Jump to content

1700117915:1682090650.exe in Windows Task Manager


Recommended Posts

Hi, my laptop is infected with AV Guard Online yesterday. It disables my AVG Anti virus, MBAM and Ad-Aware. It also disabled my internet access. I have deleted the AV Guard Online shortcut from desktop . Atleast I don't see the AV Guard Online icon in my system tray. But it is still present in the computer. I have observed a rogue process 1700117915:1682090650.exe in Windows Task Manager. I could not run MBAM completely as it got crashed by the rogue. My computer becomes unresponsive after 15 minutes of starting up. I have warning signs on wireless connection icon and AVG icon in the task bar.I could only run defogger, DDS and combofix. Please find the attached logs and other stuff below. Please help. Thanks, RJ

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Annu at 23:13:32 on 2011-10-07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1413 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

============== Running Processes ===============

.

D:\PROGRA~1\AVG\AVG10\avgchsvx.exe

D:\PROGRA~1\AVG\AVG10\avgrsx.exe

D:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

D:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

D:\WINDOWS\System32\WLTRYSVC.EXE

D:\WINDOWS\System32\bcmwltry.exe

D:\WINDOWS\1700117915:1682090650.exe

D:\WINDOWS\system32\spoolsv.exe

svchost.exe

D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

D:\Program Files\AVG\AVG10\avgwdsvc.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\Juniper Networks\Common Files\dsNcService.exe

D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

D:\Program Files\Citrix\ICA Client\ssonsvr.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\CyberLink\Shared files\RichVideo.exe

D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\svchost.exe -k imgsvc

D:\WINDOWS\system32\wuauclt.exe

D:\Program Files\AVG\AVG10\avgnsx.exe

D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\QuickSet\quickset.exe

D:\WINDOWS\system32\WLTRAY.exe

D:\WINDOWS\system32\rundll32.exe

D:\WINDOWS\system32\RunDLL32.exe

D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

D:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

D:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

D:\Program Files\AVG\AVG10\avgtray.exe

D:\Program Files\Brother\ControlCenter3\brccMCtl.exe

D:\Program Files\Common Files\Java\Java Update\jusched.exe

D:\Program Files\Brother\Brmfcmon\BrMfimon.exe

D:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

D:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

D:\WINDOWS\system32\ctfmon.exe

D:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:50020

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\program files\avg\avg10\toolbar\IEToolbar.dll

mWinlogon: Userinit=d:\windows\system32\userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - d:\program files\flashget\jccatch.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - d:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - d:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - d:\program files\flashget\getflash.dll

TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - d:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - d:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: @d:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - d:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Messenger (Yahoo!)] "d:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [spybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe

uRun: [Google Update] "d:\documents and settings\annu\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [synTPEnh] d:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [broadcom Wireless Manager UI] d:\windows\system32\WLTRAY.exe

mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [sSBkgdUpdate] "d:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] d:\program files\scansoft\paperport\pptd40nt.exe

mRun: [indexSearch] d:\program files\scansoft\paperport\IndexSearch.exe

mRun: [brMfcWnd] d:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] d:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [P2Go_Menu] "d:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "d:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime

mRun: [AVG_TRAY] d:\program files\avg\avg10\avgtray.exe

mRun: [sunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"

mRun: [MaxMenuMgr] "d:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

IE: &Download All with FlashGet - d:\progra~1\flashget\jc_all.htm

IE: &Download with FlashGet - d:\progra~1\flashget\jc_link.htm

IE: Google Sidewiki... - d:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\program files\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_6/PhotoCenter_ActiveX_Control.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/67.21/uploader2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvnsports.com/vjocx-en-black.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://connect.nielsen.com/dana-cached/setup/JuniperSetupSP1.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{C8B7B14B-CB43-423A-B347-0C660FB9392B} : DhcpNameServer = 10.0.0.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - d:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - d:\documents and settings\annu\application data\mozilla\firefox\profiles\s64eka2w.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc2f856&v=6.103.018.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 4

FF - component: d:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: d:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: d:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: d:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: d:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: d:\documents and settings\annu\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: d:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: d:\program files\google\picasa3\npPicasa3.dll

FF - plugin: d:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: d:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: d:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: d:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: d:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: d:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: d:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll

FF - plugin: d:\program files\tvuplayer\npTVUAx.dll

FF - plugin: d:\windows\system32\tvuax\npTVUAx.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;d:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2010-1-26 64288]

R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;d:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]

R1 CLBStor;InstantBurn Storage Helper Driver;d:\windows\system32\drivers\CLBStor.sys [2010-6-25 15784]

R2 avgwd;AVG WatchDog;d:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;d:\windows\system32\drivers\CLBUDF.sys [2010-6-25 162344]

R2 FreeAgentGoNext Service;Seagate Service;d:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]

R3 ArcCD;ArcCD Filter Driver Service;d:\windows\system32\drivers\ArcCD.sys [2011-7-17 36224]

R3 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]

R3 AVGIDSFilter;AVGIDSFilter;d:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]

R3 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]

S2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]

S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2010-1-19 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 2152152]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;d:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 947528]

S3 gupdatem;Google Update Service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2010-1-19 135664]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-13 15232]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;d:\windows\system32\drivers\rtl8192su.sys --> d:\windows\system32\drivers\RTL8192su.sys [?]

S4 ArcUdfs;ArcUdfs FileSystem Driver Service;d:\windows\system32\drivers\ArcUdfs.sys [2011-7-17 134912]

.

=============== Created Last 30 ================

.

2011-10-07 22:15:38 22216 ----a-w- d:\windows\system32\drivers\mbam.sys

2011-10-07 22:15:38 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2011-10-07 21:05:00 41272 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2011-10-07 06:44:00 -------- d-----w- D:\TDSSKiller_Quarantine

2011-10-06 04:24:57 -------- d-----w- d:\documents and settings\annu\application data\EuuucSS2ib

2011-10-06 04:23:56 -------- d-----w- d:\documents and settings\annu\application data\zdWWK88fR9

2011-10-06 04:23:56 -------- d-----w- d:\documents and settings\annu\application data\JhTTXwwjUVeIBzP

2011-10-06 01:57:39 -------- d-----w- d:\documents and settings\annu\application data\TnF4pmm5s

2011-10-06 01:57:39 -------- d-----w- d:\documents and settings\annu\application data\FUUCBzNyyA1u

2011-10-06 01:42:58 -------- d-----w- d:\documents and settings\annu\application data\offfRLL9hTXjUel

2011-10-06 01:42:58 -------- d-----w- d:\documents and settings\annu\application data\FBrrzzPNycA1vDo

2011-10-05 23:52:39 -------- d-----w- d:\documents and settings\annu\application data\FiiibD33on4aQ6W

2011-10-05 23:52:39 -------- d-----w- d:\documents and settings\annu\application data\AOOBBtxxP0cS

2011-10-05 18:54:58 -------- d-----w- d:\documents and settings\annu\application data\zzzPPNycA1uv2oF

2011-10-05 18:54:58 -------- d-----w- d:\documents and settings\annu\application data\BppmmH5sWJ

2011-10-05 17:45:41 -------- d-----w- d:\documents and settings\annu\application data\iK88ffRL9hTXj

2011-10-05 17:45:41 -------- d-----w- d:\documents and settings\annu\application data\HCCCellIBtzNyA1

2011-10-05 17:45:30 -------- d-----w- d:\documents and settings\annu\application data\h5aaQQJ6dWK8

2011-10-01 20:30:33 -------- d-----w- d:\program files\DVDFab 8 Qt

2011-09-27 20:05:11 65536 ------w- d:\windows\system32\ReSize32.ocx

2011-09-27 20:05:11 540672 ------w- d:\windows\system32\Tx32.dll

2011-09-27 20:05:11 53248 ------w- d:\windows\system32\wndtls32.dll

2011-09-27 20:05:11 344064 ------w- d:\windows\system32\Tx4ole.ocx

2011-09-27 20:05:11 327680 ------w- d:\windows\system32\txobj32.dll

2011-09-27 20:05:11 159744 ------w- d:\windows\system32\tx_rtf32.dll

2011-09-27 20:05:11 114688 ------w- d:\windows\system32\txtls32.dll

2011-09-27 20:05:10 89600 ------w- d:\windows\system32\GRID32.OCX

2011-09-27 20:05:10 45056 ------w- d:\windows\system32\MPlay.ocx

2011-09-27 20:05:10 102400 ------w- d:\windows\system32\ic32.dll

2011-09-27 20:05:05 -------- d-----w- d:\documents and settings\annu\application data\M-HTOEFL

2011-09-27 20:05:04 -------- d-----w- d:\program files\TOEFL Official Guide

2011-09-23 06:37:10 -------- d-----w- d:\program files\ETS

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- d:\windows\system32\crypt32.dll

2011-07-15 13:29:31 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 23:14:04.65 ===============

Attach.rar

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Hi, as I did not see an reply, I ran ComboFix on my own (followed the link from bleeping computer to remove AV Guard Online virus) and I have pasted the log below. The combofix seems to have removed the process 1700117915:1682090650.exe from my task manager, but it messed up my internet drivers. I am not able to change Windows Firewall settings or connect to internet. I have uninstalled AVG Anti Virus and Ad-Aware as they became useless with yellow "!" icons on them. Now my MBAM is not getting changed by the virus and i can run it. Please let me know if we can fix my computer now without formatting it. In the worst case I will go for formatting as I have a lot of stuff that I need to backup in case of format. Please help me in getting my Internet connection back and get rid of this rogue infection.Thanks.

