Jump to content

Infected need help PING - Win 7


Recommended Posts

I've got the same thing going on in my Windows 7 PC... Here is my DDS.txt and attach.txt...

Thanks in advance for any help.

Bob

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_18

Run by BobM at 11:38:43 on 2011-10-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.4801 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Windows\SysWOW64\bgsvcgen.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\AsHookDevice.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files (x86)\Monsoon Multimedia\Vulkano\Common\havasvc.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\ASUS\AI Manager\AIManager.exe

C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe

C:\Program Files\ASUS\Six Engine\SixEngine.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\StkCSrv.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files (x86)\SugarSync\SugarSyncManager.exe

C:\Program Files (x86)\Zecter\ZumoCast\ZumoCast.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\PDFCreator\PDFCreator.exe

C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe

C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

C:\Users\BobM\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\mSpot\mSpot\mSpot.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\i-Sound Pro\isound.exe

C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

C:\Zips\Utils\NoteZilla\NoteZilla.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\ASUS\AASP\1.00.97\aaCenter.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\XtreMe PCR\XtreMePCR.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\zabkat\xplorer2\xplorer2_UC.exe

C:\Program Files (x86)\Womble MPEG VCR\mpeg-vcr.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

uInternet Settings,ProxyServer = http=127.0.0.1:52000

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

uRun: [ZumoCast] C:\Program Files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk

uRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [CPU Level Up] "C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe" -r

mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun: [mSpot] C:\Program Files (x86)\mSpot\mSpot\mSpot.exe

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRunOnce: [boot Deleter-456] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Temp\ONLINGO

mRunOnce: [boot Deleter-BE2] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Windows\Temp\hsperfdata_BOBM-PC7$

mRunOnce: [boot Deleter-813] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Windows\Temp\flaB75.tmp

dRun: [Hewlett-Packard Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL",DllRegisterServer

StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\BobM\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\i-Sound.lnk - C:\Program Files (x86)\i-Sound Pro\isound.exe

StartupFolder: C:\Users\BobM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NOTEZI~1.LNK - C:\Zips\Utils\NoteZilla\NoteZilla.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PDFCRE~1.LNK - C:\Program Files (x86)\PDFCreator\PDFCreator.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {09910C34-59D2-4ED7-BFC3-59295B51918D} - hxxps://rview.net/RSupport/common/cab/rsupcomn.cab

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {DE3135A8-D948-49DC-ABBC-B2EFF418E5FD} - hxxp://us1.iradiopop.com/IRD/pages/AIRJ01FPlayer.CAB

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://icsa.intellichief.com/dana-cached/sc/JuniperSetupClient.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 192.168.1.1 71.243.0.12

TCP: Interfaces\{1BEFA9B2-7A4B-43B4-AE15-540EEAA40538} : DhcpNameServer = 192.168.1.1 71.243.0.12

TCP: Interfaces\{59C04FB2-B131-4A3D-B2A9-EB015B280E0D} : DhcpNameServer = 172.16.202.215 172.16.202.215 8.8.8.8

TCP: Interfaces\{B407FF0A-E476-4A1D-81B1-10133238C7FB} : DhcpNameServer = 192.168.1.1 71.243.0.12

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

mRun-x64: [CPU Level Up] "C:\Program Files\ASUS\CPU Level Up\CpuLevelUp.exe" -r

mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun-x64: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun-x64: [mSpot] C:\Program Files (x86)\mSpot\mSpot\mSpot.exe

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRunOnce-x64: [boot Deleter-456] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Temp\ONLINGO

mRunOnce-x64: [boot Deleter-BE2] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Windows\Temp\hsperfdata_BOBM-PC7$

mRunOnce-x64: [boot Deleter-813] C:\Zips\Utils\Boot Deleter\Boot Deleter.exe DELETE C:\Windows\Temp\flaB75.tmp

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IFEO-X64: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\BobM\AppData\Roaming\Mozilla\Firefox\Profiles\umk4zt8h.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=

FF - prefs.js: browser.search.selectedEngine - Yoog Search

FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd87934&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: C:\Users\BobM\AppData\Roaming\Mozilla\Firefox\Profiles\umk4zt8h.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll

FF - component: C:\Users\BobM\AppData\Roaming\Mozilla\Firefox\Profiles\umk4zt8h.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files\DivX\DivX Web Player\npdivx32.dll

FF - plugin: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll

FF - plugin: C:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll

FF - plugin: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

FF - plugin: C:\Users\BobM\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Users\BobM\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: google.toolbar.linkdoctor.enabled - false

FF - user.js: browser.search.defaultenginename - Yoog Search

FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=

FF - user.js: browser.search.selectedEngine - Yoog Search

FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=

FF - user.js: keyword.enabled - true

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 havabus;HAVA Bus Enumerator;C:\Windows\system32\DRIVERS\havabus.sys --> C:\Windows\system32\DRIVERS\havabus.sys [?]

