View Full Version : Help please ... fraud.sysguard
MadMonkey69
2010-07-08, 12:50
A friend gave me a Laptop to repair last year. I just re-installed Vista for him, but now he has a problem. It stopped connecting to the internet through any Browser (well it did once for me using Firefox, but then that got hijacked as well).
After running AVG, Windows defender, Fake Antivirus Removal & Spybot i finally found what i guess is the problem.
Spybot found fraud.sysguard (and also another). BUT after cleaning it did say it had removed them. I have run it 3 times since and it finds nothing. So here i am :eek:
I have followed the instructions about ERUNT & DDS and here is what i get.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Graham at 10:17:58.66 on 08/07/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1526.667 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Graham\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
E:\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [AcerOrbicamRibbon] "c:\program files\acer\orbicam10\OrbiCam.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\graham\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-28 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-28 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-28 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-28 1153368]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2010-2-28 847392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 BarDiscover Service;BarDiscover Service;"c:\programdata\bardiscover\bardiscover123.exe" "c:\program files\bardiscover\bardiscover.dll" dmtlkddnisf --> c:\programdata\bardiscover\bardiscover123.exe [?]
S2 gupdate1cb09911e3ca188;Google Update Service (gupdate1cb09911e3ca188);c:\program files\google\update\GoogleUpdate.exe [2010-6-11 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-28 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
=============== Created Last 30 ================
2010-07-07 23:39:05 0 d-----w- c:\program files\Free Window Registry Repair
2010-07-07 23:34:36 0 d-----w- c:\program files\CCleaner
2010-07-07 18:26:11 0 d-----w- c:\programdata\Office Genuine Advantage
2010-07-01 15:29:35 0 d-----w- c:\programdata\RegDef2010
2010-07-01 15:29:35 0 d-----w- c:\program files\Angle Interactive
2010-06-21 18:44:37 992 ------w- c:\windows\hpomdl40.dat.temp
2010-06-11 15:38:33 56 ---ha-w- c:\programdata\ezsidmv.dat
==================== Find3M ====================
2010-06-21 18:44:42 193006 ----a-w- c:\windows\hpoins40.dat
2010-06-16 17:01:36 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-06-16 17:01:36 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-16 17:01:31 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-03 13:36:18 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-28 12:59:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-02-28 01:50:06 174 --sha-w- c:\program files\desktop.ini
2010-02-28 01:42:43 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-09-13 00:50:35 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 10:19:49.74 ===============
Many Thanks for any help :thanks:
Sorry only just read this bit:
Note:
Do not use a usb/external hard drive that has been connected to the infected machine to transfer media.I had to use a USB stick to get ERUNT & DDS onto the infected Laptop as the Malware would not let me have a connection :oops:
Hello and welcome to Safer Networking.
My name is km2357 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.
Please do not start another thread or topic, I will assist you at this thread until we solve your problems.
Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.
Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:
1. Rerun DDS and post back the DDS and Attach.txt logs.
2. Download and Run Gmer
Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
MadMonkey69
2010-07-14, 18:53
Hi km2357, and many thanks for your time. Looking through the Forum i see how busy it is here :thanks:
Followed your instructions and here is what happened:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Graham at 16:26:56.68 on 14/07/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1526.632 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Graham\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
E:\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [AcerOrbicamRibbon] "c:\program files\acer\orbicam10\OrbiCam.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\graham\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-28 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-28 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-28 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-17 308064]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-28 1153368]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2010-2-28 847392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 BarDiscover Service;BarDiscover Service;"c:\programdata\bardiscover\bardiscover123.exe" "c:\program files\bardiscover\bardiscover.dll" dmtlkddnisf --> c:\programdata\bardiscover\bardiscover123.exe [?]
S2 gupdate1cb09911e3ca188;Google Update Service (gupdate1cb09911e3ca188);c:\program files\google\update\GoogleUpdate.exe [2010-6-11 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-28 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
=============== Created Last 30 ================
2010-07-07 23:39:05 0 d-----w- c:\program files\Free Window Registry Repair
2010-07-07 23:34:36 0 d-----w- c:\program files\CCleaner
2010-07-07 18:26:11 0 d-----w- c:\programdata\Office Genuine Advantage
2010-07-01 15:29:35 0 d-----w- c:\programdata\RegDef2010
2010-07-01 15:29:35 0 d-----w- c:\program files\Angle Interactive
2010-06-21 18:44:37 992 ------w- c:\windows\hpomdl40.dat.temp
==================== Find3M ====================
2010-06-21 18:44:42 193006 ----a-w- c:\windows\hpoins40.dat
2010-06-16 17:01:36 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-06-16 17:01:36 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-16 17:01:31 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-11 15:38:33 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-03 13:36:18 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-28 12:59:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-02-28 01:50:06 174 --sha-w- c:\program files\desktop.ini
2010-02-28 01:42:43 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-09-13 00:50:35 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 16:28:14.85 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27/02/2010 21:06:07
System Uptime: 14/07/2010 15:50:30 (1 hours ago)
Motherboard: Acer | | Grapevine
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | U1 | 800/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 75 GiB total, 44.737 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP92: 01/07/2010 18:04:39 - Avg Update
RP93: 04/07/2010 18:02:33 - Scheduled Checkpoint
RP94: 05/07/2010 18:40:37 - Scheduled Checkpoint
RP95: 07/07/2010 18:06:18 - Windows Update
RP96: 08/07/2010 11:58:43 - Scheduled Checkpoint
RP97: 08/07/2010 13:34:50 - Windows Update
RP98: 14/07/2010 15:46:01 - Windows Update
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Acer Camera Driver
Acer OrbiCam Application
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AVG Free 9.0
B209a-m
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
BufferChm
CCleaner
Destinations
DeviceDiscovery
ERUNT 1.1j
Free Window Registry Repair
Google Chrome
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Logitech Video Enumerator
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MVision
Network
OGA Notifier 2.0.0048.0
OLYMPUS Master 2
PS_AIO_06_B209a-m_SW_Min
Realtek High Definition Audio Driver
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Shop for HP Supplies
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Wireless Manager
==== Event Viewer Messages From Past Week ========
14/07/2010 15:42:31, Error: EventLog [6008] - The previous system shutdown at 15:39:27 on 14/07/2010 was unexpected.
08/07/2010 02:50:53, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
08/07/2010 02:50:53, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
08/07/2010 01:54:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08/07/2010 01:54:13, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
08/07/2010 01:54:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
08/07/2010 01:53:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
08/07/2010 01:53:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
08/07/2010 01:53:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
08/07/2010 01:53:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
08/07/2010 01:53:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
07/07/2010 17:18:27, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0018DEB5D076 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
07/07/2010 17:14:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BarDiscover Service service to connect.