ComboFix.txt

ComboFix 11-10-05.02 - Annu 10/08/2011 2:02.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1530 [GMT -7:00]

Running from: d:\documents and settings\Annu\Desktop\jrk1234.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

* Created a new restore point

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\AUTORUN.INF

d:\documents and settings\Annu\Application Data\92A2.E2F

d:\program files\google\common\google updater\googleupdaterservice.exe

d:\windows\$NtUninstallKB12583$\2612876645\@

d:\windows\$NtUninstallKB12583$\2612876645\bckfg.tmp

d:\windows\$NtUninstallKB12583$\2612876645\cfg.ini

d:\windows\$NtUninstallKB12583$\2612876645\Desktop.ini

d:\windows\$NtUninstallKB12583$\2612876645\keywords

d:\windows\$NtUninstallKB12583$\2612876645\kwrd.dll

d:\windows\$NtUninstallKB12583$\2612876645\L\ujarakmy

d:\windows\$NtUninstallKB12583$\2612876645\lsflt7.ver

d:\windows\$NtUninstallKB12583$\2612876645\U\00000001.@

d:\windows\$NtUninstallKB12583$\2612876645\U\00000002.@

d:\windows\$NtUninstallKB12583$\2612876645\U\80000000.@

d:\windows\$NtUninstallKB12583$\2612876645\U\80000032.@

d:\windows\$NtUninstallKB12583$\827047256

d:\windows\system32\d3d9caps.dat

d:\windows\system32\Nagasoft

d:\windows\system32\Nagasoft\Codecs\asyncflt.ax

d:\windows\system32\Nagasoft\Codecs\atrc.dll

d:\windows\system32\Nagasoft\Codecs\cook.dll

d:\windows\system32\Nagasoft\Codecs\drvc.dll

d:\windows\system32\Nagasoft\Codecs\raac.dll

d:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax

d:\windows\system32\Nagasoft\Codecs\WMFDemux.dll

d:\windows\system32\Nagasoft\GifShower.dll

d:\windows\system32\Nagasoft\vjocx.dll

d:\windows\$NtUninstallKB12583$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_9bbd5565

-------\Legacy_vvdsvc

-------\Legacy_vvdsvc

-------\Service_vvdsvc

-------\Service_vvdsvc

.

.

((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))

.

.

2011-10-08 08:41 . 2011-09-01 00:00 22216 ----a-w- d:\windows\system32\drivers\mbam.sys

2011-10-07 22:15 . 2011-10-08 09:01 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2011-10-07 21:05 . 2011-10-08 08:45 41272 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2011-10-07 06:44 . 2011-10-07 06:44 -------- d-----w- D:\TDSSKiller_Quarantine

2011-10-06 05:15 . 2011-10-06 05:15 -------- d-sh--w- d:\documents and settings\Administrator.PROFESSIONAL\IECompatCache

2011-10-06 04:24 . 2011-10-06 04:24 -------- d-----w- d:\documents and settings\Annu\Application Data\EuuucSS2ib

2011-10-06 04:23 . 2011-10-06 04:23 -------- d-----w- d:\documents and settings\Annu\Application Data\zdWWK88fR9

2011-10-06 04:23 . 2011-10-06 04:23 -------- d-----w- d:\documents and settings\Annu\Application Data\JhTTXwwjUVeIBzP

2011-10-06 01:57 . 2011-10-06 01:57 -------- d-----w- d:\documents and settings\Annu\Application Data\TnF4pmm5s

2011-10-06 01:57 . 2011-10-06 01:57 -------- d-----w- d:\documents and settings\Annu\Application Data\FUUCBzNyyA1u

2011-10-06 01:42 . 2011-10-06 01:42 -------- d-----w- d:\documents and settings\Annu\Application Data\offfRLL9hTXjUel

2011-10-06 01:42 . 2011-10-06 01:42 -------- d-----w- d:\documents and settings\Annu\Application Data\FBrrzzPNycA1vDo

2011-10-05 23:52 . 2011-10-05 23:52 -------- d-----w- d:\documents and settings\Annu\Application Data\FiiibD33on4aQ6W

2011-10-05 23:52 . 2011-10-05 23:52 -------- d-----w- d:\documents and settings\Annu\Application Data\AOOBBtxxP0cS

2011-10-05 18:54 . 2011-10-05 18:54 -------- d-----w- d:\documents and settings\Annu\Application Data\zzzPPNycA1uv2oF

2011-10-05 18:54 . 2011-10-05 18:54 -------- d-----w- d:\documents and settings\Annu\Application Data\BppmmH5sWJ

2011-10-05 17:45 . 2011-10-05 17:45 -------- d-----w- d:\documents and settings\Annu\Application Data\iK88ffRL9hTXj

2011-10-05 17:45 . 2011-10-05 17:45 -------- d-----w- d:\documents and settings\Annu\Application Data\HCCCellIBtzNyA1

2011-10-05 17:45 . 2011-10-05 17:45 -------- d-----w- d:\documents and settings\Annu\Application Data\h5aaQQJ6dWK8

2011-10-01 23:19 . 2011-10-01 23:19 -------- d-----w- d:\documents and settings\Annu\Application Data\ImgBurn

2011-10-01 23:11 . 2011-10-01 23:11 -------- d-----w- d:\program files\ImgBurn

2011-10-01 20:30 . 2011-10-01 20:31 -------- d-----w- d:\program files\DVDFab 8 Qt

2011-09-27 20:05 . 2004-06-02 16:13 540672 ------w- d:\windows\system32\Tx32.dll

2011-09-27 20:05 . 2004-05-27 09:23 159744 ------w- d:\windows\system32\tx_rtf32.dll

2011-09-27 20:05 . 2003-07-18 07:51 344064 ------w- d:\windows\system32\Tx4ole.ocx

2011-09-27 20:05 . 2003-04-15 08:12 114688 ------w- d:\windows\system32\txtls32.dll

2011-09-27 20:05 . 2003-04-08 07:41 53248 ------w- d:\windows\system32\wndtls32.dll

2011-09-27 20:05 . 2003-02-02 09:01 65536 ------w- d:\windows\system32\ReSize32.ocx

2011-09-27 20:05 . 2002-01-23 07:14 327680 ------w- d:\windows\system32\txobj32.dll

2011-09-27 20:05 . 2006-10-24 15:21 45056 ------w- d:\windows\system32\MPlay.ocx

2011-09-27 20:05 . 2003-04-16 09:02 102400 ------w- d:\windows\system32\ic32.dll

2011-09-27 20:05 . 2002-01-16 14:41 89600 ------w- d:\windows\system32\GRID32.OCX

2011-09-27 20:05 . 2011-09-27 20:05 -------- d-----w- d:\documents and settings\Annu\Application Data\M-HTOEFL

2011-09-27 20:05 . 2011-09-27 20:05 -------- d-----w- d:\program files\TOEFL Official Guide

2011-09-23 06:37 . 2011-09-23 06:37 -------- d-----w- d:\program files\ETS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2004-08-12 13:18 599040 ----a-w- d:\windows\system32\crypt32.dll

2011-07-15 13:29 . 2004-08-12 13:22 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys

2008-08-16 23:42 . 2008-08-16 23:42 13112 ----a-w- d:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 23:42 . 2008-08-16 23:42 70456 ----a-w- d:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 23:42 . 2008-08-16 23:42 91448 ----a-w- d:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 23:42 . 2008-08-16 23:42 20800 ----a-w- d:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 23:43 . 2008-08-16 23:43 206136 ----a-w- d:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 23:42 . 2008-08-16 23:42 31032 ----a-w- d:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 23:42 . 2008-08-16 23:42 40248 ----a-w- d:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 14:41 . 2008-05-21 14:41 479232 ----a-w- d:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 14:41 . 2008-05-21 14:41 548864 ----a-w- d:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 14:41 . 2008-05-21 14:41 626688 ----a-w- d:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 19:58 . 2008-06-05 19:58 648504 ----a-w- d:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 23:42 . 2008-08-16 23:42 23864 ----a-w- d:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-07-18 01:30 . 2011-06-18 02:44 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-03-18 15:11 2471240 ----a-w- d:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="d:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]

"Broadcom Wireless Manager UI"="d:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]

"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-06-06 8429568]

"nwiz"="nwiz.exe" [2007-06-06 1626112]

"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]

"NvMediaCenter"="NvMCTray.dll" [2007-06-06 81920]

"SigmatelSysTrayApp"="d:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"SSBkgdUpdate"="d:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="d:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]

"IndexSearch"="d:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

"BrMfcWnd"="d:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]

"ControlCenter3"="d:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"P2Go_Menu"="d:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-03-19 421888]

"AVG_TRAY"="d:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"MaxMenuMgr"="d:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0d:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0d:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-10-28 02:17 207424 ----a-w- d:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor]

2010-12-16 01:03 80448 ----a-w- d:\program files\Kodak\MediaImpression\ArcMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]

2010-03-24 22:26 243544 ----a-w- d:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

2010-06-04 15:10 822384 ----a-w- d:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-06-01 04:52 136176 ----atw- d:\documents and settings\Annu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 21:33 141624 ----a-w- d:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-11-11 23:43 288088 ----a-w- d:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-01-20 03:25 39408 ----a-w- d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]

2011-01-17 19:41 8192 ----a-w- d:\program files\XviD\CheckUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"YahooAUService"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"SSDPSRV"=3 (0x3)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Skype"="d:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"PDVD8LanguageShortcut"="d:\program files\CyberLink\PowerDVD8\Language\Language.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"d:\\Program Files\\FlashGet\\flashget.exe"=

"d:\\Program Files\\BitTorrent\\bittorrent.exe"=

"d:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=

"d:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"d:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"d:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"d:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"d:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"d:\\Program Files\\RNX-N150UBE\\11n USB Wireless LAN Utility\\RtWLan.exe"=

"d:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=

"d:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"d:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"d:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot

"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot

"53:UDP"= 53:UDP:Realtek AP UDP Prot

.

