Jump to content

Hanging computer


LOL

Recommended Posts

I don't know if I have a virus/malware problem, but hope someone here might be able to tell me.

My computer just hangs displaying a message "Please wait, your Internet-Connection has not yet been established". This is on a pale grey screen

The computer won't turn off, the only way I can close it down is at the power source. When I re-boot, it seems to boot normally until displaying the desktop background, but no icons appear. The screen then goes grey and displays the message above. There are no other icons/buttons etc on the screen. The esc button on the keyboard does nothing. Ctrl, Alt Del does nothing.

Exactly the same thing happens whether or not the machine is connected to the internet

I tried booting in safe mode, but exactly the same thing happened

So basically I'm frustrated because I cannot get control of the machine to find out what is wrong with it. I did search a number of technical forums to see if anyone had reported a similar problem and did find someone who was reporting an identical issue - unfortunately no one had replied to his post!

I hope someone here can give me some idea what my problem is - any help would be greatly appreciated

LOL

Link to post
Share on other sites

Just had the same problem with a customers netbook.

Go into Safe Mode with Command Prompt, have MBam latest ready on a memory stick. Install via command window ie. something like E:/mbamsetup.exe

It won't update (at least it wouldn't for me) but I ran on quick scan and came up with 9 viruses, a couple of trojans, backdoor.bot and pups. Removed and restarted Windows XP in this case and it's fixed.

Got a bit more work to do on netbook but that's the starting point for you. Gonna update and run full scan now I can get back online.

Hope this helps!

Link to post
Share on other sites

I have now managed to regain control of the computer by running malwarebytes from a datastick in safe mode. It found and removed a handful of infections. I then ran a full scan with Avast which found another and finally ran a scan using the ESET online scanner which picked up and removed a Trojan.

The machine seems to be ok now, but I've run the DDS scan tool and would appreciate advice on whether I am now actually clean - logs below

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 12:20:51 on 2011-11-06

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1519 [GMT 0:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://bt.yahoo.com

uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://srch-qgb10.hpwis.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

uPolicies-system: DisableTaskMgr = 0

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224346127578

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228074168671

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-29 320856]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-11-3 532224]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-29 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-29 44768]

S0 rrdg;rrdg;c:\windows\system32\drivers\redsk.sys --> c:\windows\system32\drivers\redsk.sys [?]

S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-16 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-6-16 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-6-16 42752]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-5-11 14336]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-11-05 12:42:21 -------- d-----w- c:\program files\ESET

2011-11-04 13:22:15 95744 ----a-w- c:\documents and settings\owner\application data\dwlGina3.dll

.

==================== Find3M ====================

.

2011-09-26 11:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 11:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 11:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 12:22:52.78 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 17/10/2008 16:42:48

System Uptime: 06/11/2011 11:29:40 (1 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series

Processor: Intel® Pentium® 4 CPU 2.60GHz | Socket 478 | 2600/100mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 70 GiB total, 19.693 GiB free.

D: is FIXED (FAT32) - 4 GiB total, 0.574 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 466 GiB total, 455.885 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

7-Zip 9.20

Acrobat.com

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Reader 9

AiO_Scan

AIOMinimal

AiOSoftware

Amazon MP3 Downloader 1.0.4

ArcSoft PhotoStudio 5.5

ArcSoft ShowBiz 2

Audacity 1.2.6

avast! Free Antivirus

BT Broadband Desktop Help

BT Broadband Support Tools

BT Yahoo! Applications

BTHomeHub

Canon CanoScan Toolbox 5.0

Canon iP4500 series

Canon iP4500 series User Registration

Canon My Printer

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

CanoScan 4400F

CCleaner (remove only)

CD-LabelPrint

Coupon Printer

DeepSkyStacker

ESET Online Scanner v3

EZ Vinyl/Tape Converter 1.5.2.0 by MixMeister

Fax

GIMP 2.6.4

Google Update Helper

GoToAssist Corporate

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Deskjet Preloaded Printer Drivers

hp officejet v series

HP PSC & OfficeJet 3.0

HP Software Update

HpSdpAppCoreApp

Intel® Extreme Graphics Driver

InterVideo WinDVD Player

Java Auto Updater

Java 6 Update 22

KBD

LAME v3.98.2 for Audacity

Malwarebytes' Anti-Malware version 1.51.2.1300

Memories Disc Creator 2.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Bootvis

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Professional

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Neat Image v6 Demo (with plug-in)

Noiseware Community Edition

NVIDIA GART Driver

OLYMPUS Master 2

OpenMG Limited Patch 4.7-07-14-05-01

OpenMG Secure Module 4.7.00

PC-Doctor for Windows

Presto! PageManager 7.15.14

PrintScreen

PS2

Python 2.2 combined Win32 extensions

Python 2.2.1

Readme

RecordNow!