==== End Of File ===========================
[B]OK, that is the first DDS and Attach.txt logs
I then ran gmer.exe
It ran for a couple of minutes and came up with the following, then stopped:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-14 16:39:25
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Graham\AppData\Local\Temp\ugliapow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
BUT that was it, so i made sure 'Sections' button is ticked and the 'Show All' button is unticked.
Then i ran the scan again...it ran for a few minutes, then i got the Blue screen of Death for a second, and it rebooted.
I have now left it on the Login screen
NOTE: I had to run these all twice as the Laptop just sat there for 6 hours to start with doing nothing when i first run gmer.exe
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1526.632
It looks like the computer has the original version of Vista on it. The computer should have Vista SP2. Once we solve the malware-related problems with the computer, we'll upgrade it to Vista SP2. :)
Since GMER crashed on you, let's try another rootkit scanner:
Step # 1 Download and run SysProt
Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).
http://sites.google.com/site/sysprotantirootkit/
Unzip it into a folder on your desktop.
Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items only:
Process
Kernel Modes
SSDT
Kernel Hooks
Hidden Files
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
MadMonkey69
2010-07-14, 22:22
OK, that looked a success :)
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: System
PID: 4
Hidden: No
Window Visible: No
Name: C:\Windows\System32\smss.exe
PID: 468
Hidden: No
Window Visible: No
Name: C:\Windows\System32\csrss.exe
PID: 536
Hidden: No
Window Visible: No
Name: C:\Windows\System32\wininit.exe
PID: 580
Hidden: No
Window Visible: No
Name: C:\Windows\System32\csrss.exe
PID: 592
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgchsvx.exe
PID: 600
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgrsx.exe
PID: 608
Hidden: No
Window Visible: No
Name: C:\Windows\System32\services.exe
PID: 660
Hidden: No
Window Visible: No
Name: C:\Windows\System32\lsass.exe
PID: 680
Hidden: No
Window Visible: No
Name: C:\Windows\System32\lsm.exe
PID: 688
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgcsrvx.exe
PID: 812
Hidden: No
Window Visible: No
Name: C:\Windows\System32\winlogon.exe
PID: 820
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 924
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1120
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1248
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1324
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1344
Hidden: No
Window Visible: No
Name: C:\Windows\System32\audiodg.exe
PID: 1448
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1508
Hidden: No
Window Visible: No
Name: C:\Windows\System32\SLsvc.exe
PID: 1528
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1564
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1732
Hidden: No
Window Visible: No
Name: C:\Windows\System32\wlanext.exe
PID: 1920
Hidden: No
Window Visible: No
Name: C:\Windows\System32\spoolsv.exe
PID: 1964
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 2004
Hidden: No
Window Visible: No
Name: C:\Windows\System32\taskeng.exe
PID: 388
Hidden: No
Window Visible: No
Name: C:\Windows\System32\dwm.exe
PID: 1608
Hidden: No
Window Visible: No
Name: C:\Windows\explorer.exe
PID: 528
Hidden: No
Window Visible: No
Name: C:\Windows\System32\taskeng.exe
PID: 1700
Hidden: No
Window Visible: No
Name: C:\Program Files\Google\Update\GoogleUpdate.exe
PID: 2072
Hidden: No
Window Visible: No
Name: C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PID: 2168
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgwdsvc.exe
PID: 2236
Hidden: No
Window Visible: No
Name: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PID: 2280
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 2420
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 2584
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 2664
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 2684
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PID: 2696
Hidden: No
Window Visible: No
Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 2788
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 2884
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 2932
Hidden: No
Window Visible: No
Name: C:\Windows\System32\SearchIndexer.exe
PID: 2956
Hidden: No
Window Visible: No
Name: C:\Windows\System32\drivers\XAudio.exe
PID: 3104
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgnsx.exe
PID: 3176
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgemc.exe
PID: 3212
Hidden: No
Window Visible: No
Name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PID: 3444
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgcsrvx.exe
PID: 3580
Hidden: No
Window Visible: No
Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 3796
Hidden: No
Window Visible: No
Name: C:\Windows\System32\WUDFHost.exe
PID: 3808
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 3924
Hidden: No
Window Visible: No
Name: C:\Windows\System32\igfxtray.exe
PID: 3420
Hidden: No
Window Visible: No
Name: C:\Windows\System32\hkcmd.exe
PID: 3376
Hidden: No
Window Visible: No
Name: C:\Windows\System32\igfxpers.exe
PID: 3500
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
PID: 3668
Hidden: No
Window Visible: No
Name: C:\Windows\System32\igfxsrvc.exe
PID: 2544
Hidden: No
Window Visible: No
Name: C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
PID: 1292
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PID: 2320
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PID: 396
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 2616
Hidden: No
Window Visible: No
Name: C:\Windows\RtHDVCpl.exe
PID: 1692
Hidden: No
Window Visible: No
Name: C:\Program Files\AVG\AVG9\avgtray.exe
PID: 2952
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 2768
Hidden: No
Window Visible: No
Name: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 3204
Hidden: No
Window Visible: Yes
Name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 1468
Hidden: No
Window Visible: No
Name: C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PID: 4064
Hidden: No
Window Visible: No
Name: C:\Users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
PID: 3076
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PID: 832
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PID: 4108
Hidden: No
Window Visible: No
Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 4232
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PID: 4292
Hidden: No
Window Visible: No
Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 5588
Hidden: No
Window Visible: No
Name: C:\Windows\System32\SearchFilterHost.exe
PID: 5856
Hidden: No
Window Visible: No
Name: C:\Users\Administrator\Desktop\New Folder\SysProt\SysProt.exe
PID: 6140
Hidden: No
Window Visible: Yes
Name: C:\Windows\System32\dllhost.exe
PID: 4360
Hidden: No
Window Visible: No
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Administrator\Desktop\New Folder\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 8E3D4000
Module End: 8E3DF000
Hidden: No
Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 82000000
Module End: 823A2000
Hidden: No
Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 823A2000
Module End: 823D6000
Hidden: No
Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 802C6000
Module End: 802CE000
Hidden: No
Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80266000
Module End: 802C6000
Hidden: No
Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 8025D000
Module End: 80266000
Hidden: No
Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80255000
Module End: 8025D000
Hidden: No
Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8021A000
Module End: 80255000
Hidden: No
Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 8051F000
Module End: 80600000
Hidden: No
Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 804A4000
Module End: 8051F000
Hidden: No
Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 8020D000
Module End: 8021A000
Hidden: No
Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 80461000
Module End: 804A4000
Hidden: No
Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 80204000
Module End: 8020D000
Hidden: No
Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 80459000
Module End: 80461000
Hidden: No
Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 80434000
Module End: 80459000
Hidden: No
Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80425000
Module End: 80434000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 80201000
Module End: 80204000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 8041B000
Module End: 80425000
Hidden: No
Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 8040B000
Module End: 8041B000
Hidden: No
Module Name: C:\Windows\system32\drivers\intelide.sys
Service Name: intelide
Module Base: 80404000
Module End: 8040B000
Hidden: No
Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 807F2000
Module End: 80800000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\pcmcia.sys
Service Name: pcmcia
Module Base: 807C8000
Module End: 807F2000
Hidden: No
Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 8077E000
Module End: 807C8000
Hidden: No
Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 80776000
Module End: 8077E000
Hidden: No
Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 80758000
Module End: 80776000
Hidden: No
Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 80727000
Module End: 80758000
Hidden: No
Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 80717000
Module End: 80727000
Hidden: No
Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 80613000
Module End: 80717000
Hidden: No
Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 8679C000
Module End: 867D5000
Hidden: No
Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 86694000
Module End: 8679C000
Hidden: No
Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 8662A000
Module End: 86694000
Hidden: No
Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 869CA000
Module End: 86A00000
Hidden: No
Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 8060B000
Module End: 80613000
Hidden: No
Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 8661B000
Module End: 8662A000
Hidden: No
Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8660C000
Module End: 8661B000
Hidden: No
Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 869A5000
Module End: 869CA000
Hidden: No
Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 86994000
Module End: 869A5000
Hidden: No
Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 86973000
Module End: 86994000
Hidden: No
Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 80602000
Module End: 8060B000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 87615000
Module End: 87620000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 873D8000
Module End: 873E1000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 87607000
Module End: 87615000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 8A0A0000
Module End: 8A0A9000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\igdkmd32.sys
Service Name: ialm
Module Base: 8A745000
Module End: 8AE00000
Hidden: No
Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8A4A1000
Module End: 8A540000
Hidden: No
Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8A130000
Module End: 8A13D000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8A02E000
Module End: 8A040000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\NETw5v32.sys
Service Name: NETw5v32
Module Base: 8AE77000
Module End: 8B200000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 8A023000
Module End: 8A02E000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8A464000
Module End: 8A4A1000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8A015000
Module End: 8A023000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\bcm4sbxp.sys
Service Name: bcm4sbxp
Module Base: 8A004000
Module End: 8A015000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\EMS7SK.sys
Service Name: EMSCR
Module Base: 873C9000
Module End: 873D8000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: 8A44C000
Module End: 8A464000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\ESM7SK.sys
Service Name: ESMCR
Module Base: 8A439000
Module End: 8A44C000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\ESD7SK.sys
Service Name: ESDCR
Module Base: 87205000
Module End: 8720F000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 87648000
Module End: 8764C000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 8A426000
Module End: 8A439000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8A41B000
Module End: 8A426000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8A410000
Module End: 8A41B000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8A63D000
Module End: 8A655000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8A612000
Module End: 8A63D000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 8A5D2000
Module End: 8A612000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8A405000
Module End: 8A410000
Hidden: No
Module Name: C:\Windows\System32\Drivers\RootMdm.sys
Service Name: ROOTMODEM
Module Base: 876C0000
Module End: 876C8000
Hidden: No
Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8A13D000
Module End: 8A14A000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8AE60000
Module End: 8AE77000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8AE55000
Module End: 8AE60000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8AE32000
Module End: 8AE55000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8A655000
Module End: 8A664000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8AE1F000
Module End: 8AE32000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\RimSerial.sys
Service Name: RimVSerPort
Module Base: 8A5A5000
Module End: 8A5AC000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8A664000
Module End: 8A673000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 877F8000
Module End: 877FA000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 8B3D6000
Module End: 8B400000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8A5C8000
Module End: 8A5D2000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8A14A000
Module End: 8A157000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8B2A1000
Module End: 8B2D5000
Hidden: No
Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 872A9000
Module End: 872B9000
Hidden: No
Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 8B84E000
Module End: 8BA00000
Hidden: No
Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8B4B2000
Module End: 8B4DF000
Hidden: No
Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8B48D000
Module End: 8B4B2000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Service Name: HSXHWAZL
Module Base: 8B450000
Module End: 8B48D000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: 8BCFD000
Module End: 8BE00000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: 8B64B000
Module End: 8B6FF000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: 8B80C000
Module End: 8B81E000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 877EC000
Module End: 877EE000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\LVMVDrv.sys
Service Name: LVMVDrv
Module Base: 8D422000
Module End: 8D600000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\lv321av.sys
Service Name: lv321av
Module Base: 8D732000
Module End: 8D800000
Hidden: No
Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8BC14000
Module End: 8BC1B000
Hidden: No
Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8B800000
Module End: 8B80C000
Hidden: No
Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8D401000
Module End: 8D422000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8BCBD000
Module End: 8BCC5000
Hidden: No
Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8BCC5000
Module End: 8BCCD000
Hidden: No
Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8AE11000
Module End: 8AE1F000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8A11E000
Module End: 8A127000
Hidden: No
Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8D63C000
Module End: 8D712000
Hidden: No
Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 8D623000
Module End: 8D63C000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8D60E000
Module End: 8D623000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8D9EC000
Module End: 8DA00000
Hidden: No
Module Name: C:\Windows\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: 8D9B2000
Module End: 8D9EC000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8D980000
Module End: 8D9B2000
Hidden: No
Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8D939000
Module End: 8D980000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8D923000
Module End: 8D939000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8D600000
Module End: 8D60E000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8D910000
Module End: 8D923000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8D8D5000
Module End: 8D910000
Hidden: No
Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8D8CB000
Module End: 8D8D5000
Hidden: No
Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8D8B4000
Module End: 8D8CB000
Hidden: No
Module Name: C:\Windows\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: 8A094000
Module End: 8A09A000
Hidden: No
Module Name: C:\Windows\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: 8D840000
Module End: 8D874000
Hidden: No
Module Name: C:\Windows\System32\Drivers\fastfat.SYS
Service Name: fastfat
Module Base: 8E038000
Module End: 8E060000
Hidden: No
Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8A164000
Module End: 8A171000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8E350000
Module End: 8E35B000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8BC85000
Module End: 8BC8D000
Hidden: Yes
Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8E2C4000
Module End: 8E2CE000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8A691000