R0 AVGIDSEH;AVGIDSEH;d:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 2:27 PM 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [9/7/2010 1:48 AM 32592]

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [1/26/2010 1:10 PM 64288]

R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [9/7/2010 1:48 AM 248656]

R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [9/7/2010 1:49 AM 297168]

R1 CLBStor;InstantBurn Storage Helper Driver;d:\windows\system32\drivers\CLBStor.sys [6/25/2010 5:14 PM 15784]

R2 avgwd;AVG WatchDog;d:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;d:\windows\system32\drivers\CLBUDF.sys [6/25/2010 5:14 PM 162344]

R2 FreeAgentGoNext Service;Seagate Service;d:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]

R3 ArcCD;ArcCD Filter Driver Service;d:\windows\system32\drivers\ArcCD.sys [7/17/2011 12:17 AM 36224]

R3 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 7:42 PM 134480]

R3 AVGIDSFilter;AVGIDSFilter;d:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 7:42 PM 24144]

R3 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 7:42 PM 27216]

S2 AVGIDSAgent;AVGIDSAgent;d:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560]

S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [1/19/2010 8:25 PM 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 10:28 AM 2152152]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;d:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 12:12 PM 947528]

S3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [1/19/2010 8:25 PM 135664]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/13/2010 12:19 PM 15232]

S3 pcouffin;VSO Software pcouffin;d:\windows\system32\drivers\pcouffin.sys [5/1/2010 10:37 AM 47360]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;d:\windows\system32\DRIVERS\RTL8192su.sys --> d:\windows\system32\DRIVERS\RTL8192su.sys [?]

S4 ArcUdfs;ArcUdfs FileSystem Driver Service;d:\windows\system32\drivers\ArcUdfs.sys [7/17/2011 12:17 AM 134912]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - ArcRec

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-07 d:\windows\Tasks\Ad-Aware Update (Weekly).job

- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 07:40]

.

2011-10-08 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 03:25]

.

2011-10-08 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 03:25]

.

2011-10-04 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-362288127-725345543-1003Core.job

- d:\documents and settings\Annu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 04:52]

.

2011-10-08 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-362288127-725345543-1003UA.job

- d:\documents and settings\Annu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 04:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:50020

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download All with FlashGet - d:\progra~1\FlashGet\jc_all.htm

IE: &Download with FlashGet - d:\progra~1\FlashGet\jc_link.htm

IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - d:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_6/PhotoCenter_ActiveX_Control.cab

FF - ProfilePath - d:\documents and settings\Annu\Application Data\Mozilla\Firefox\Profiles\s64eka2w.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc2f856&v=6.103.018.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 4

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-04842463.sys

SafeBoot-37179659.sys

MSConfigStartUp-VzzPP0ycA1iv8234A - d:\windows\system32\lRRZZ9hTTwjUVlB.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-08 02:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1140)

d:\windows\System32\BCMLogon.dll

d:\program files\Citrix\ICA Client\pnsson.dll

.

- - - - - - - > 'explorer.exe'(3660)

d:\windows\system32\WININET.dll

d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

d:\windows\system32\ieframe.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\WPDShServiceObj.dll

d:\program files\WinSCP\DragExt.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

d:\progra~1\AVG\AVG10\avgchsvx.exe

d:\progra~1\AVG\AVG10\avgrsx.exe

d:\windows\System32\WLTRYSVC.EXE

d:\windows\System32\bcmwltry.exe

d:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

d:\program files\Juniper Networks\Common Files\dsNcService.exe

d:\program files\Java\jre6\bin\jqs.exe

d:\windows\system32\nvsvc32.exe

d:\program files\CyberLink\Shared files\RichVideo.exe

d:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

d:\program files\Citrix\ICA Client\ssonsvr.exe

d:\program files\AVG\AVG10\avgnsx.exe

d:\windows\system32\rundll32.exe

d:\windows\system32\RunDLL32.exe

d:\program files\Brother\ControlCenter3\brccMCtl.exe

d:\program files\Brother\Brmfcmon\BrMfimon.exe

d:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

d:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe

d:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-10-08 02:20:41 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-08 09:20

.

Pre-Run: 8,550,023,168 bytes free

Post-Run: 9,023,488,000 bytes free

.

- - End Of File - - E28D5F169263DE82585332C2703E2556

Link to post
Share on other sites

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Hi I have run the GooredFix and TDSSKiller and TDSSKiller log file is pasted below. I don't see any suspicious processes or AV Guard Online in the computer. But as I mentioned earlier, I have uninstalled AVG Anti virus and Ad-Aware along with Ad-Watch. So, my computer doesn't have any protection against threats. Also, my internet connection is hit by some registry change during ComboFix execution (this is my guess). I am not able to start Windows Firewall either from Control panel or from Admin tools/services. When I try to enable windows firewall the message shows as "Windows cannot start the windows Firewall/Internet Connection Sharing (ICS) service.". Do you think the computer is still infected and compromised? Can we do anything to get the NIC/ Internet working? Thanks.

22:04:37.0062 3072 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06

22:04:39.0062 3072 ============================================================

22:04:39.0062 3072 Current date / time: 2011/10/11 22:04:39.0062

22:04:39.0062 3072 SystemInfo:

22:04:39.0062 3072

22:04:39.0062 3072 OS Version: 5.1.2600 ServicePack: 3.0

22:04:39.0062 3072 Product type: Workstation

22:04:39.0062 3072 ComputerName: HOME

22:04:39.0062 3072 UserName: Ann

22:04:39.0062 3072 Windows directory: D:\WINDOWS

22:04:39.0062 3072 System windows directory: D:\WINDOWS

22:04:39.0062 3072 Processor architecture: Intel x86

22:04:39.0062 3072 Number of processors: 2

22:04:39.0062 3072 Page size: 0x1000

22:04:39.0062 3072 Boot type: Normal boot

22:04:39.0062 3072 ============================================================

22:04:40.0390 3072 Initialize success

22:04:45.0625 3092 ============================================================

22:04:45.0625 3092 Scan started

22:04:45.0625 3092 Mode: Manual;

22:04:45.0625 3092 ============================================================

22:04:46.0437 3092 Abiosdsk - ok

22:04:46.0468 3092 abp480n5 - ok

22:04:46.0531 3092 ACPI (8fd99680a539792a30e97944fdaecf17) D:\WINDOWS\system32\DRIVERS\ACPI.sys

22:04:46.0531 3092 ACPI - ok

22:04:46.0593 3092 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys

22:04:46.0593 3092 ACPIEC - ok

22:04:46.0625 3092 adpu160m - ok

22:04:46.0656 3092 aec (8bed39e3c35d6a489438b8141717a557) D:\WINDOWS\system32\drivers\aec.sys

22:04:46.0671 3092 aec - ok

22:04:46.0750 3092 AegisP (023867b6606fbabcdd52e089c4a507da) D:\WINDOWS\system32\DRIVERS\AegisP.sys

22:04:46.0750 3092 AegisP - ok

22:04:46.0828 3092 Afc (fe3ea6e9afc1a78e6edca121e006afb7) D:\WINDOWS\system32\drivers\Afc.sys

22:04:46.0828 3092 Afc - ok

22:04:46.0890 3092 AFD (1f2e3de34048040145659309bdbafa01) D:\WINDOWS\System32\drivers\afd.sys

22:04:46.0890 3092 AFD - ok

22:04:46.0906 3092 Aha154x - ok

22:04:46.0921 3092 aic78u2 - ok

22:04:46.0937 3092 aic78xx - ok

22:04:46.0953 3092 AliIde - ok

22:04:46.0968 3092 amsint - ok

22:04:47.0015 3092 ArcCD (a82f1a1b09593c73efd02a59dc94920c) D:\WINDOWS\system32\drivers\ArcCD.sys

22:04:47.0015 3092 ArcCD - ok

22:04:47.0031 3092 ArcRec (1af9061b61741a912368ab4dc309d25e) D:\WINDOWS\system32\drivers\ArcRec.sys

22:04:47.0031 3092 ArcRec - ok

22:04:47.0062 3092 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) D:\WINDOWS\system32\drivers\ArcUdfs.sys

22:04:47.0062 3092 ArcUdfs - ok

22:04:47.0093 3092 Arp1394 (b5b8a80875c1dededa8b02765642c32f) D:\WINDOWS\system32\DRIVERS\arp1394.sys

22:04:47.0093 3092 Arp1394 - ok

22:04:47.0171 3092 asc - ok

22:04:47.0187 3092 asc3350p - ok

22:04:47.0218 3092 asc3550 - ok

22:04:47.0265 3092 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:04:47.0265 3092 AsyncMac - ok

22:04:47.0281 3092 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\WINDOWS\system32\DRIVERS\atapi.sys

22:04:47.0281 3092 atapi - ok

22:04:47.0296 3092 Atdisk - ok

22:04:47.0312 3092 Atmarpc (9916c1225104ba14794209cfa8012159) D:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:04:47.0312 3092 Atmarpc - ok

22:04:47.0343 3092 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys

22:04:47.0343 3092 audstub - ok

22:04:47.0421 3092 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) D:\WINDOWS\system32\DRIVERS\bcmwl5.sys

22:04:47.0453 3092 BCM43XX - ok

22:04:47.0515 3092 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) D:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

22:04:47.0515 3092 bcm4sbxp - ok

22:04:47.0562 3092 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys

22:04:47.0562 3092 Beep - ok

22:04:47.0625 3092 CA561 (50ded7c73e0fb40693edab8cad7c46e7) D:\WINDOWS\system32\Drivers\SPCA561.SYS

22:04:47.0625 3092 CA561 - ok

22:04:47.0640 3092 catchme - ok

22:04:47.0718 3092 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys

22:04:47.0718 3092 cbidf2k - ok

22:04:47.0750 3092 CCDECODE (0be5aef125be881c4f854c554f2b025c) D:\WINDOWS\system32\DRIVERS\CCDECODE.sys

