 15:34 . 2011-06-30 23:52 277352 c:\windows\system32\FNTCACHE.DAT

- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll

+ 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll

+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll

+ 2011-07-14 20:50 . 2011-07-14 20:50 223744 c:\windows\Installer\13ffb7.msi

+ 2007-03-24 14:45 . 2011-07-14 20:48 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2007-03-24 14:45 . 2011-07-13 00:42 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2007-03-24 14:45 . 2011-07-13 00:42 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2007-03-24 14:45 . 2011-07-14 20:48 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2007-03-24 14:45 . 2011-07-13 00:42 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2007-03-24 14:45 . 2011-07-14 20:48 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2007-03-24 14:45 . 2011-07-13 00:42 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2007-03-24 14:45 . 2011-07-14 20:48 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll

+ 2008-10-15 21:18 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys

+ 2011-05-23 18:15 . 2011-05-23 18:15 3617792 c:\windows\Installer\13ffb0.msp

+ 2007-03-22 12:14 . 2011-07-14 20:49 49089992 c:\windows\system32\MRT.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]

"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/20/2010 6:55 PM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/20/2010 6:55 PM 22712]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-14 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: dpw.com\newyork

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\documents and settings\Andrew & Una\Application Data\Mozilla\Firefox\Profiles\7tcgmxqx.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-14 18:51

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(548)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(608)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(488)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-07-14 18:54:33

ComboFix-quarantined-files.txt 2011-07-14 22:54

ComboFix2.txt 2011-07-14 20:32

ComboFix3.txt 2011-07-14 12:39

.

Pre-Run: 186,343,780,352 bytes free

Post-Run: 186,335,674,368 bytes free

.

- - End Of File - - 7275D2C41B4F169C5851883C02C2E450

Link to post
Share on other sites

While I'm looking at the results, can you check this one?

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33448921.bat

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Link to post
Share on other sites

Results (first one plus Jotti):

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

gb_33448921.bat

Submission date:

2011-07-14 22:51:45 (UTC)

Current status:

finished

Result:

3/ 43 (7.0%)

VT Community

not reviewed

Safety score: -

Compact

Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.07.15.00 2011.07.14 -

AntiVir 7.11.11.156 2011.07.14 -

Antiy-AVL 2.0.3.7 2011.07.14 -

Avast 4.8.1351.0 2011.07.14 -

Avast5 5.0.677.0 2011.07.14 -

AVG 10.0.0.1190 2011.07.14 -

BitDefender 7.2 2011.07.14 -

CAT-QuickHeal 11.00 2011.07.13 -

ClamAV 0.97.0.0 2011.07.14 -

Commtouch 5.3.2.6 2011.07.14 -

Comodo 9382 2011.07.14 -

DrWeb 5.0.2.03300 2011.07.15 -

Emsisoft 5.1.0.8 2011.07.14 -

eSafe 7.0.17.0 2011.07.14 -

eTrust-Vet 36.1.8444 2011.07.14 -

F-Prot 4.6.2.117 2011.07.14 -

F-Secure 9.0.16440.0 2011.07.14 -

Fortinet 4.2.257.0 2011.07.14 BAT/Sdel!tr

GData 22 2011.07.14 -

Ikarus T3.1.1.104.0 2011.07.14 -

Jiangmin 13.0.900 2011.07.14 -

K7AntiVirus 9.108.4907 2011.07.14 -

Kaspersky 9.0.0.837 2011.07.14 -

McAfee 5.400.0.1158 2011.07.15 Bat/sdel

McAfee-GW-Edition 2010.1D 2011.07.14 Bat/sdel

Microsoft 1.7000 2011.07.14 -

NOD32 6295 2011.07.15 -

Norman 6.07.10 2011.07.14 -

nProtect 2011-07-14.02 2011.07.14 -

Panda 10.0.3.5 2011.07.14 -

PCTools 8.0.0.5 2011.07.13 -

Prevx 3.0 2011.07.15 -

Rising 23.66.03.03 2011.07.14 -

Sophos 4.67.0 2011.07.14 -

SUPERAntiSpyware 4.40.0.1006 2011.07.15 -

Symantec 20111.1.0.186 2011.07.15 -

TheHacker 6.7.0.1.255 2011.07.14 -

TrendMicro 9.200.0.1012 2011.07.14 -

TrendMicro-HouseCall 9.200.0.1012 2011.07.15 -

VBA32 3.12.16.4 2011.07.14 -

VIPRE 9858 2011.07.14 -

ViRobot 2011.7.14.4569 2011.07.14 -

VirusBuster 14.0.125.0 2011.07.14 -

Additional information

MD5 : cad9e32b3eb68d200ecbca4bce7065be

SHA1 : e6849785e58fd91baaacfa3344a88b87b94e55ea

SHA256: 629ea25f438cb88697c3e5e43c175b348f9c76a5359c29ce429a33ab16d6ab3b

VT Community

Jotti:

Jotti's malware scan

Filename: gb_33448921.bat

Status:

Scan finished. 0 out of 20 scanners reported malware.