Module End: 8A6A0000
Hidden: No
Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: A624C000
Module End: A6267000
Hidden: No
Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 8162E000
Module End: 816BC000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 872C9000
Module End: 872D9000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: A6355000
Module End: A6380000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 8E2E2000
Module End: 8E2EC000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: A6342000
Module End: A6355000
Hidden: No
Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: A64EF000
Module End: A6558000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: A6494000
Module End: A64AF000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: A7FE7000
Module End: A8000000
Hidden: No
Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: A6480000
Module End: A6494000
Hidden: No
Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: A7FC7000
Module End: A7FE7000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: A7FA9000
Module End: A7FC7000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: A7F70000
Module End: A7FA9000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: A7F5E000
Module End: A7F70000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: A7F3A000
Module End: A7F5E000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: A7EA9000
Module End: A7EFA000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: A9BC8000
Module End: A9BCC000
Hidden: No
Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: A9AA2000
Module End: A9B80000
Hidden: No
Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 8D811000
Module End: 8D81B000
Hidden: No
Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 8E3BE000
Module End: 8E3C9000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\xaudio.sys
Service Name: XAudio
Module Base: 87728000
Module End: 87730000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\WUDFRd.sys
Service Name: WUDFRd
Module Base: AA56B000
Module End: AA580000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\WUDFPf.sys
Service Name: ---
Module Base: AA559000
Module End: AA56B000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: A676A000
Module End: A6780000
Hidden: No
Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8BC0D000
Module End: 8BC14000
Hidden: No
Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8BC02000
Module End: 8BC0D000
Hidden: No
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied
Object: C:\System Volume Information\SPP
Status: Access denied
Object: C:\System Volume Information\SystemRestore
Status: Access denied
Object: C:\System Volume Information\tracking.log
Status: Access denied
Object: C:\System Volume Information\_restore{4E7FE90F-6A86-4E39-B5BF-018A1656C020}
Status: Access denied
Object: C:\System Volume Information\{2955c26d-8510-11df-b831-0016d4a97f26}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{49cf6cc4-8a70-11df-8dbe-0016d4a97f26}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{49cf6cca-8a70-11df-8dbe-0016d4a97f26}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{7dfc7464-877a-11df-95d5-0016d4a97f26}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{89b80905-8850-11df-9ace-0016d4a97f26}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{940b0c0f-89e4-11df-a9e1-0016d4a97f26}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{f707830e-8f55-11df-acfb-0016d4a97f26}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
Step # 1: Download and Run ComboFix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
* IMPORTANT !!! Save ComboFix.exe to your Desktop
When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
MadMonkey69
2010-07-15, 11:38
OK Thanks, here is the Log produced:
ComboFix 10-07-14.02 - Administrator 15/07/2010 9:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1526.759 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\BarDiscover
c:\program files\BarDiscover\bardiscover.exe
c:\program files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}
c:\program files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome\bardiscover.jar
c:\program files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\install.rdf
c:\program files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
c:\windows\system32\%appdata%
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_BarDiscover Service
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.
2010-07-15 08:25 . 2010-07-15 08:25 -------- d-----w- c:\users\Graham\AppData\Local\temp
2010-07-15 08:25 . 2010-07-15 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-15 08:25 . 2010-07-15 08:25 -------- d-----w- c:\users\Clare\AppData\Local\temp
2010-07-08 09:11 . 2010-07-08 09:12 -------- d-----w- c:\program files\ERUNT
2010-07-07 23:39 . 2010-07-07 23:46 -------- d-----w- c:\program files\Free Window Registry Repair
2010-07-07 23:34 . 2010-07-07 23:34 -------- d-----w- c:\program files\CCleaner
2010-07-07 18:26 . 2010-07-07 18:26 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-07-06 18:10 . 2010-07-07 18:20 -------- d-----w- c:\users\Graham\AppData\Local\lmrlugrdq
2010-07-01 15:29 . 2010-07-07 16:24 -------- d-----w- c:\program files\Angle Interactive
2010-07-01 15:29 . 2010-07-07 16:23 -------- d-----w- c:\programdata\RegDef2010
2010-06-21 18:52 . 2010-06-21 18:52 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 19:13 . 2010-02-28 12:13 59848 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-14 19:10 . 2010-03-28 16:36 -------- d-----w- c:\users\Graham\AppData\Roaming\Skype
2010-07-14 15:02 . 2010-06-11 15:38 -------- d-----w- c:\users\Graham\AppData\Roaming\skypePM
2010-07-08 00:10 . 2010-02-28 19:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-01 15:44 . 2010-02-28 14:51 -------- d-----w- c:\users\Graham\AppData\Roaming\U3
2010-06-21 18:44 . 2010-02-28 15:35 193006 ----a-w- c:\windows\hpoins40.dat
2010-06-16 17:00 . 2010-03-14 15:37 -------- d-----w- c:\programdata\Research In Motion
2010-06-16 17:00 . 2010-02-28 15:11 -------- d-----w- c:\program files\Research In Motion
2010-06-16 17:00 . 2010-02-28 15:27 -------- d-----w- c:\users\Graham\AppData\Roaming\Research In Motion
2010-06-15 18:57 . 2010-03-17 12:57 -------- d-----w- c:\users\Graham\AppData\Roaming\HP
2010-06-11 18:10 . 2010-06-11 18:08 -------- d-----w- c:\program files\Google
2010-06-11 18:07 . 2010-03-28 16:35 -------- d-----r- c:\program files\Skype
2010-06-11 15:38 . 2010-06-11 15:38 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-11 07:40 . 2010-03-07 15:54 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 15:34 . 2010-02-28 01:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 13:36 . 2010-02-28 19:50 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 13:36 . 2010-02-28 19:50 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 13:01 . 2010-05-28 13:01 -------- d-----w- c:\program files\Common Files\Java
2010-05-28 12:59 . 2010-05-28 13:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-28 12:58 . 2010-05-28 12:58 -------- d-----w- c:\program files\Java
2010-05-21 13:14 . 2010-02-28 00:44 221568 ------w- c:\windows\system32\MpSigStub.exe
2007-09-13 00:50 . 2007-09-13 00:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
------- Sigcheck -------
[-] 2006-11-10 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-02-28 1232896]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-13 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 754712]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 gupdate1cb09911e3ca188;Google Update Service (gupdate1cb09911e3ca188);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 133104]
R3 SysProtDrv.sys;SysProtDrv.sys;c:\users\Administrator\Desktop\New Folder\SysProt\SysProtDrv.sys [2010-07-14 44288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-03 242896]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-17 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 18:08]
2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 18:08]
2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{885D44DF-0C7F-4D73-9593-872CEBE33E04}.job
- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]
2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{CD082997-E0D5-4939-AF75-D09E22118A7A}.job
- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-15 09:28
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-07-15 09:35:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-15 08:35
Pre-Run: 48,653,783,040 bytes free
Post-Run: 48,353,652,736 bytes free
- - End Of File - - E4785C7DDEA00CE7255DC28D25097C89
Step # 1: Run CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
KILLALL::
Folder::
c:\users\Graham\AppData\Local\lmrlugrdq
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5577
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Note: This CFScript is for use on madmonkey69's computer only! Do not use it on your computer.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Step # 2: Restore Proxy Settings
In Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings".