22:04:47.0765 3092 CCDECODE - ok

22:04:47.0781 3092 cd20xrnt - ok

22:04:47.0859 3092 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys

22:04:47.0859 3092 Cdaudio - ok

22:04:47.0937 3092 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\WINDOWS\system32\drivers\Cdfs.sys

22:04:47.0937 3092 Cdfs - ok

22:04:47.0968 3092 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\WINDOWS\system32\DRIVERS\cdrom.sys

22:04:47.0968 3092 Cdrom - ok

22:04:48.0000 3092 Changer - ok

22:04:48.0062 3092 CLBStor (eae645ef188964355fc03167a05177f3) D:\WINDOWS\system32\drivers\CLBStor.sys

22:04:48.0062 3092 CLBStor - ok

22:04:48.0078 3092 CLBUDF (ff88c416df8457174f3a04b07457ea0d) D:\WINDOWS\system32\drivers\CLBUDF.sys

22:04:48.0078 3092 CLBUDF - ok

22:04:48.0140 3092 CmBatt (0f6c187d38d98f8df904589a5f94d411) D:\WINDOWS\system32\DRIVERS\CmBatt.sys

22:04:48.0140 3092 CmBatt - ok

22:04:48.0140 3092 CmdIde - ok

22:04:48.0187 3092 Compbatt (6e4c9f21f0fae8940661144f41b13203) D:\WINDOWS\system32\DRIVERS\compbatt.sys

22:04:48.0187 3092 Compbatt - ok

22:04:48.0203 3092 Cpqarray - ok

22:04:48.0218 3092 dac2w2k - ok

22:04:48.0234 3092 dac960nt - ok

22:04:48.0250 3092 Disk (044452051f3e02e7963599fc8f4f3e25) D:\WINDOWS\system32\DRIVERS\disk.sys

22:04:48.0250 3092 Disk - ok

22:04:48.0328 3092 dmboot (d992fe1274bde0f84ad826acae022a41) D:\WINDOWS\system32\drivers\dmboot.sys

22:04:48.0375 3092 dmboot - ok

22:04:48.0406 3092 dmio (7c824cf7bbde77d95c08005717a95f6f) D:\WINDOWS\system32\drivers\dmio.sys

22:04:48.0421 3092 dmio - ok

22:04:48.0421 3092 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys

22:04:48.0437 3092 dmload - ok

22:04:48.0453 3092 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\WINDOWS\system32\drivers\DMusic.sys

22:04:48.0453 3092 DMusic - ok

22:04:48.0484 3092 dpti2o - ok

22:04:48.0500 3092 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\WINDOWS\system32\drivers\drmkaud.sys

22:04:48.0500 3092 drmkaud - ok

22:04:48.0531 3092 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) D:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys

22:04:48.0531 3092 dsNcAdpt - ok

22:04:48.0578 3092 Fastfat (38d332a6d56af32635675f132548343e) D:\WINDOWS\system32\drivers\Fastfat.sys

22:04:48.0593 3092 Fastfat - ok

22:04:48.0625 3092 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\WINDOWS\system32\drivers\Fdc.sys

22:04:48.0625 3092 Fdc - ok

22:04:48.0656 3092 Fips (d45926117eb9fa946a6af572fbe1caa3) D:\WINDOWS\system32\drivers\Fips.sys

22:04:48.0656 3092 Fips - ok

22:04:48.0734 3092 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\WINDOWS\system32\drivers\Flpydisk.sys

22:04:48.0734 3092 Flpydisk - ok

22:04:48.0796 3092 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\WINDOWS\system32\drivers\fltmgr.sys

22:04:48.0796 3092 FltMgr - ok

22:04:48.0859 3092 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys

22:04:48.0859 3092 Fs_Rec - ok

22:04:48.0890 3092 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:04:48.0906 3092 Ftdisk - ok

22:04:48.0953 3092 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

22:04:48.0953 3092 GEARAspiWDM - ok

22:04:48.0984 3092 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\WINDOWS\system32\DRIVERS\msgpc.sys

22:04:48.0984 3092 Gpc - ok

22:04:49.0015 3092 HDAudBus (573c7d0a32852b48f3058cfd8026f511) D:\WINDOWS\system32\DRIVERS\HDAudBus.sys

22:04:49.0015 3092 HDAudBus - ok

22:04:49.0062 3092 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) D:\WINDOWS\system32\DRIVERS\hidusb.sys

22:04:49.0062 3092 HidUsb - ok

22:04:49.0078 3092 hpn - ok

22:04:49.0140 3092 HSFHWAZL (b1526810210980bed9d22315946c919d) D:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

22:04:49.0140 3092 HSFHWAZL - ok

22:04:49.0218 3092 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) D:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

22:04:49.0265 3092 HSF_DPV - ok

22:04:49.0328 3092 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\WINDOWS\system32\Drivers\HTTP.sys

22:04:49.0343 3092 HTTP - ok

22:04:49.0359 3092 i2omgmt - ok

22:04:49.0375 3092 i2omp - ok

22:04:49.0421 3092 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) D:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:04:49.0421 3092 i8042prt - ok

22:04:49.0453 3092 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\WINDOWS\system32\DRIVERS\imapi.sys

22:04:49.0453 3092 Imapi - ok

22:04:49.0484 3092 ini910u - ok

22:04:49.0484 3092 IntelIde - ok

22:04:49.0515 3092 intelppm (8c953733d8f36eb2133f5bb58808b66b) D:\WINDOWS\system32\DRIVERS\intelppm.sys

22:04:49.0515 3092 intelppm - ok

22:04:49.0562 3092 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\WINDOWS\system32\drivers\ip6fw.sys

22:04:49.0562 3092 Ip6Fw - ok

22:04:49.0625 3092 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:04:49.0625 3092 IpFilterDriver - ok

22:04:49.0671 3092 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\WINDOWS\system32\DRIVERS\ipinip.sys

22:04:49.0671 3092 IpInIp - ok

22:04:49.0765 3092 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\WINDOWS\system32\DRIVERS\ipnat.sys

22:04:49.0765 3092 IpNat - ok

22:04:49.0812 3092 IPSec (23c74d75e36e7158768dd63d92789a91) D:\WINDOWS\system32\DRIVERS\ipsec.sys

22:04:49.0812 3092 IPSec - ok

22:04:49.0859 3092 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\WINDOWS\system32\DRIVERS\irenum.sys

22:04:49.0859 3092 IRENUM - ok

22:04:49.0921 3092 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) D:\WINDOWS\system32\DRIVERS\isapnp.sys

22:04:49.0937 3092 isapnp - ok

22:04:49.0968 3092 Kbdclass (463c1ec80cd17420a542b7f36a36f128) D:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:04:49.0968 3092 Kbdclass - ok

22:04:49.0984 3092 kmixer (692bcf44383d056aed41b045a323d378) D:\WINDOWS\system32\drivers\kmixer.sys

22:04:50.0000 3092 kmixer - ok

22:04:50.0015 3092 KSecDD (b467646c54cc746128904e1654c750c1) D:\WINDOWS\system32\drivers\KSecDD.sys

22:04:50.0015 3092 KSecDD - ok

22:04:50.0078 3092 Lavasoft Kernexplorer - ok

22:04:50.0109 3092 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) D:\WINDOWS\system32\DRIVERS\Lbd.sys

22:04:50.0125 3092 Lbd - ok

22:04:50.0125 3092 lbrtfdc - ok

22:04:50.0203 3092 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

22:04:50.0203 3092 mdmxsdk - ok

22:04:50.0265 3092 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys

22:04:50.0265 3092 mnmdd - ok

22:04:50.0312 3092 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) D:\WINDOWS\system32\drivers\Modem.sys

22:04:50.0312 3092 Modem - ok

22:04:50.0343 3092 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) D:\WINDOWS\system32\DRIVERS\mouclass.sys

22:04:50.0343 3092 Mouclass - ok

22:04:50.0390 3092 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\WINDOWS\system32\drivers\MountMgr.sys

22:04:50.0390 3092 MountMgr - ok

22:04:50.0406 3092 mraid35x - ok

22:04:50.0500 3092 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:04:50.0500 3092 MRxDAV - ok

22:04:50.0593 3092 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:04:50.0609 3092 MRxSmb - ok

22:04:50.0671 3092 Msfs (c941ea2454ba8350021d774daf0f1027) D:\WINDOWS\system32\drivers\Msfs.sys

22:04:50.0671 3092 Msfs - ok

22:04:50.0734 3092 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\WINDOWS\system32\drivers\MSKSSRV.sys

22:04:50.0734 3092 MSKSSRV - ok

22:04:50.0781 3092 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:04:50.0781 3092 MSPCLOCK - ok

22:04:50.0812 3092 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\WINDOWS\system32\drivers\MSPQM.sys

22:04:50.0812 3092 MSPQM - ok

22:04:50.0906 3092 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:04:50.0906 3092 mssmbios - ok

22:04:50.0953 3092 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) D:\WINDOWS\system32\drivers\MSTEE.sys

22:04:50.0953 3092 MSTEE - ok

22:04:51.0000 3092 Mup (de6a75f5c270e756c5508d94b6cf68f5) D:\WINDOWS\system32\drivers\Mup.sys

22:04:51.0000 3092 Mup - ok

22:04:51.0078 3092 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

22:04:51.0078 3092 NABTSFEC - ok

22:04:51.0203 3092 NDIS (1df7f42665c94b825322fae71721130d) D:\WINDOWS\system32\drivers\NDIS.sys

22:04:51.0203 3092 NDIS - ok

22:04:51.0265 3092 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) D:\WINDOWS\system32\DRIVERS\NdisIP.sys

22:04:51.0265 3092 NdisIP - ok

22:04:51.0328 3092 NdisTapi (0109c4f3850dfbab279542515386ae22) D:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:04:51.0328 3092 NdisTapi - ok