Scan taken on: Fri 15 Jul 2011 01:06:16 (CET) Permalink

Additional info

File size: 179 bytes

Filetype: DOS batch file text

MD5: cad9e32b3eb68d200ecbca4bce7065be

SHA1: e6849785e58fd91baaacfa3344a88b87b94e55ea

Scanners

[ArcaVir]

2011-07-15 Found nothing

[F-Secure Anti-Virus]

2011-07-14 Found nothing

[Avast! antivirus]

2011-07-14 Found nothing

[G DATA]

2011-07-14 Found nothing

[Grisoft AVG Anti-Virus]

2011-07-14 Found nothing

[ikarus]

2011-07-14 Found nothing

[Avira AntiVir]

2011-07-14 Found nothing

[Kaspersky Anti-Virus]

2011-07-14 Found nothing

[softwin BitDefender]

2011-07-14 Found nothing

[ESET NOD32]

2011-07-14 Found nothing

[ClamAV]

2011-07-14 Found nothing

[Panda Antivirus]

2011-07-14 Found nothing

[CPsecure]

2011-07-14 Found nothing

[Quick Heal]

2011-07-14 Found nothing

[Dr.Web]

2011-07-15 Found nothing

[sophos]

2011-07-14 Found nothing

[Emsisoft Anti-Malware]

2011-07-15 Found nothing

[VirusBlokAda VBA32]

2011-07-14 Found nothing

[Frisk F-Prot Antivirus]

2011-07-14 Found nothing

[VirusBuster]

2011-07-14 Found nothing

Link to post
Share on other sites

We need to get a copy of that file

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Collect::
c:\windows\is-3J77F.exe

Folder::
C:\BlueFlare Antivirus

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Upload successful, and here is the new log:

ComboFix 11-07-14.05 - Andrew & Una 07/14/2011 19:13:19.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1445 [GMT -4:00]

Running from: c:\documents and settings\Andrew & Una\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Andrew & Una\Desktop\CFScript.txt

AV: Sunbelt VIPRE *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

file zipped: c:\windows\is-3J77F.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\BlueFlare Antivirus

c:\windows\is-3J77F.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))

.

.

2011-07-10 13:53 . 2011-07-10 13:53 -------- d-----w- c:\documents and settings\Andrew & Una\Local Settings\Application Data\Threat Expert

2011-07-10 13:11 . 2011-07-10 13:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-10 13:10 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-07-10 13:10 . 2011-06-16 04:17 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-07-10 13:10 . 2011-06-16 04:17 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-07-10 13:10 . 2011-06-16 04:17 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-07-10 13:10 . 2011-06-16 04:17 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-07-10 13:10 . 2011-06-16 04:17 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-07-10 13:10 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-07-10 13:10 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-07-09 22:53 . 2011-07-11 00:14 -------- d-----w- c:\program files\PC Tools Security

2011-07-09 22:53 . 2011-07-11 00:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-07-09 22:51 . 2011-07-11 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-07-06 00:19 . 2011-07-06 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-07-06 00:19 . 2011-07-06 00:24 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-30 00:23 . 2011-06-30 00:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-06-29 23:35 . 2011-06-29 23:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-06-29 23:34 . 2011-06-29 23:34 354 ----a-w- C:\fix.reg

2011-06-29 23:02 . 2011-06-29 23:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-06-29 23:02 . 2011-06-29 23:02 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-06-29 09:24 . 2011-06-29 09:24 179 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33448921.bat

2011-06-29 09:24 . 2011-06-29 09:24 177 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33436921.bat

2011-06-29 09:23 . 2011-06-29 09:23 139 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33415171.bat

2011-06-29 09:23 . 2011-06-29 09:23 205 ----a-w- c:\documents and settings\Andrew & Una\Application Data\Microsoft\gb_33394218.bat

2011-06-28 03:36 . 2011-06-28 03:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-06-28 03:17 . 2011-06-28 03:17 -------- d-----w- C:\Adobe

2011-06-28 03:05 . 2011-06-28 03:05 -------- d-----w- C:\$AVG

2011-06-28 03:01 . 2011-06-28 03:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-06-16 07:29 . 2011-07-09 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras

2011-06-16 07:02 . 2011-06-16 07:24 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 01:22 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-29 13:11 . 2010-08-20 22:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2010-08-20 22:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31 . 2007-03-22 04:42 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-06-16 04:17 . 2011-07-10 13:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-07-14_22.51.40 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-14 23:20 . 2011-07-14 23:20 16384 c:\windows\temp\Perflib_Perfdata_1f0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]

"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/20/2010 6:55 PM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/20/2010 6:55 PM 22712]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-14 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: dpw.com\newyork

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\documents and settings\Andrew & Una\Application Data\Mozilla\Firefox\Profiles\7tcgmxqx.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-14 19:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(552)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(612)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(6056)

c:\windows\system32\WININET.dll

c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\stsystra.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Completion time: 2011-07-14 19:25:02 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-14 23:24

ComboFix2.txt 2011-07-14 22:54

ComboFix3.txt 2011-07-14 20:32

ComboFix4.txt 2011-07-14 12:39

.