RegiStax 5.1

Revo Uninstaller 1.75

Scan

ScanSoft OmniPage SE 4.0

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Serif PhotoPlus 9.0

Serif PhotoPlus 9.0 Resource CD-ROM

Serif PhotoPlus Association File Formats

Sonic Update Manager

SonicStage 4.3

TextBridge Pro 98

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VLC media player 1.1.11

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Yahoo! Toolbar

ZoneAlarm

.

==== Event Viewer Messages From Past Week ========

.

04/11/2011 13:42:22, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant

04/11/2011 13:42:22, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.

04/11/2011 13:42:22, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

04/11/2011 13:41:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Hi Chris, Thanks for your help

I tried to paste in the logs you asked for, but the post was too long so here's MBAM & DDS, I'll try sending the ComboFix log in a separate reply

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8132

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/11/2011 15:41:34

mbam-log-2011-11-10 (15-41-34).txt

Scan type: Quick scan

Objects scanned: 156858

Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 17:02:26 on 2011-11-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1474 [GMT 0:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://bt.yahoo.com

uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://srch-qgb10.hpwis.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224346127578

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228074168671

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-29 320856]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-11-3 532224]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-29 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-29 44768]

S0 rrdg;rrdg;c:\windows\system32\drivers\redsk.sys --> c:\windows\system32\drivers\redsk.sys [?]

S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]

S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-16 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-6-16 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-6-16 42752]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-5-11 14336]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-11-10 15:58:37 -------- d-----w- C:\ComboFix

2011-11-05 12:42:21 -------- d-----w- c:\program files\ESET

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-26 11:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 11:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 11:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 17:03:48.09 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 17/10/2008 16:42:48

System Uptime: 10/11/2011 16:18:36 (1 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series

Processor: Intel® Pentium® 4 CPU 2.60GHz | Socket 478 | 2600/100mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 70 GiB total, 21.356 GiB free.

D: is FIXED (FAT32) - 4 GiB total, 0.574 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 466 GiB total, 455.885 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 10/11/2011 15:59:03 - System Checkpoint

.

==== Installed Programs ======================

.

.

7-Zip 9.20

Acrobat.com

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Reader 9

AiO_Scan

AIOMinimal

AiOSoftware

Amazon MP3 Downloader 1.0.4

ArcSoft PhotoStudio 5.5

ArcSoft ShowBiz 2

Audacity 1.2.6

avast! Free Antivirus

BT Broadband Desktop Help

BT Broadband Support Tools

BT Yahoo! Applications

BTHomeHub

Canon CanoScan Toolbox 5.0

Canon iP4500 series

Canon iP4500 series User Registration

Canon My Printer

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

CanoScan 4400F

CCleaner (remove only)

CD-LabelPrint

Coupon Printer

DeepSkyStacker

ESET Online Scanner v3

EZ Vinyl/Tape Converter 1.5.2.0 by MixMeister

Fax

GIMP 2.6.4

Google Update Helper

GoToAssist Corporate

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Deskjet Preloaded Printer Drivers

hp officejet v series

HP PSC & OfficeJet 3.0

HP Software Update

HpSdpAppCoreApp

Intel® Extreme Graphics Driver

InterVideo WinDVD Player

Java Auto Updater

Java 6 Update 22

KBD

LAME v3.98.2 for Audacity

Malwarebytes' Anti-Malware version 1.51.2.1300

Memories Disc Creator 2.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Bootvis

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Professional

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Neat Image v6 Demo (with plug-in)

Noiseware Community Edition

NVIDIA GART Driver

OLYMPUS Master 2

OpenMG Limited Patch 4.7-07-14-05-01

OpenMG Secure Module 4.7.00

PC-Doctor for Windows

Presto! PageManager 7.15.14

PrintScreen

PS2

Python 2.2 combined Win32 extensions

Python 2.2.1

Readme

RecordNow!