22:04:51.0359 3092 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:04:51.0359 3092 Ndisuio - ok

22:04:51.0375 3092 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:04:51.0375 3092 NdisWan - ok

22:04:51.0406 3092 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\WINDOWS\system32\drivers\NDProxy.sys

22:04:51.0406 3092 NDProxy - ok

22:04:51.0421 3092 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\WINDOWS\system32\DRIVERS\netbios.sys

22:04:51.0421 3092 NetBIOS - ok

22:04:51.0453 3092 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\WINDOWS\system32\DRIVERS\netbt.sys

22:04:51.0453 3092 NetBT - ok

22:04:51.0515 3092 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) D:\WINDOWS\system32\DRIVERS\nic1394.sys

22:04:51.0515 3092 NIC1394 - ok

22:04:51.0593 3092 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\WINDOWS\system32\drivers\Npfs.sys

22:04:51.0593 3092 Npfs - ok

22:04:51.0625 3092 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\WINDOWS\system32\drivers\Ntfs.sys

22:04:51.0656 3092 Ntfs - ok

22:04:51.0687 3092 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys

22:04:51.0687 3092 Null - ok

22:04:52.0000 3092 nv (e531eaa795a273fc70c9de3f195069c8) D:\WINDOWS\system32\DRIVERS\nv4_mini.sys

22:04:52.0234 3092 nv - ok

22:04:52.0312 3092 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:04:52.0312 3092 NwlnkFlt - ok

22:04:52.0390 3092 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:04:52.0390 3092 NwlnkFwd - ok

22:04:52.0453 3092 ohci1394 (ca33832df41afb202ee7aeb05145922f) D:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:04:52.0453 3092 ohci1394 - ok

22:04:52.0500 3092 Parport (5575faf8f97ce5e713d108c2a58d7c7c) D:\WINDOWS\system32\drivers\Parport.sys

22:04:52.0500 3092 Parport - ok

22:04:52.0531 3092 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\WINDOWS\system32\drivers\PartMgr.sys

22:04:52.0531 3092 PartMgr - ok

22:04:52.0578 3092 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys

22:04:52.0578 3092 ParVdm - ok

22:04:52.0625 3092 PCI (a219903ccf74233761d92bef471a07b1) D:\WINDOWS\system32\DRIVERS\pci.sys

22:04:52.0625 3092 PCI - ok

22:04:52.0718 3092 PCIDump - ok

22:04:52.0781 3092 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys

22:04:52.0781 3092 PCIIde - ok

22:04:52.0843 3092 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) D:\WINDOWS\system32\drivers\Pcmcia.sys

22:04:52.0843 3092 Pcmcia - ok

22:04:52.0906 3092 pcouffin (5b6c11de7e839c05248ced8825470fef) D:\WINDOWS\system32\Drivers\pcouffin.sys

22:04:52.0906 3092 pcouffin - ok

22:04:52.0921 3092 PDCOMP - ok

22:04:52.0937 3092 PDFRAME - ok

22:04:52.0953 3092 PDRELI - ok

22:04:52.0953 3092 PDRFRAME - ok

22:04:52.0968 3092 perc2 - ok

22:04:52.0984 3092 perc2hib - ok

22:04:53.0031 3092 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\WINDOWS\system32\DRIVERS\raspptp.sys

22:04:53.0031 3092 PptpMiniport - ok

22:04:53.0046 3092 PSched (09298ec810b07e5d582cb3a3f9255424) D:\WINDOWS\system32\DRIVERS\psched.sys

22:04:53.0062 3092 PSched - ok

22:04:53.0078 3092 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys

22:04:53.0078 3092 Ptilink - ok

22:04:53.0125 3092 ql1080 - ok

22:04:53.0125 3092 Ql10wnt - ok

22:04:53.0140 3092 ql12160 - ok

22:04:53.0156 3092 ql1240 - ok

22:04:53.0171 3092 ql1280 - ok

22:04:53.0187 3092 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys

22:04:53.0187 3092 RasAcd - ok

22:04:53.0218 3092 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:04:53.0218 3092 Rasl2tp - ok

22:04:53.0234 3092 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:04:53.0234 3092 RasPppoe - ok

22:04:53.0265 3092 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys

22:04:53.0265 3092 Raspti - ok

22:04:53.0328 3092 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\WINDOWS\system32\DRIVERS\rdbss.sys

22:04:53.0328 3092 Rdbss - ok

22:04:53.0343 3092 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:04:53.0343 3092 RDPCDD - ok

22:04:53.0375 3092 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:04:53.0390 3092 rdpdr - ok

22:04:53.0453 3092 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) D:\WINDOWS\system32\drivers\RDPWD.sys

22:04:53.0453 3092 RDPWD - ok

22:04:53.0484 3092 redbook (f828dd7e1419b6653894a8f97a0094c5) D:\WINDOWS\system32\DRIVERS\redbook.sys

22:04:53.0500 3092 redbook - ok

22:04:53.0546 3092 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) D:\WINDOWS\system32\DRIVERS\rimmptsk.sys

22:04:53.0546 3092 rimmptsk - ok

22:04:53.0609 3092 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) D:\WINDOWS\system32\DRIVERS\rimsptsk.sys

22:04:53.0609 3092 rimsptsk - ok

22:04:53.0625 3092 rismxdp (6c1f93c0760c9f79a1869d07233df39d) D:\WINDOWS\system32\DRIVERS\rixdptsk.sys

22:04:53.0625 3092 rismxdp - ok

22:04:53.0656 3092 RTL8192su - ok

22:04:53.0687 3092 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) D:\WINDOWS\system32\DRIVERS\sdbus.sys

22:04:53.0687 3092 sdbus - ok

22:04:53.0718 3092 Secdrv (90a3935d05b494a5a39d37e71f09a677) D:\WINDOWS\system32\DRIVERS\secdrv.sys

22:04:53.0718 3092 Secdrv - ok

22:04:53.0781 3092 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) D:\WINDOWS\system32\drivers\Serial.sys

22:04:53.0796 3092 Serial - ok

22:04:53.0843 3092 sffdisk (0fa803c64df0914b41f807ea276bf2a6) D:\WINDOWS\system32\DRIVERS\sffdisk.sys

22:04:53.0843 3092 sffdisk - ok

22:04:53.0875 3092 sffp_sd (c17c331e435ed8737525c86a7557b3ac) D:\WINDOWS\system32\DRIVERS\sffp_sd.sys

22:04:53.0875 3092 sffp_sd - ok

22:04:53.0875 3092 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\WINDOWS\system32\drivers\Sfloppy.sys

22:04:53.0890 3092 Sfloppy - ok

22:04:53.0906 3092 Simbad - ok

22:04:53.0937 3092 SLIP (866d538ebe33709a5c9f5c62b73b7d14) D:\WINDOWS\system32\DRIVERS\SLIP.sys

22:04:53.0937 3092 SLIP - ok

22:04:53.0953 3092 Sparrow - ok

22:04:53.0968 3092 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\WINDOWS\system32\drivers\splitter.sys

22:04:53.0968 3092 splitter - ok

22:04:54.0000 3092 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) D:\WINDOWS\system32\DRIVERS\sr.sys

22:04:54.0000 3092 sr - ok

22:04:54.0062 3092 Srv (47ddfc2f003f7f9f0592c6874962a2e7) D:\WINDOWS\system32\DRIVERS\srv.sys

22:04:54.0078 3092 Srv - ok

22:04:54.0203 3092 STHDA (951801dfb54d86f611f0af47825476f9) D:\WINDOWS\system32\drivers\sthda.sys

22:04:54.0218 3092 STHDA - ok

22:04:54.0281 3092 StillCam (a9573045baa16eab9b1085205b82f1ed) D:\WINDOWS\system32\DRIVERS\serscan.sys

22:04:54.0281 3092 StillCam - ok

22:04:54.0312 3092 streamip (77813007ba6265c4b6098187e6ed79d2) D:\WINDOWS\system32\DRIVERS\StreamIP.sys

22:04:54.0312 3092 streamip - ok

22:04:54.0328 3092 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\WINDOWS\system32\DRIVERS\swenum.sys

22:04:54.0328 3092 swenum - ok

22:04:54.0359 3092 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\WINDOWS\system32\drivers\swmidi.sys

22:04:54.0359 3092 swmidi - ok

22:04:54.0390 3092 symc810 - ok

22:04:54.0390 3092 symc8xx - ok

22:04:54.0406 3092 sym_hi - ok

22:04:54.0421 3092 sym_u3 - ok

22:04:54.0484 3092 SynTP (936cd58395d36659bb798b961ef7357f) D:\WINDOWS\system32\DRIVERS\SynTP.sys

22:04:54.0484 3092 SynTP - ok

22:04:54.0531 3092 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\WINDOWS\system32\drivers\sysaudio.sys

22:04:54.0531 3092 sysaudio - ok

22:04:54.0593 3092 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\WINDOWS\system32\DRIVERS\tcpip.sys

22:04:54.0593 3092 Tcpip - ok

22:04:54.0671 3092 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\WINDOWS\system32\drivers\TDPIPE.sys

22:04:54.0671 3092 TDPIPE - ok

22:04:54.0734 3092 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\WINDOWS\system32\drivers\TDTCP.sys

22:04:54.0734 3092 TDTCP - ok

22:04:54.0781 3092 TermDD (88155247177638048422893737429d9e) D:\WINDOWS\system32\DRIVERS\termdd.sys

22:04:54.0781 3092 TermDD - ok

22:04:54.0812 3092 TosIde - ok

22:04:54.0859 3092 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\WINDOWS\system32\drivers\Udfs.sys

22:04:54.0859 3092 Udfs - ok

22:04:54.0890 3092 UIUSys - ok

22:04:54.0937 3092 ultra - ok

22:04:55.0031 3092 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\WINDOWS\system32\DRIVERS\update.sys