In your next post/reply, I need to see the following:
1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 2 has been completed.
3. Is the computer able to connect to the Internet?
MadMonkey69
2010-07-16, 21:34
Every time i try to drag CFScript.txt into ComboFix.exe i get error pop up with..
C:\Users\Administrator\Desktop\ComboFix.exe
Illegal operation attempted on a registry key that has been marked for deletion.
MadMonkey69
2010-07-16, 22:14
OK sorted that..... i logged out, and back in again and it is running now...sorry for the panic :lip:
MadMonkey69
2010-07-16, 23:18
OK my friend, here we are:
The re-run of ComboFix after Step 1
ComboFix 10-07-14.02 - Administrator 16/07/2010 20:26:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1526.770 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Graham\AppData\Local\lmrlugrdq
.
((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))))
.
2010-07-16 19:34 . 2010-07-16 19:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-07-16 19:34 . 2010-07-16 19:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-16 19:34 . 2010-07-16 19:34 -------- d-----w- c:\users\Graham\AppData\Local\temp
2010-07-16 19:34 . 2010-07-16 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-16 19:34 . 2010-07-16 19:34 -------- d-----w- c:\users\Clare\AppData\Local\temp
2010-07-16 18:35 . 2010-07-16 18:35 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-16 18:35 . 2010-07-16 18:35 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-16 18:35 . 2010-07-16 18:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 18:32 . 2010-07-16 18:32 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-16 18:32 . 2010-07-16 18:32 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-07-16 18:32 . 2010-07-16 18:32 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-16 18:32 . 2010-07-16 18:32 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-16 18:25 . 2010-07-16 18:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Research In Motion
2010-07-08 09:11 . 2010-07-08 09:12 -------- d-----w- c:\program files\ERUNT
2010-07-07 23:39 . 2010-07-07 23:46 -------- d-----w- c:\program files\Free Window Registry Repair
2010-07-07 23:34 . 2010-07-07 23:34 -------- d-----w- c:\program files\CCleaner
2010-07-07 18:26 . 2010-07-07 18:26 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-07-01 15:29 . 2010-07-07 16:24 -------- d-----w- c:\program files\Angle Interactive
2010-07-01 15:29 . 2010-07-07 16:23 -------- d-----w- c:\programdata\RegDef2010
2010-06-21 18:52 . 2010-06-21 18:52 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 19:10 . 2010-03-28 16:36 -------- d-----w- c:\users\Graham\AppData\Roaming\Skype
2010-07-16 19:08 . 2010-06-11 15:38 -------- d-----w- c:\users\Graham\AppData\Roaming\skypePM
2010-07-16 18:35 . 2010-02-28 19:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 18:35 . 2010-02-28 19:50 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 19:13 . 2010-02-28 12:13 59848 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-08 00:10 . 2010-02-28 19:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-01 15:44 . 2010-02-28 14:51 -------- d-----w- c:\users\Graham\AppData\Roaming\U3
2010-06-21 18:44 . 2010-02-28 15:35 193006 ----a-w- c:\windows\hpoins40.dat
2010-06-16 17:00 . 2010-03-14 15:37 -------- d-----w- c:\programdata\Research In Motion
2010-06-16 17:00 . 2010-02-28 15:11 -------- d-----w- c:\program files\Research In Motion
2010-06-16 17:00 . 2010-02-28 15:27 -------- d-----w- c:\users\Graham\AppData\Roaming\Research In Motion
2010-06-15 18:57 . 2010-03-17 12:57 -------- d-----w- c:\users\Graham\AppData\Roaming\HP
2010-06-11 18:10 . 2010-06-11 18:08 -------- d-----w- c:\program files\Google
2010-06-11 18:07 . 2010-03-28 16:35 -------- d-----r- c:\program files\Skype
2010-06-11 15:38 . 2010-06-11 15:38 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-11 07:40 . 2010-03-07 15:54 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 15:34 . 2010-02-28 01:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 13:36 . 2010-02-28 19:50 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 13:01 . 2010-05-28 13:01 -------- d-----w- c:\program files\Common Files\Java
2010-05-28 12:59 . 2010-05-28 13:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-28 12:58 . 2010-05-28 12:58 -------- d-----w- c:\program files\Java
2010-05-21 13:14 . 2010-02-28 00:44 221568 ------w- c:\windows\system32\MpSigStub.exe
2007-09-13 00:50 . 2007-09-13 00:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
------- Sigcheck -------
[-] 2006-11-10 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-02-28 1232896]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-13 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 754712]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 gupdate1cb09911e3ca188;Google Update Service (gupdate1cb09911e3ca188);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 133104]
R3 SysProtDrv.sys;SysProtDrv.sys;c:\users\Administrator\Desktop\New Folder\SysProt\SysProtDrv.sys [2010-07-14 44288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-16 921440]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 18:08]
2010-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 18:08]
2010-07-16 c:\windows\Tasks\User_Feed_Synchronization-{885D44DF-0C7F-4D73-9593-872CEBE33E04}.job
- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]
2010-07-16 c:\windows\Tasks\User_Feed_Synchronization-{CD082997-E0D5-4939-AF75-D09E22118A7A}.job
- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 20:36
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RtHDVCpl.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\igfxsrvc.exe
c:\users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-07-16 20:43:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-16 19:43
ComboFix2.txt 2010-07-15 08:35
Pre-Run: 47,774,552,064 bytes free
Post-Run: 47,686,111,232 bytes free
- - End Of File - - 339EC7111DDF12778BB6346E9EDFE520
The re-run of DDS after Step 2
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 21:03:43.65 on 16/07/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1526.625 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [AcerOrbicamRibbon] "c:\program files\acer\orbicam10\OrbiCam.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-28 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-28 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-28 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-28 1153368]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2010-2-28 847392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 gupdate1cb09911e3ca188;Google Update Service (gupdate1cb09911e3ca188);c:\program files\google\update\GoogleUpdate.exe [2010-6-11 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-28 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\users\administrator\desktop\new folder\sysprot\SysProtDrv.sys [2010-7-14 44288]
=============== Created Last 30 ================
2010-07-16 19:36:43 0 d-----w- C:\$RECYCLE.BIN
2010-07-16 18:35:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 18:25:48 0 d-----w- c:\users\admini~1\appdata\roaming\Research In Motion
2010-07-15 08:15:09 98816 ----a-w- c:\windows\sed.exe
2010-07-15 08:15:09 77312 ----a-w- c:\windows\MBR.exe
2010-07-15 08:15:09 256512 ----a-w- c:\windows\PEV.exe
2010-07-15 08:15:09 161792 ----a-w- c:\windows\SWREG.exe
2010-07-14 15:43:05 183891746 ----a-w- c:\windows\MEMORY.DMP
2010-07-07 23:39:05 0 d-----w- c:\program files\Free Window Registry Repair
2010-07-07 23:34:36 0 d-----w- c:\program files\CCleaner
2010-07-07 18:26:11 0 d-----w- c:\programdata\Office Genuine Advantage
2010-07-01 15:29:35 0 d-----w- c:\programdata\RegDef2010
2010-07-01 15:29:35 0 d-----w- c:\program files\Angle Interactive
2010-06-21 18:44:37 992 ------w- c:\windows\hpomdl40.dat.temp
==================== Find3M ====================
2010-07-16 18:35:25 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 18:35:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 18:44:42 193006 ----a-w- c:\windows\hpoins40.dat