R3 HAVATV;Hava Video Device;C:\Windows\system32\DRIVERS\HAVATV.sys --> C:\Windows\system32\DRIVERS\HAVATV.sys [?]

R3 HavaTV_10;Hava Remote Video Device;C:\Windows\system32\DRIVERS\HavaTV_10.sys --> C:\Windows\system32\DRIVERS\HavaTV_10.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vrvd5;vrvd5;C:\Windows\system32\DRIVERS\vrvd5.sys --> C:\Windows\system32\DRIVERS\vrvd5.sys [?]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 ncplelhp;NCP Secure Client NDIS6 Driver;C:\Windows\system32\DRIVERS\ncplelhp.sys --> C:\Windows\system32\DRIVERS\ncplelhp.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 rt70x64;RT2500 USB Wireless LAN Driver for Vista;C:\Windows\system32\DRIVERS\netr7064.sys --> C:\Windows\system32\DRIVERS\netr7064.sys [?]

S3 StkCMini;iREZ K2r;C:\Windows\system32\Drivers\StkCMini.sys --> C:\Windows\system32\Drivers\StkCMini.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

.

=============== File Associations ===============

.

.txt=UltraEdit.txt

.

=============== Created Last 30 ================

.

2011-10-04 21:41:19 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-10-04 03:43:13 81920 ----a-w- C:\Windows\SysWow64\srrstr.dll

2011-10-04 03:27:52 -------- d-----we C:\Windows\system64

2011-10-04 01:37:19 -------- d-----w- C:\Program Files (x86)\honestech

2011-10-04 01:36:14 -------- d-----w- C:\Program Files (x86)\honestech VHS to DVD 4.0

2011-10-02 18:07:32 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-10-02 18:07:32 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2011-10-02 18:07:31 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-10-02 18:07:31 125912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe

2011-09-30 00:27:54 -------- d-----w- C:\Users\BobM\AppData\Roaming\Foxit Software

2011-09-15 12:33:59 -------- d-----w- C:\Program Files (x86)\Common Files\Monsoon Multimedia

2011-09-11 21:21:11 737280 ----a-w- C:\Windows\iun6002.exe

2011-09-11 21:21:10 -------- d-----w- C:\PC-Checkup

2011-09-11 18:20:39 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2011-09-11 18:19:14 -------- d-----w- C:\ProgramData\Symantec

2011-09-11 18:09:23 -------- d-----w- C:\Users\BobM\AppData\Roaming\Tific

2011-09-11 18:09:23 -------- d-----w- C:\Users\BobM\AppData\Local\Tific

2011-09-11 18:09:17 -------- d-----w- C:\ProgramData\Norton

2011-09-11 18:09:10 -------- d-----w- C:\ProgramData\NortonInstaller

2011-09-11 17:13:54 72536 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll

2011-09-11 17:13:54 108376 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll

2011-09-11 16:44:57 -------- d-----w- C:\Windows\System32\SPReview

2011-09-11 16:44:27 -------- d-----w- C:\Windows\System32\EventProviders

2011-09-11 16:43:30 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2011-09-11 16:24:10 -------- d-----w- C:\Drivers

2011-09-11 16:14:33 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2011-09-11 16:11:22 -------- d-----w- C:\NVIDIA

2011-09-11 15:36:45 -------- d-----w- C:\ProgramData\UAB

2011-09-11 15:36:25 -------- d-----w- C:\Users\BobM\AppData\Local\PC_Drivers_Headquarters

2011-09-11 15:34:45 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters

2011-09-09 01:51:48 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET

2011-09-09 01:51:44 -------- d-----w- C:\Program Files\IIS

2011-09-09 01:51:44 -------- d-----w- C:\Program Files (x86)\IIS

2011-09-09 01:51:25 560320 ----a-w- C:\ProgramData\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll

2011-09-09 01:47:38 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2011-09-09 01:44:53 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2011-09-09 01:38:59 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

2011-09-09 01:38:59 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

2011-09-09 01:36:28 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2011-09-09 01:36:28 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2011-09-09 01:36:10 188128 ----a-w- C:\ProgramData\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2011-09-09 01:35:20 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0

2011-09-09 01:34:39 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0

2011-09-09 01:34:39 -------- d-----w- C:\Program Files\Microsoft Help Viewer

2011-09-06 01:00:26 105824 ----a-w- C:\Windows\System32\SQSRVRES.DLL

.

==================== Find3M ====================

.

2011-09-11 16:53:51 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-09-11 16:53:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-09-11 16:00:32 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-09 03:02:52 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-03 07:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys

2011-08-01 17:47:36 266240 ----a-w- C:\Windows\SysWow64\HavaItf.ax

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-18 17:08:51 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2011-07-18 17:08:51 80768 ----a-w- C:\Windows\System32\LMIinit.dll

2011-07-18 17:08:51 33152 ----a-w- C:\Windows\System32\LMIport.dll

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

.

============= FINISH: 11:42:20.04 ===============

here is the attach.txt file zipped..

thanks again!

Bob

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.