22:04:55.0046 3092 Update - ok

22:04:55.0109 3092 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) D:\WINDOWS\system32\Drivers\usbaapl.sys

22:04:55.0125 3092 USBAAPL - ok

22:04:55.0156 3092 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\WINDOWS\system32\DRIVERS\usbehci.sys

22:04:55.0156 3092 usbehci - ok

22:04:55.0203 3092 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\WINDOWS\system32\DRIVERS\usbhub.sys

22:04:55.0218 3092 usbhub - ok

22:04:55.0234 3092 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\WINDOWS\system32\DRIVERS\usbscan.sys

22:04:55.0234 3092 usbscan - ok

22:04:55.0281 3092 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:04:55.0296 3092 USBSTOR - ok

22:04:55.0312 3092 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) D:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:04:55.0312 3092 usbuhci - ok

22:04:55.0343 3092 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\WINDOWS\System32\drivers\vga.sys

22:04:55.0343 3092 VgaSave - ok

22:04:55.0343 3092 ViaIde - ok

22:04:55.0375 3092 VolSnap (4c8fcb5cc53aab716d810740fe59d025) D:\WINDOWS\system32\drivers\VolSnap.sys

22:04:55.0375 3092 VolSnap - ok

22:04:55.0421 3092 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\WINDOWS\system32\DRIVERS\wanarp.sys

22:04:55.0421 3092 Wanarp - ok

22:04:55.0437 3092 WDICA - ok

22:04:55.0468 3092 wdmaud (6768acf64b18196494413695f0c3a00f) D:\WINDOWS\system32\drivers\wdmaud.sys

22:04:55.0468 3092 wdmaud - ok

22:04:55.0562 3092 winachsf (96aff1738271755a39b52eef7e35f98f) D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

22:04:55.0593 3092 winachsf - ok

22:04:55.0671 3092 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) D:\WINDOWS\system32\DRIVERS\wmiacpi.sys

22:04:55.0671 3092 WmiAcpi - ok

22:04:55.0734 3092 WSTCODEC (c98b39829c2bbd34e454150633c62c78) D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

22:04:55.0734 3092 WSTCODEC - ok

22:04:55.0796 3092 WudfPf (f15feafffbb3644ccc80c5da584e6311) D:\WINDOWS\system32\DRIVERS\WudfPf.sys

22:04:55.0796 3092 WudfPf - ok

22:04:55.0859 3092 WudfRd (28b524262bce6de1f7ef9f510ba3985b) D:\WINDOWS\system32\DRIVERS\wudfrd.sys

22:04:55.0875 3092 WudfRd - ok

22:04:55.0921 3092 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

22:04:56.0171 3092 \Device\Harddisk0\DR0 - ok

22:04:56.0171 3092 Boot (0x1200) (b5e0be4cbf460cae7924aff47f5ef075) \Device\Harddisk0\DR0\Partition0

22:04:56.0171 3092 \Device\Harddisk0\DR0\Partition0 - ok

22:04:56.0203 3092 Boot (0x1200) (3e934503eb182425b022c2a42e5e7d66) \Device\Harddisk0\DR0\Partition1

22:04:56.0203 3092 \Device\Harddisk0\DR0\Partition1 - ok

22:04:56.0203 3092 ============================================================

22:04:56.0203 3092 Scan finished

22:04:56.0203 3092 ============================================================

22:04:56.0218 3084 Detected object count: 0

22:04:56.0218 3084 Actual detected object count: 0

22:05:29.0546 3068 Deinitialize success

Link to post
Share on other sites

Do you think the computer is still infected and compromised?
Yes
Can we do anything to get the NIC/ Internet working?
We can try.

Please download, copy to the infected pc, unzip, and run the QueryServices.bat inside the attached zip file and post back the NetworkDetails.txt file (as an attachment) that it will create in the root of the system drive. C:\NetworkDetails.txt

GetNetworkInfo2.zip

Link to post
Share on other sites

Hi Larry, I ran the QueryServices.bat file and attached the log with this reply. I observed that there is this process "svchost.exe -k netsvcs" inside "Windows\System32\" folder. It looks like causing my internet and Windows firewall settings to disrupt. Also, I see that the Windows Firewall is turned ON for a few minutes after restarting the computer and changing back to OFF. I don't see 1700117915:1682090650.exe in my Windows Task Manager anymore. I really appreciate your help. You helped me couple of months back with "Zentom" virus removal from my other computer.

Thanks.

NetworkDetails2.txt

Link to post
Share on other sites

Hi, I ran ComboFix latest file on the infected computer and a quick glance at the log file shows me there is infection from AV Guard Online. Below is the pasted log file. I still do not have AVG or AD-Aware installed and my Windows Firewall is not accessible. I did not try enabling the Internet yet as I donot have any protection. Thanks.

ComboFix.txt

ComboFix 11-10-14.02 - Ann 10/13/2011 23:30:34.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1496 [GMT -7:00]

Running from: d:\documents and settings\Ann\Desktop\ComboFix.exe

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

d:\documents and settings\Ann\Application Data\BppmmH5sWJAV Guard Online.ico

d:\documents and settings\Ann\Application Data\FBrrzzPNycA1vDoAV Guard Online.ico

d:\documents and settings\Ann\Application Data\FiiibD33on4aQ6WAV Guard Online.ico

d:\documents and settings\Ann\Application Data\HCCCellIBtzNyA1AV Guard Online.ico

d:\documents and settings\Ann\Application Data\inst.exe

d:\documents and settings\Ann\Application Data\JhTTXwwjUVeIBzPAV Guard Online.ico

d:\documents and settings\Ann\Application Data\ldr.ini

d:\documents and settings\Ann\Application Data\TnF4pmm5sAV Guard Online.ico

.

.

((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))

.

.

2011-10-07 22:15 . 2011-10-09 03:36 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2011-10-07 06:44 . 2011-10-07 06:44 -------- d-----w- D:\TDSSKiller_Quarantine

2011-10-06 05:15 . 2011-10-06 05:15 -------- d-sh--w- d:\documents and settings\Administrator.PROFESSIONAL\IECompatCache

2011-10-06 04:24 . 2011-10-06 04:24 -------- d-----w- d:\documents and settings\Ann\Application Data\EuuucSS2ib

2011-10-06 04:23 . 2011-10-06 04:23 -------- d-----w- d:\documents and settings\Ann\Application Data\zdWWK88fR9

2011-10-06 04:23 . 2011-10-06 04:23 -------- d-----w- d:\documents and settings\Ann\Application Data\JhTTXwwjUVeIBzP

2011-10-06 01:57 . 2011-10-06 01:57 -------- d-----w- d:\documents and settings\Ann\Application Data\TnF4pmm5s

2011-10-06 01:57 . 2011-10-06 01:57 -------- d-----w- d:\documents and settings\Ann\Application Data\FUUCBzNyyA1u

2011-10-06 01:42 . 2011-10-06 01:42 -------- d-----w- d:\documents and settings\Ann\Application Data\offfRLL9hTXjUel

2011-10-06 01:42 . 2011-10-06 01:42 -------- d-----w- d:\documents and settings\Ann\Application Data\FBrrzzPNycA1vDo

2011-10-05 23:52 . 2011-10-05 23:52 -------- d-----w- d:\documents and settings\Ann\Application Data\FiiibD33on4aQ6W

2011-10-05 23:52 . 2011-10-05 23:52 -------- d-----w- d:\documents and settings\Ann\Application Data\AOOBBtxxP0cS

2011-10-05 18:54 . 2011-10-05 18:54 -------- d-----w- d:\documents and settings\Ann\Application Data\zzzPPNycA1uv2oF

2011-10-05 18:54 . 2011-10-05 18:54 -------- d-----w- d:\documents and settings\Ann\Application Data\BppmmH5sWJ

2011-10-05 17:45 . 2011-10-05 17:45 -------- d-----w- d:\documents and settings\Ann\Application Data\iK88ffRL9hTXj

2011-10-05 17:45 . 2011-10-05 17:45 -------- d-----w- d:\documents and settings\Ann\Application Data\HCCCellIBtzNyA1

2011-10-05 17:45 . 2011-10-05 17:45 -------- d-----w- d:\documents and settings\Ann\Application Data\h5aaQQJ6dWK8

2011-10-01 23:19 . 2011-10-01 23:19 -------- d-----w- d:\documents and settings\Ann\Application Data\ImgBurn

2011-10-01 23:11 . 2011-10-01 23:11 -------- d-----w- d:\program files\ImgBurn

2011-10-01 20:30 . 2011-10-01 20:31 -------- d-----w- d:\program files\DVDFab 8 Qt

2011-09-27 20:05 . 2004-06-02 16:13 540672 ------w- d:\windows\system32\Tx32.dll

2011-09-27 20:05 . 2004-05-27 09:23 159744 ------w- d:\windows\system32\tx_rtf32.dll

2011-09-27 20:05 . 2003-07-18 07:51 344064 ------w- d:\windows\system32\Tx4ole.ocx

2011-09-27 20:05 . 2003-04-15 08:12 114688 ------w- d:\windows\system32\txtls32.dll

2011-09-27 20:05 . 2003-04-08 07:41 53248 ------w- d:\windows\system32\wndtls32.dll

2011-09-27 20:05 . 2003-02-02 09:01 65536 ------w- d:\windows\system32\ReSize32.ocx

2011-09-27 20:05 . 2002-01-23 07:14 327680 ------w- d:\windows\system32\txobj32.dll

2011-09-27 20:05 . 2006-10-24 15:21 45056 ------w- d:\windows\system32\MPlay.ocx

2011-09-27 20:05 . 2003-04-16 09:02 102400 ------w- d:\windows\system32\ic32.dll

2011-09-27 20:05 . 2002-01-16 14:41 89600 ------w- d:\windows\system32\GRID32.OCX