2010-06-16 17:01:36 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-06-16 17:01:36 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-16 17:01:31 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-11 15:38:33 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-28 12:59:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-02-28 01:50:06 174 --sha-w- c:\program files\desktop.ini
2010-02-28 01:42:43 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-09-13 00:50:35 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 21:04:19.08 ===============
I managed to connect through Internet Explorer to the Internet as Administrator, BUT have not tried anything else until you say ;)
Good to hear that the computer can connect to the Internet. :bigthumb:
Registry Cleaners + "Tweak" Tools
Re. Free Window Registry Repair
I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools
They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though
Stopping services and setting policies can speed up your machine ..... as long as you stop and set the right ones, and even then it's debatable if you will notice the improvement.
Remove the wrong registry entry, or stop the wrong service, and not only can you slow your machine .... you could kill it !
To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing and what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.
discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
Step # 1 Update Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u21 (http://www.java.com/en/download/manual.jsp).
Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
Close any programs you may have running - especially your web browser.
Go to start > control panel > programs and features and remove all older versions of Java.
Remove the following old versions of Java:
Java(TM) 6 Update 20
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
From your desktop double-click on the download to install the newest version.
Step # 2 Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 24 hours
Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the Internet Explorer section except Cookies
Clean all the entries in the Windows Explorer section
Clean all entries in the System section
Clean all entries in the Advanced section
Clean any others that you choose
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it
Clean all in the Opera section if you use it
Clean Sun Java in the Internet Section
Clean any others that you choose
Click the Run Cleaner button.
A pop up box will appear advising this process will permanently delete files from your system.
Click OK and it will scan and clean your system.
Click exit when done.
If it asks you to reboot at the end, click NO
Step # 3 Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php).
Right-Click mbam-setup.exe and choose Run as Administrator to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Post the MalwareBytes' Log in your next post/reply.
MadMonkey69
2010-07-17, 14:21
All 3 steps seemed to go OK, here is the log generated by Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4321
Windows 6.0.6000
Internet Explorer 8.0.6001.18904
17/07/2010 12:11:16
mbam-log-2010-07-17 (12-11-16).txt
Scan type: Quick scan
Objects scanned: 151694
Time elapsed: 9 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
NOTE
Everything we have done, i have done from the Admin account rather than Grahams or Clares, hope this is OK
Also, still have all Anti-virus and Firewall off :2thumb:
Everything we have done, i have done from the Admin account rather than Grahams or Clares, hope this is OK
That's fine. :)
Step # 1: Run Kaspersky Online Scan
Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.
Go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
In your next post/reply, I need to see the following:
1. Kaspersky Log
2. A fresh DDS Log
3. How is the computer doing, any problems?
MadMonkey69
2010-07-18, 23:43
Run Kaspersky and DDS again, results as follows:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, July 18, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, July 18, 2010 05:42:57
Records in database: 4231028
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 92138
Threats found: 4
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:11:26
File name / Threat / Threats count
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AT8N5X1\upgrade[1].cab Infected: not-a-virus:AdWare.Win32.Zwangi.yo 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RGW2EA4\upgrade[1].cab Infected: not-a-virus:AdWare.Win32.Zwangi.rt 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1XHZX0B\upgrade[1].cab Infected: not-a-virus:AdWare.Win32.Zwangi.ql 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXE2UNTB\upgrade[1].cab Infected: not-a-virus:AdWare.Win32.Zwangi.tt 1
Selected area has been scanned.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 21:10:40.63 on 18/07/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1526.637 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\System32\wsqmcons.exe
C:\Users\Administrator\AppData\Local\temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Users\Administrator\AppData\Local\temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [AcerOrbicamRibbon] "c:\program files\acer\orbicam10\OrbiCam.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\hd0n2zj5.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-28 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-28 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-28 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-28 1153368]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2010-2-28 847392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 gupdate1cb09911e3ca188;Google Update Service (gupdate1cb09911e3ca188);c:\program files\google\update\GoogleUpdate.exe [2010-6-11 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-28 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\users\administrator\desktop\new folder\sysprot\SysProtDrv.sys [2010-7-14 44288]
=============== Created Last 30 ================
2010-07-17 10:50:53 0 d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2010-07-17 10:50:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-17 10:50:30 0 d-----w- c:\programdata\Malwarebytes
2010-07-17 10:50:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-17 10:50:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-16 19:36:43 0 d-----w- C:\$RECYCLE.BIN
2010-07-16 18:35:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 18:25:48 0 d-----w- c:\users\admini~1\appdata\roaming\Research In Motion
2010-07-15 08:15:09 98816 ----a-w- c:\windows\sed.exe
2010-07-15 08:15:09 77312 ----a-w- c:\windows\MBR.exe
2010-07-15 08:15:09 256512 ----a-w- c:\windows\PEV.exe
2010-07-15 08:15:09 161792 ----a-w- c:\windows\SWREG.exe
2010-07-07 23:39:05 0 d-----w- c:\program files\Free Window Registry Repair
2010-07-07 23:34:36 0 d-----w- c:\program files\CCleaner
2010-07-07 18:26:11 0 d-----w- c:\programdata\Office Genuine Advantage
2010-07-01 15:29:35 0 d-----w- c:\programdata\RegDef2010
2010-07-01 15:29:35 0 d-----w- c:\program files\Angle Interactive
2010-06-21 18:44:37 992 ------w- c:\windows\hpomdl40.dat.temp
==================== Find3M ====================
2010-07-17 10:04:35 193006 ----a-w- c:\windows\hpoins40.dat
2010-07-17 09:49:02 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 18:35:25 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 18:35:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-16 17:01:36 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-06-16 17:01:36 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-16 17:01:31 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-11 15:38:33 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-02-28 01:50:06 174 --sha-w- c:\program files\desktop.ini
2010-02-28 01:42:43 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-09-13 00:50:35 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 21:12:03.25 ===============