Pre-Run: 186,341,699,584 bytes free

Post-Run: 186,321,743,872 bytes free

.

- - End Of File - - 65A6078A82C8008BC0C71B7C76262C5B

Upload was successful

Link to post
Share on other sites

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Hm. So far, redirect does not seem to be in effect. I will keep trying -- sometimes it seems to go away for a few minutes (but fingers crossed).

Log below:

2011/07/14 19:42:25.0046 7208 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/14 19:42:25.0593 7208 ================================================================================

2011/07/14 19:42:25.0593 7208 SystemInfo:

2011/07/14 19:42:25.0593 7208

2011/07/14 19:42:25.0593 7208 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/14 19:42:25.0593 7208 Product type: Workstation

2011/07/14 19:42:25.0593 7208 ComputerName: DEAN-209F4BAA0C

2011/07/14 19:42:25.0593 7208 UserName: Andrew & Una

2011/07/14 19:42:25.0593 7208 Windows directory: C:\WINDOWS

2011/07/14 19:42:25.0593 7208 System windows directory: C:\WINDOWS

2011/07/14 19:42:25.0593 7208 Processor architecture: Intel x86

2011/07/14 19:42:25.0593 7208 Number of processors: 2

2011/07/14 19:42:25.0593 7208 Page size: 0x1000

2011/07/14 19:42:25.0593 7208 Boot type: Normal boot

2011/07/14 19:42:25.0593 7208 ================================================================================

2011/07/14 19:42:25.0937 7208 Initialize success

2011/07/14 19:42:32.0421 7392 ================================================================================

2011/07/14 19:42:32.0421 7392 Scan started

2011/07/14 19:42:32.0421 7392 Mode: Manual;

2011/07/14 19:42:32.0421 7392 ================================================================================

2011/07/14 19:42:32.0671 7392 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2011/07/14 19:42:32.0765 7392 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/14 19:42:32.0781 7392 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/14 19:42:32.0843 7392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/14 19:42:32.0875 7392 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/14 19:42:33.0125 7392 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/14 19:42:33.0250 7392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/14 19:42:33.0281 7392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys

2011/07/14 19:42:33.0359 7392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/14 19:42:33.0390 7392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/14 19:42:33.0406 7392 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2011/07/14 19:42:33.0421 7392 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys

2011/07/14 19:42:33.0468 7392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/14 19:42:33.0500 7392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/14 19:42:33.0531 7392 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/14 19:42:33.0609 7392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/14 19:42:33.0687 7392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/14 19:42:33.0718 7392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/14 19:42:33.0750 7392 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

2011/07/14 19:42:34.0000 7392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/14 19:42:34.0062 7392 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/14 19:42:34.0109 7392 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/14 19:42:34.0125 7392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/14 19:42:34.0156 7392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/14 19:42:34.0187 7392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/14 19:42:34.0218 7392 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/07/14 19:42:34.0312 7392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/14 19:42:34.0328 7392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/14 19:42:34.0359 7392 FilterService (bcef16e3aedd1b44bca45f748d975d73) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2011/07/14 19:42:34.0390 7392 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/14 19:42:34.0421 7392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/14 19:42:34.0453 7392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/14 19:42:34.0484 7392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/14 19:42:34.0515 7392 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/14 19:42:34.0562 7392 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/07/14 19:42:34.0609 7392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/14 19:42:34.0687 7392 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/14 19:42:34.0734 7392 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/14 19:42:34.0843 7392 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/14 19:42:34.0953 7392 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

2011/07/14 19:42:35.0000 7392 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/07/14 19:42:35.0046 7392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/14 19:42:35.0109 7392 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/14 19:42:35.0156 7392 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/14 19:42:35.0218 7392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/14 19:42:35.0250 7392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/14 19:42:35.0281 7392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/14 19:42:35.0296 7392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/14 19:42:35.0359 7392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/14 19:42:35.0406 7392 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/14 19:42:35.0453 7392 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/14 19:42:35.0468 7392 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/14 19:42:35.0546 7392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/14 19:42:35.0578 7392 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/14 19:42:35.0687 7392 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys

2011/07/14 19:42:35.0781 7392 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