RegiStax 5.1

Revo Uninstaller 1.75

Scan

ScanSoft OmniPage SE 4.0

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Serif PhotoPlus 9.0

Serif PhotoPlus 9.0 Resource CD-ROM

Serif PhotoPlus Association File Formats

Sonic Update Manager

SonicStage 4.3

TextBridge Pro 98

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VLC media player 1.1.11

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Yahoo! Toolbar

ZoneAlarm

.

==== Event Viewer Messages From Past Week ========

.

08/11/2011 14:51:11, error: Dhcp [1002] - The IP address lease 192.168.1.67 for the Network Card with network address 000C76A036CB has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

05/11/2011 07:35:37, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

05/11/2011 02:33:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant

05/11/2011 02:33:53, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.

05/11/2011 02:33:53, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi,

I see remnants of AVG installed.

Use AVG's removal tool:

http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_1796.exe

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Driver::
rrdg
KILLALL::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Logs posted as per your instructions

ComboFix 11-11-15.06 - Owner 16/11/2011 1:40.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1610 [GMT 0:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\regobj.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_rrdg

.

.

((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))

.

.

2011-11-12 12:04 . 2011-11-16 01:21 -------- d-----w- c:\windows\Internet Logs

2011-11-12 12:03 . 2011-11-12 12:03 -------- d-----w- c:\documents and settings\Owner\Application Data\CheckPoint

2011-11-12 12:02 . 2011-11-12 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint

2011-11-05 12:42 . 2011-11-05 12:42 -------- d-----w- c:\program files\ESET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-10 14:22 . 2003-03-03 22:57 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2002-09-23 22:10 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 11:41 . 2008-07-29 19:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 11:41 . 2006-05-11 21:58 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 11:41 . 2006-05-11 21:58 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 20:45 . 2010-10-29 23:52 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2010-10-29 23:52 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-06 20:38 . 2011-05-26 15:29 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2010-10-29 23:52 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2010-10-29 23:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2010-10-29 23:52 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2010-10-29 23:52 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-09-06 20:36 . 2010-10-29 23:52 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-09-06 20:36 . 2010-10-29 23:52 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-06 20:33 . 2010-10-29 23:52 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-09-06 13:20 . 2003-01-01 15:41 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 17:00 . 2008-12-23 18:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2006-05-11 21:59 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2006-05-11 21:57 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2006-05-11 21:56 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2008-11-03 16:33 385024 ----a-w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((( SnapShot_2011-11-10_16.22.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-12 12:04 . 2011-11-12 12:04 62464 c:\windows\Installer\55938.msi

+ 2011-11-12 12:03 . 2011-11-12 12:03 28672 c:\windows\Installer\55931.msi

+ 2011-11-12 12:02 . 2011-11-12 12:02 41472 c:\windows\Installer\5592a.msi

+ 2011-11-10 17:18 . 2011-11-10 17:18 22016 c:\windows\Installer\36add3.msi

+ 2008-07-29 08:05 . 2008-07-29 08:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll

+ 2008-07-29 08:05 . 2008-07-29 08:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

+ 2008-07-29 03:54 . 2008-07-29 03:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll

+ 2008-07-29 05:23 . 2008-07-29 05:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll

+ 2008-07-29 05:23 . 2008-07-29 05:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll

+ 2008-07-29 03:51 . 2008-07-29 03:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll

+ 2011-11-09 20:01 . 2011-11-09 20:01 525840 c:\windows\system32\vsdatant.sys

- 2002-09-23 22:10 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll

+ 2002-09-23 22:10 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]

"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-06-29 17:56 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet v series) - 1.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet v series) - 1.lnk

backup=c:\windows\pss\HPAiODevice(hp officejet v series) - 1.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk

backup=c:\windows\pss\reminder-ScanSoft Product Registration.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 13:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

2003-08-19 02:56 852038 ----a-w- c:\windows\system32\nview.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-08-19 02:56 323584 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]

2006-09-20 08:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26/05/2011 15:29 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/10/2010 23:52 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/10/2010 23:52 20568]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [03/11/2011 14:44 27016]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [03/11/2011 14:44 497280]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2011 16:57 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2011 16:57 136176]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [16/06/2010 21:32 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [16/06/2010 21:32 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [16/06/2010 21:32 42752]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [11/05/2006 21:59 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 16:57]

.