3. How is the computer doing, any problems?
What should i look for ? I can still connect to the web but have no security services running. All i have tried is a few sites from the Admin account and they seem fine. Let me know and i will try the other 2 accounts and then disable the Admin one. :rockon:
Before you turn the AntiVirus and Firewall back on, I'd like for you to do the following:
Delete CFScript.txt from your Desktop, you will be creating and running a new one.
Step # 1: Run CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
KILLALL::
File::
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AT8N5X1\upgrade[1].cab
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RGW2EA4\upgrade[1].cab
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1XHZX0B\upgrade[1].cab
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXE2UNTB\upgrade[1].cab
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Note: This CFScript is for use on madmonkey69's computer only! Do not use it on your computer.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Once ComboFix is done running, go ahead and re-enable the computer's AntiVirus and Firewall. Surf around the web using the Admin account, visit the websites you normally visit, see if you get any hijacks/redirects or if everything is fine. Then do the same with Graham's account and Clare's account. See if you get any redirects/hijacks when using their accounts.
In your next post/reply, I need to see the following:
1. The ComboFix Log that appears after Step 1 has been completed.
2. Any problems with any of the accounts? And if so, which one(s)?
MadMonkey69
2010-07-19, 13:53
OK, here is the last ComboFix run:
ComboFix 10-07-16.02 - Administrator 19/07/2010 9:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1526.744 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
FILE ::
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AT8N5X1\upgrade[1].cab"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RGW2EA4\upgrade[1].cab"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1XHZX0B\upgrade[1].cab"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXE2UNTB\upgrade[1].cab"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AT8N5X1\upgrade[1].cab
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RGW2EA4\upgrade[1].cab
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1XHZX0B\upgrade[1].cab
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXE2UNTB\upgrade[1].cab
.
((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.
2010-07-19 08:25 . 2010-07-19 08:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-07-19 08:25 . 2010-07-19 08:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-19 08:25 . 2010-07-19 08:25 -------- d-----w- c:\users\Graham\AppData\Local\temp
2010-07-19 08:25 . 2010-07-19 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-19 08:25 . 2010-07-19 08:25 -------- d-----w- c:\users\Clare\AppData\Local\temp
2010-07-18 10:53 . 2010-07-18 10:53 -------- d-----w- c:\windows\Sun
2010-07-17 10:50 . 2010-07-17 10:50 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-07-17 10:50 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-17 10:50 . 2010-07-17 10:50 -------- d-----w- c:\programdata\Malwarebytes
2010-07-17 10:50 . 2010-07-17 10:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-17 10:50 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-17 10:02 . 2010-07-17 10:02 0 ----a-w- c:\windows\nsreg.dat
2010-07-17 10:02 . 2010-07-17 10:02 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2010-07-17 09:49 . 2010-07-17 09:49 -------- d-----w- c:\program files\Common Files\Java
2010-07-16 18:35 . 2010-07-16 18:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 18:25 . 2010-07-16 18:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Research In Motion
2010-07-08 09:11 . 2010-07-08 09:12 -------- d-----w- c:\program files\ERUNT
2010-07-07 23:39 . 2010-07-07 23:46 -------- d-----w- c:\program files\Free Window Registry Repair
2010-07-07 23:34 . 2010-07-17 09:53 -------- d-----w- c:\program files\CCleaner
2010-07-07 18:26 . 2010-07-07 18:26 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-07-01 15:29 . 2010-07-07 16:24 -------- d-----w- c:\program files\Angle Interactive
2010-07-01 15:29 . 2010-07-07 16:23 -------- d-----w- c:\programdata\RegDef2010
2010-06-21 18:52 . 2010-06-21 18:52 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 10:04 . 2010-02-28 15:35 193006 ----a-w- c:\windows\hpoins40.dat
2010-07-17 09:49 . 2010-05-28 13:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 19:57 . 2010-03-28 16:36 -------- d-----w- c:\users\Graham\AppData\Roaming\Skype
2010-07-16 19:08 . 2010-06-11 15:38 -------- d-----w- c:\users\Graham\AppData\Roaming\skypePM
2010-07-16 18:35 . 2010-02-28 19:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 18:35 . 2010-02-28 19:50 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 19:13 . 2010-02-28 12:13 59848 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-08 00:10 . 2010-02-28 19:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-01 15:44 . 2010-02-28 14:51 -------- d-----w- c:\users\Graham\AppData\Roaming\U3
2010-06-16 17:00 . 2010-03-14 15:37 -------- d-----w- c:\programdata\Research In Motion
2010-06-16 17:00 . 2010-02-28 15:11 -------- d-----w- c:\program files\Research In Motion
2010-06-16 17:00 . 2010-02-28 15:27 -------- d-----w- c:\users\Graham\AppData\Roaming\Research In Motion
2010-06-15 18:57 . 2010-03-17 12:57 -------- d-----w- c:\users\Graham\AppData\Roaming\HP
2010-06-11 18:10 . 2010-06-11 18:08 -------- d-----w- c:\program files\Google
2010-06-11 18:07 . 2010-03-28 16:35 -------- d-----r- c:\program files\Skype
2010-06-11 15:38 . 2010-06-11 15:38 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-11 07:40 . 2010-03-07 15:54 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 15:34 . 2010-02-28 01:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 13:36 . 2010-02-28 19:50 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 12:58 . 2010-05-28 12:58 -------- d-----w- c:\program files\Java
2010-05-21 13:14 . 2010-02-28 00:44 221568 ------w- c:\windows\system32\MpSigStub.exe
2007-09-13 00:50 . 2007-09-13 00:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
------- Sigcheck -------
[-] 2006-11-10 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-02-28 1232896]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-13 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 754712]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 gupdate1cb09911e3ca188;Google Update Service (gupdate1cb09911e3ca188);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 133104]
R3 SysProtDrv.sys;SysProtDrv.sys;c:\users\Administrator\Desktop\New Folder\SysProt\SysProtDrv.sys [2010-07-14 44288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-16 921440]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 18:08]
2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 18:08]
2010-07-19 c:\windows\Tasks\User_Feed_Synchronization-{885D44DF-0C7F-4D73-9593-872CEBE33E04}.job
- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]
2010-07-19 c:\windows\Tasks\User_Feed_Synchronization-{CD082997-E0D5-4939-AF75-D09E22118A7A}.job
- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hd0n2zj5.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-19 09:27
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-865222298-2289561846-1444933342-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,56,ca,09,ff,53,53,45,97,08,5b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,56,ca,09,ff,53,53,45,97,08,5b,\
[HKEY_USERS\S-1-5-21-865222298-2289561846-1444933342-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-865222298-2289561846-1444933342-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-865222298-2289561846-1444933342-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-865222298-2289561846-1444933342-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-865222298-2289561846-1444933342-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-07-19 09:34:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-19 08:34
ComboFix2.txt 2010-07-16 19:43
ComboFix3.txt 2010-07-15 08:35
Pre-Run: 46,826,934,272 bytes free
Post-Run: 46,473,216,000 bytes free
- - End Of File - - 36B3A6E9783C3BB680686DA18637588D
Just to mention, while it was running a couple of Access Denied messages scrolled up the screen, although it was run as Administrator.