2011-09-27 20:05 . 2011-09-27 20:05 -------- d-----w- d:\documents and settings\Ann\Application Data\M-HTOEFL

2011-09-27 20:05 . 2011-09-27 20:05 -------- d-----w- d:\program files\TOEFL Official Guide

2011-09-23 06:37 . 2011-09-23 06:37 -------- d-----w- d:\program files\ETS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2004-08-12 13:18 599040 ----a-w- d:\windows\system32\crypt32.dll

2008-08-16 23:42 . 2008-08-16 23:42 13112 ----a-w- d:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 23:42 . 2008-08-16 23:42 70456 ----a-w- d:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 23:42 . 2008-08-16 23:42 91448 ----a-w- d:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 23:42 . 2008-08-16 23:42 20800 ----a-w- d:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 23:43 . 2008-08-16 23:43 206136 ----a-w- d:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 23:42 . 2008-08-16 23:42 31032 ----a-w- d:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 23:42 . 2008-08-16 23:42 40248 ----a-w- d:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 14:41 . 2008-05-21 14:41 479232 ----a-w- d:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 14:41 . 2008-05-21 14:41 548864 ----a-w- d:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 14:41 . 2008-05-21 14:41 626688 ----a-w- d:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 19:58 . 2008-06-05 19:58 648504 ----a-w- d:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 23:42 . 2008-08-16 23:42 23864 ----a-w- d:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-07-18 01:30 . 2011-06-18 02:44 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-08_09.15.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-13 23:09 . 2011-10-13 23:09 16384 d:\windows\Temp\Perflib_Perfdata_674.dat

+ 2011-10-09 03:36 . 2011-09-01 00:00 22216 d:\windows\system32\drivers\mbam.sys

- 2011-10-08 08:41 . 2011-09-01 00:00 22216 d:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="d:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]

"Broadcom Wireless Manager UI"="d:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]

"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-06-06 8429568]

"nwiz"="nwiz.exe" [2007-06-06 1626112]

"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]

"NvMediaCenter"="NvMCTray.dll" [2007-06-06 81920]

"SigmatelSysTrayApp"="d:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"SSBkgdUpdate"="d:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="d:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]

"IndexSearch"="d:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

"BrMfcWnd"="d:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]

"ControlCenter3"="d:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"P2Go_Menu"="d:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-03-19 421888]

"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"MaxMenuMgr"="d:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDc5NTc3NjU3LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3LVNQMSsxLVNVUCs0LUZMMTArMS1UVUcrMy1TUDFTNCsxLUREVCs2MzYxMS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzE∏=90&ver=10.0.1410" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-10-28 02:17 207424 ----a-w- d:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor]

2010-12-16 01:03 80448 ----a-w- d:\program files\Kodak\MediaImpression\ArcMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]

2010-03-24 22:26 243544 ----a-w- d:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

2010-06-04 15:10 822384 ----a-w- d:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-06-01 04:52 136176 ----atw- d:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 21:33 141624 ----a-w- d:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-11-11 23:43 288088 ----a-w- d:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-01-20 03:25 39408 ----a-w- d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]

2011-01-17 19:41 8192 ----a-w- d:\program files\XviD\CheckUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"YahooAUService"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"SSDPSRV"=3 (0x3)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Skype"="d:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"PDVD8LanguageShortcut"="d:\program files\CyberLink\PowerDVD8\Language\Language.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [1/26/2010 1:10 PM 64288]

R1 CLBStor;InstantBurn Storage Helper Driver;d:\windows\system32\drivers\CLBStor.sys [6/25/2010 5:14 PM 15784]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;d:\windows\system32\drivers\CLBUDF.sys [6/25/2010 5:14 PM 162344]

R2 FreeAgentGoNext Service;Seagate Service;d:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]

R3 ArcCD;ArcCD Filter Driver Service;d:\windows\system32\drivers\ArcCD.sys [7/17/2011 12:17 AM 36224]

S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [1/19/2010 8:25 PM 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"d:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> d:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [1/19/2010 8:25 PM 135664]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 pcouffin;VSO Software pcouffin;d:\windows\system32\drivers\pcouffin.sys [5/1/2010 10:37 AM 47360]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;d:\windows\system32\DRIVERS\RTL8192su.sys --> d:\windows\system32\DRIVERS\RTL8192su.sys [?]

S4 ArcUdfs;ArcUdfs FileSystem Driver Service;d:\windows\system32\drivers\ArcUdfs.sys [7/17/2011 12:17 AM 134912]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - ArcRec

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-13 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 03:25]

.

2011-10-14 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 03:25]

.

2011-10-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-362288127-725345543-1003Core.job

- d:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 04:52]

.

2011-10-14 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-362288127-725345543-1003UA.job

- d:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 04:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:50020

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download All with FlashGet - d:\progra~1\FlashGet\jc_all.htm

IE: &Download with FlashGet - d:\progra~1\FlashGet\jc_link.htm

IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_6/PhotoCenter_ActiveX_Control.cab

FF - ProfilePath - d:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\s64eka2w.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc2f856&v=6.103.018.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 4

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-13 23:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(608)

d:\windows\System32\BCMLogon.dll

d:\program files\Citrix\ICA Client\pnsson.dll

.

Completion time: 2011-10-13 23:40:29

ComboFix-quarantined-files.txt 2011-10-14 06:40

ComboFix2.txt 2011-10-08 09:20

.

Pre-Run: 7,485,976,576 bytes free

Post-Run: 7,471,321,088 bytes free

.

- - End Of File - - EBF29B9F5104DA00341E77FA4357147F

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

DDS::
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50020

FireFox::
FF - ProfilePath - d:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\s64eka2w.default\
FF - prefs.js: network.proxy.type - 4

Folder::
d:\documents and settings\Ann\Application Data\EuuucSS2ib
d:\documents and settings\Ann\Application Data\zdWWK88fR9
d:\documents and settings\Ann\Application Data\JhTTXwwjUVeIBzP
d:\documents and settings\Ann\Application Data\TnF4pmm5s
d:\documents and settings\Ann\Application Data\FUUCBzNyyA1u
d:\documents and settings\Ann\Application Data\offfRLL9hTXjUel
d:\documents and settings\Ann\Application Data\FBrrzzPNycA1vDo
d:\documents and settings\Ann\Application Data\FiiibD33on4aQ6W
d:\documents and settings\Ann\Application Data\AOOBBtxxP0cS
d:\documents and settings\Ann\Application Data\zzzPPNycA1uv2oF
d:\documents and settings\Ann\Application Data\BppmmH5sWJ
d:\documents and settings\Ann\Application Data\iK88ffRL9hTXj
d:\documents and settings\Ann\Application Data\HCCCellIBtzNyA1
d:\documents and settings\Ann\Application Data\h5aaQQJ6dWK8

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Hi Larry, I ran the script using ComboFix and pasted the log file below. I still don't get Windows Firewall to work. I have not enabled internet connection as I still do not have any anti virus software. Do you think we made any improvement in removing the rogue virus from my computer? I really appreaite your help. Thanks.

ComboFix.txt

ComboFix 11-10-14.02 - Ann 10/15/2011 0:00.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1496 [GMT -7:00]

Running from: d:\documents and settings\Ann\Desktop\ComboFix.exe

Command switches used :: d:\documents and settings\Ann\Desktop\CFScript.txt

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

d:\documents and settings\Ann\Application Data\AOOBBtxxP0cS

d:\documents and settings\Ann\Application Data\BppmmH5sWJ

d:\documents and settings\Ann\Application Data\EuuucSS2ib

d:\documents and settings\Ann\Application Data\FBrrzzPNycA1vDo

d:\documents and settings\Ann\Application Data\FiiibD33on4aQ6W

d:\documents and settings\Ann\Application Data\FUUCBzNyyA1u

d:\documents and settings\Ann\Application Data\h5aaQQJ6dWK8

d:\documents and settings\Ann\Application Data\HCCCellIBtzNyA1

d:\documents and settings\Ann\Application Data\iK88ffRL9hTXj

d:\documents and settings\Ann\Application Data\JhTTXwwjUVeIBzP

d:\documents and settings\Ann\Application Data\offfRLL9hTXjUel

d:\documents and settings\Ann\Application Data\TnF4pmm5s

d:\documents and settings\Ann\Application Data\zdWWK88fR9

d:\documents and settings\Ann\Application Data\zzzPPNycA1uv2oF

.

.

((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))

.

.