2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 16:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://bt.yahoo.com

uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://srch-qgb10.hpwis.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-16 02:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(648)

c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

- - - - - - - > 'lsass.exe'(704)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

- - - - - - - > 'explorer.exe'(800)

c:\windows\system32\WININET.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\Windows Media Player\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

.

**************************************************************************

.

Completion time: 2011-11-16 02:17:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-16 02:17

ComboFix2.txt 2011-11-10 16:37

.

Pre-Run: 21,995,094,016 bytes free

Post-Run: 21,976,731,648 bytes free

.

- - End Of File - - B2723D8219C4BB30837B33BACE2AB4E5

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 2:25:29 on 2011-11-16

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2039.1559 [GMT 0:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Free Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://bt.yahoo.com

uDefault_Search_URL = hxxp://srch-qgb10.hpwis.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://srch-qgb10.hpwis.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

mRun: [iSW]

mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224346127578

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228074168671

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a02-b02.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-29 320856]

R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-29 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-29 44768]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176]

S2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-16 19712]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-6-16 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-6-16 42752]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-5-11 14336]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-11-12 12:04:28 -------- d-----w- c:\windows\Internet Logs

2011-11-12 12:03:55 -------- d-----w- c:\documents and settings\owner\application data\CheckPoint

2011-11-12 12:02:43 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint

2011-11-05 12:42:21 -------- d-----w- c:\program files\ESET

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 11:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 11:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 11:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 17:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 2:26:48.07 ===============

Link to post
Share on other sites

  • Staff

Hi,

Your version of avast is out of date. Please uninstall it and get the latest version (6).

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Logs attached as requested

The checkup report seems to indicate I'm running Avast version 5, but it is version 6 (6.0.1289). Just to be sure I ran "update" and after a few minutes got the response that I'm running the latest programme with the latest definitions

The system appears to be running fine now. I'm not experiencing any issues at all

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=fb100e2745a1b246aa9b1e4aa65d7f1a

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-05 02:08:54

# local_time=2011-11-05 02:08:54 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 32100926 32100926 0 0

# compatibility_mode=8192 67108863 100 0 293 293 0 0

# compatibility_mode=9217 16777214 75 70 31441467 37079972 0 0

# scanned=72537

# found=1

# cleaned=1

# scan_time=4904

C:\Documents and Settings\Owner\Local Settings\Temp\A9R5A17.tmp JS/Exploit.Pdfka.PFS.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=fb100e2745a1b246aa9b1e4aa65d7f1a

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-21 06:43:59

# local_time=2011-11-21 06:43:59 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 33499694 33499694 0 0

# compatibility_mode=8192 67108863 100 0 1399061 1399061 0 0

# compatibility_mode=9217 16777214 75 4 487690 487690 0 0

# scanned=142652

# found=0

# cleaned=0

# scan_time=5041

Results of screen317's Security Check version 0.99.28

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

avast! Free Antivirus

ESET Online Scanner v3

ZoneAlarm Firewall

ZoneAlarm Free

ZoneAlarm Toolbar

ZoneAlarm Security

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner (remove only)

Java 6 Update 22

Java version out of date!

Adobe Reader 9 (Adobe Reader out of date!)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 AvastUI.exe

CheckPoint ZoneAlarm vsmon.exe

CheckPoint ZoneAlarm zatray.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Thanks-- I'll have to update my program.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 22

Adobe Reader 9

Restart your computer.

Get the latest version of Java and Adobe Reader.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Hi,

I've done all of that

As far as I can tell there are no issues now and everything seems to be working fine

Thanks for all your help

I guess you would recommend the full version of Malwarebytes? Is this a full security suite that would replace my anti-virus, or just an enhanced version of the free programme?

LOL

Link to post
Share on other sites

  • Staff

Hi,

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place. It is not a replacement for your antivirus; it is designed to run alongside it.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.