2011/07/14 19:42:35.0843 7392 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

2011/07/14 19:42:35.0890 7392 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/07/14 19:42:35.0937 7392 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2011/07/14 19:42:36.0093 7392 LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2011/07/14 19:42:36.0156 7392 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys

2011/07/14 19:42:36.0218 7392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/14 19:42:36.0265 7392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/14 19:42:36.0312 7392 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/14 19:42:36.0328 7392 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/14 19:42:36.0343 7392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/14 19:42:36.0390 7392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/14 19:42:36.0406 7392 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/14 19:42:36.0468 7392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/14 19:42:36.0515 7392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/14 19:42:36.0562 7392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/14 19:42:36.0640 7392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/14 19:42:36.0656 7392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/14 19:42:36.0703 7392 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys

2011/07/14 19:42:36.0734 7392 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/14 19:42:36.0765 7392 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/14 19:42:36.0796 7392 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/14 19:42:36.0843 7392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/14 19:42:36.0875 7392 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/14 19:42:36.0906 7392 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/14 19:42:36.0937 7392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/14 19:42:36.0953 7392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/14 19:42:37.0000 7392 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/14 19:42:37.0046 7392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/14 19:42:37.0078 7392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/14 19:42:37.0140 7392 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/14 19:42:37.0171 7392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/14 19:42:37.0203 7392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/14 19:42:37.0250 7392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/14 19:42:37.0375 7392 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/14 19:42:37.0515 7392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/14 19:42:37.0578 7392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/14 19:42:37.0609 7392 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/14 19:42:37.0640 7392 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/07/14 19:42:37.0656 7392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/14 19:42:37.0687 7392 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/14 19:42:37.0750 7392 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/14 19:42:37.0828 7392 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/14 19:42:38.0046 7392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/14 19:42:38.0078 7392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/14 19:42:38.0125 7392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/14 19:42:38.0281 7392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/14 19:42:38.0328 7392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/14 19:42:38.0375 7392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/14 19:42:38.0406 7392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/14 19:42:38.0453 7392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/14 19:42:38.0484 7392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/14 19:42:38.0531 7392 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/14 19:42:38.0593 7392 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/14 19:42:38.0640 7392 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/14 19:42:38.0687 7392 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/07/14 19:42:38.0734 7392 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

2011/07/14 19:42:38.0796 7392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/14 19:42:38.0843 7392 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/07/14 19:42:38.0890 7392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/14 19:42:38.0937 7392 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/14 19:42:38.0968 7392 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/07/14 19:42:39.0015 7392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/14 19:42:39.0031 7392 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/14 19:42:39.0078 7392 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/14 19:42:39.0125 7392 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys

2011/07/14 19:42:39.0156 7392 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/14 19:42:39.0187 7392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/14 19:42:39.0218 7392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/14 19:42:39.0390 7392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/14 19:42:39.0437 7392 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/14 19:42:39.0500 7392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/14 19:42:39.0562 7392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/14 19:42:39.0578 7392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/14 19:42:39.0671 7392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/14 19:42:39.0750 7392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/14 19:42:39.0812 7392 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/14 19:42:39.0859 7392 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/07/14 19:42:39.0906 7392 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2011/07/14 19:42:39.0953 7392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/14 19:42:40.0000 7392 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

2011/07/14 19:42:40.0031 7392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/14 19:42:40.0062 7392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/14 19:42:40.0125 7392 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2011/07/14 19:42:40.0140 7392 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/14 19:42:40.0187 7392 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/14 19:42:40.0203 7392 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/14 19:42:40.0234 7392 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/14 19:42:40.0265 7392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/14 19:42:40.0343 7392 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/14 19:42:40.0390 7392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/14 19:42:40.0468 7392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/14 19:42:40.0546 7392 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/07/14 19:42:40.0609 7392 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/07/14 19:42:40.0687 7392 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/14 19:42:40.0718 7392 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/14 19:42:40.0750 7392 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/14 19:42:40.0781 7392 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/07/14 19:42:40.0781 7392 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/07/14 19:42:40.0781 7392 Boot (0x1200) (f6eff8c1b0745a1c76999355137861be) \Device\Harddisk0\DR0\Partition0

2011/07/14 19:42:40.0781 7392 ================================================================================

2011/07/14 19:42:40.0781 7392 Scan finished

2011/07/14 19:42:40.0781 7392 ================================================================================

2011/07/14 19:42:40.0796 7380 Detected object count: 1

2011/07/14 19:42:40.0796 7380 Actual detected object count: 1

2011/07/14 19:42:53.0421 7380 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/07/14 19:42:53.0421 7380 \Device\Harddisk0\DR0 - ok

2011/07/14 19:42:53.0421 7380 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/14 19:43:29.0640 7204 Deinitialize success

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.