2011-10-09 03:36 . 2011-09-01 00:00 22216 ----a-w- d:\windows\system32\drivers\mbam.sys

2011-10-07 22:15 . 2011-10-09 03:36 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2011-10-07 06:44 . 2011-10-07 06:44 -------- d-----w- D:\TDSSKiller_Quarantine

2011-10-06 05:15 . 2011-10-06 05:15 -------- d-sh--w- d:\documents and settings\Administrator.PROFESSIONAL\IECompatCache

2011-10-01 23:19 . 2011-10-01 23:19 -------- d-----w- d:\documents and settings\Ann\Application Data\ImgBurn

2011-10-01 23:11 . 2011-10-01 23:11 -------- d-----w- d:\program files\ImgBurn

2011-10-01 20:30 . 2011-10-01 20:31 -------- d-----w- d:\program files\DVDFab 8 Qt

2011-09-27 20:05 . 2004-06-02 16:13 540672 ------w- d:\windows\system32\Tx32.dll

2011-09-27 20:05 . 2004-05-27 09:23 159744 ------w- d:\windows\system32\tx_rtf32.dll

2011-09-27 20:05 . 2003-07-18 07:51 344064 ------w- d:\windows\system32\Tx4ole.ocx

2011-09-27 20:05 . 2003-04-15 08:12 114688 ------w- d:\windows\system32\txtls32.dll

2011-09-27 20:05 . 2003-04-08 07:41 53248 ------w- d:\windows\system32\wndtls32.dll

2011-09-27 20:05 . 2003-02-02 09:01 65536 ------w- d:\windows\system32\ReSize32.ocx

2011-09-27 20:05 . 2002-01-23 07:14 327680 ------w- d:\windows\system32\txobj32.dll

2011-09-27 20:05 . 2006-10-24 15:21 45056 ------w- d:\windows\system32\MPlay.ocx

2011-09-27 20:05 . 2003-04-16 09:02 102400 ------w- d:\windows\system32\ic32.dll

2011-09-27 20:05 . 2002-01-16 14:41 89600 ------w- d:\windows\system32\GRID32.OCX

2011-09-27 20:05 . 2011-09-27 20:05 -------- d-----w- d:\documents and settings\Ann\Application Data\M-HTOEFL

2011-09-27 20:05 . 2011-09-27 20:05 -------- d-----w- d:\program files\TOEFL Official Guide

2011-09-23 06:37 . 2011-09-23 06:37 -------- d-----w- d:\program files\ETS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2004-08-12 13:18 599040 ----a-w- d:\windows\system32\crypt32.dll

2008-08-16 23:42 . 2008-08-16 23:42 13112 ----a-w- d:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 23:42 . 2008-08-16 23:42 70456 ----a-w- d:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 23:42 . 2008-08-16 23:42 91448 ----a-w- d:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 23:42 . 2008-08-16 23:42 20800 ----a-w- d:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 23:43 . 2008-08-16 23:43 206136 ----a-w- d:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 23:42 . 2008-08-16 23:42 31032 ----a-w- d:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 23:42 . 2008-08-16 23:42 40248 ----a-w- d:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 14:41 . 2008-05-21 14:41 479232 ----a-w- d:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 14:41 . 2008-05-21 14:41 548864 ----a-w- d:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 14:41 . 2008-05-21 14:41 626688 ----a-w- d:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 19:58 . 2008-06-05 19:58 648504 ----a-w- d:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 23:42 . 2008-08-16 23:42 23864 ----a-w- d:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-07-18 01:30 . 2011-06-18 02:44 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-08_09.15.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-15 07:09 . 2011-10-15 07:09 16384 d:\windows\temp\Perflib_Perfdata_674.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="d:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-20 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]

"Broadcom Wireless Manager UI"="d:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]

"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-06-06 8429568]

"nwiz"="nwiz.exe" [2007-06-06 1626112]

"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]

"NvMediaCenter"="NvMCTray.dll" [2007-06-06 81920]

"SigmatelSysTrayApp"="d:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"SSBkgdUpdate"="d:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="d:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]

"IndexSearch"="d:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

"BrMfcWnd"="d:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]

"ControlCenter3"="d:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"P2Go_Menu"="d:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-03-19 421888]

"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"MaxMenuMgr"="d:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDc5NTc3NjU3LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3LVNQMSsxLVNVUCs0LUZMMTArMS1UVUcrMy1TUDFTNCsxLUREVCs2MzYxMS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzE∏=90&ver=10.0.1410" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-10-28 02:17 207424 ----a-w- d:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor]

2010-12-16 01:03 80448 ----a-w- d:\program files\Kodak\MediaImpression\ArcMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]

2010-03-24 22:26 243544 ----a-w- d:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]

2010-06-04 15:10 822384 ----a-w- d:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-06-01 04:52 136176 ----atw- d:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 21:33 141624 ----a-w- d:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

2009-11-11 23:43 288088 ----a-w- d:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-01-20 03:25 39408 ----a-w- d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]

2011-01-17 19:41 8192 ----a-w- d:\program files\XviD\CheckUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"YahooAUService"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"SSDPSRV"=3 (0x3)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Skype"="d:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"PDVD8LanguageShortcut"="d:\program files\CyberLink\PowerDVD8\Language\Language.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [1/26/2010 1:10 PM 64288]

R1 CLBStor;InstantBurn Storage Helper Driver;d:\windows\system32\drivers\CLBStor.sys [6/25/2010 5:14 PM 15784]

R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;d:\windows\system32\drivers\CLBUDF.sys [6/25/2010 5:14 PM 162344]

R2 FreeAgentGoNext Service;Seagate Service;d:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]

R3 ArcCD;ArcCD Filter Driver Service;d:\windows\system32\drivers\ArcCD.sys [7/17/2011 12:17 AM 36224]

S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [1/19/2010 8:25 PM 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"d:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> d:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [1/19/2010 8:25 PM 135664]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 pcouffin;VSO Software pcouffin;d:\windows\system32\drivers\pcouffin.sys [5/1/2010 10:37 AM 47360]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;d:\windows\system32\DRIVERS\RTL8192su.sys --> d:\windows\system32\DRIVERS\RTL8192su.sys [?]

S4 ArcUdfs;ArcUdfs FileSystem Driver Service;d:\windows\system32\drivers\ArcUdfs.sys [7/17/2011 12:17 AM 134912]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - ArcRec

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-15 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 03:25]

.

2011-10-15 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-20 03:25]

.

2011-10-14 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-362288127-725345543-1003Core.job

- d:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 04:52]

.

2011-10-15 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-362288127-725345543-1003UA.job

- d:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 04:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download All with FlashGet - d:\progra~1\FlashGet\jc_all.htm

IE: &Download with FlashGet - d:\progra~1\FlashGet\jc_link.htm

IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_6/PhotoCenter_ActiveX_Control.cab

FF - ProfilePath - d:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\s64eka2w.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc2f856&v=6.103.018.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-15 00:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(612)

d:\windows\System32\BCMLogon.dll

d:\program files\Citrix\ICA Client\pnsson.dll

.

- - - - - - - > 'explorer.exe'(2648)

d:\windows\system32\WININET.dll

d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

d:\windows\system32\ieframe.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\WPDShServiceObj.dll

d:\program files\WinSCP\DragExt.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

d:\windows\System32\WLTRYSVC.EXE

d:\windows\System32\bcmwltry.exe

d:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

d:\program files\Juniper Networks\Common Files\dsNcService.exe

d:\program files\Java\jre6\bin\jqs.exe

d:\windows\system32\nvsvc32.exe

d:\program files\CyberLink\Shared files\RichVideo.exe

d:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

d:\program files\Citrix\ICA Client\ssonsvr.exe

d:\windows\system32\wscntfy.exe

d:\windows\system32\rundll32.exe

d:\windows\system32\RunDLL32.exe

d:\program files\Brother\ControlCenter3\brccMCtl.exe

d:\windows\system32\rundll32.exe

d:\program files\Brother\Brmfcmon\BrMfimon.exe

d:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe

.

**************************************************************************

.

Completion time: 2011-10-15 00:14:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-15 07:14

ComboFix2.txt 2011-10-14 06:45

ComboFix3.txt 2011-10-08 09:20

.

Pre-Run: 7,452,442,624 bytes free

Post-Run: 7,437,180,928 bytes free

.

- - End Of File - - F2DF6DFADD64B7B23F70B9A2D52B7F25

Link to post
Share on other sites

Hi Larry,

I installed Ad-Aware but unable to install AVG 2012 Free edition as it needed internet connection. I was unable to bring internet (both wired and wireless) back. I tried different techniques like resetting Winsock catalog. But in vain. Can you please help me? I believe the virus has changed the registry entries and also its hiding in the computer. I see "!" symbol on both wireless icon and local area connection. When I try to renew IP it says unable to renew IP Address. Also my Windows firewall is messed up. Thanks.

Link to post
Share on other sites

Hi Larry, I tried doing uninstall and reboot. The drivers did appear back but no internet connection. It was still showing "unable to renew IP Address" error. Then I googled and finally got the below directions to follow. They worked like a charm. Now I have both Local Area Connection and Wireless connection enabled, also my windows firewall is turned ON now. This is using "REPAIR" option using windows xp CD re-install. Anyways, beside this, do you think I still have Virus in the computer somwhere hidden? Do you suggest me to run any tools? Thanks.

Instruction followed to get Internet connection as a last resort:

To fix the problem, you have to replace TCPIP.SYS with a good copy. Reinstalling Windows will not allow you to replace it. Starting in Safe Mode Command Prompt won't give you the ability to rename or delete TCPIP.SYS. Starting Windows from the CD and using the Repair Console will also fail unless you follow this set of steps.

1. Get a copy of TCPIP.SYS by searching "TCPIP.SYS" on your machine, looking in hidden files and folders. You'll get a bunch of hits. Right click the files and check the preferences to get the most recent version that has Revision data from Microsoft. The one in C:\windows\system32\drivers is not gonna have any file data associated with it, even though it is exactly the same size as the good file.

2. Put the copy of TCPIP.SYS on the root of your C: drive. I had a problem when I made a folder for it, so I recommend just copying it directly to root.

3. Restart your computer with a Windows XP CD (WIN2000 would also work, I think) and select the Repair console function. Log in as Administrator (better know your administrator password!).

4.Navigate to C:\windows\system32\drivers. You will be able to see the TCPIP.SYS file there is you type in DIR, but you won't be able to delete or rename it.

5. Type in "CHKDSK /P". This runs a disk check on your hard drive and fixes errors whether the System thinks you need it or not.

6. Type "del TCPIP.SYS" and press Return.

7. Type in "CHKDSK /P" and run the disk check again (yes, I tried to do do this without this step the first time and it didn't work).

8. Type in "copy C:\TCPIP.SYS". You should get a message that this completed correctly.

9. Type in "CHKDSK /P" one last time just to be sure (I didn't confirm that this was required, but why waste all the previous effort?)

10. Type in "Exit" and let the computer restart. Your internet access should be restored, the Windows Firewall will work, and ipconfig should be able to config IP.

Link to post
Share on other sites

GREAT.....

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.