I have had a wander about the web as Admin & Grahams account (didnt bother with Clares as she hardly uses it).
The only problem i had was using Firefox & IE in grahams account, but that was a case of just changing the proxy setting back.
All seems fine. I have downloaded Avira instead of AVG for him as i think that is better.
Do i need to do anything else ?
Good to hear that all seems fine. :)
I have downloaded Avira instead of AVG for him as i think that is better.
That's fine. If you haven't already, be sure to uninstall AVG as you don't want two AntiViruses running on the computer at the same time.
If there are no more problems, you're good to go. :)
Since your computer looks to be clean, now would be a good time to upgrade to Windows Vista SP2. To do that, go to Windows Update (http://windowsupdate.microsoft.com) and download and install SP2. Once that is done, reboot your computer and go back to Windows Update and download all the critical updates listed. Reboot once they are installed and repeat until there are no more critical updates left to download.
You can delete the following off of the computer:
DDS.scr
The two DDS Logs
GMER.zip
GMER.exe
The GMER Log
SysProt.zip
SysProt.exe
The SysProt Log
To remove ComboFix, do the following:
Open up the Run command by pressing the Windows Button and R button at the same time. The Windows Button is at the bottom left of the keyboard between the Ctrl and Alt buttons.
Once the Run command window opens type in ComboFix /Uninstall & click OK.
Empty your Recycle Bin.
Please take the time to read my All Clean Post.
Hide system files
Right click on the Start menu and select Explore.
Press the Alt button
Click on Tools > Folder Options....
Select the View tab.
Under Hidden files and folders, select Do not show hidden files and folders.
Check (tick) these two boxes: Hide extensions for known file types
Hide protected operating system files (Recommended) Click Yes when Windows prompts.
Click OK to apply the settings.
Flush the system restore points
Click on Start.
Right click on Computer and select Properties.
Click on System Protection under Tasks section.
Uncheck (untick) all the boxes under Create restore points automatically on the selected disks section.
Click OK.
Restart your computer.
After restarting your computer, follow these steps:
Click on Start.
Right click on Computer and select Properties.
Click on System Protection under Tasks section.
Check (tick) all the boxes under Create restore points automatically on the selected disks section.
Click OK.
Restart your computer.
Note: Do this only ONCE, don't flush it regularly.
Enable UAC
While UAC in Vista is certainly annoying to some extent, it offers some protection for Windows. Here's an explanation - http://www.dcr.net/~w-clayton/Vista/UAC/UAC_app_compat_and_virtualization.htm
Click on Start > Control Panel.
Double click on User Accounts.
Under Make changes to your user account, click on Turn User Account Control on or off.
Check (tick) this box: Use User Account Control (UAC) to help protect the computer.
Click OK.
Keep your system updated
Update Windows
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.
Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.
To update Windows, click on Start > Windows Update (or Start > All Programs > Windows Update if you are using the new Vista Start Menu). If the Windows Update is not found there, go to this link - http://update.microsoft.com/ .
Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.
Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.
Be careful when opening attachments and downloading files.
Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).
Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it. Follow this article (http://articles.techrepublic.com.com/5100-10877_11-6179067.html) to learn how to backup. To restore them, see this article (http://articles.techrepublic.com.com/5100-10877_11-6180819.html).
If you are using Vista Business, Vista Ultimate or Vista Enterprise, you might want to back up your whole computer instead. See here (http://www.bleepingcomputer.com/tutorials/tutorial145.html) on how to do it.
To restore, see this tutorial (http://www.bleepingcomputer.com/tutorials/tutorial144.html).
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs (http://p2p.malwareremoval.com/) if you need to use one.
Prevent a re-infection
Winpatrol
Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here (http://www.winpatrol.com/features.html).
You can get a free copy (http://www.winpatrol.com/wpsetup.exe) of Winpatrol or use the Plus version (http://winpatrol.stores.yahoo.net/winplusmemre.html) for more features.
You can read Winpatrol's FAQ (http://www.winpatrol.com/faq.html) if you run into problems.
Hosts File
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.
Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
Here are some Hosts files:
MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
Bluetack's Hosts File (http://www.bluetack.co.uk/forums/index.php?showtopic=8406)
Bluetack's Host Manager (http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=16)
hpHosts (http://hphosts.mysteryfcm.co.uk/?s=Download)
A tutorial (http://forum.malwareremoval.com/viewtopic.php?t=22187) about Hosts File can be found at Malware Removal.
Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs (http://www.spywarewarrior.com/rogue_anti-spyware.htm) and Malwarebytes RogueNET (http://www.malwarebytes.org/roguenet.php). This will save you from a lot of trouble. If in doubt, don't ever download it.
Use an alternative Internet Browser
Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead.
Firefox (http://www.mozilla.com/en-US/firefox/)
Opera (http://www.opera.com/download/)
K-Meleon (http://kmeleon.sourceforge.net/download.php)
Use an alternative email client
If you are using Outlook Express as your default email client, try using Thunderbird (http://www.mozilla.com/en-US/thunderbird/) or Pegasus Mail (http://www.pmail.com/) instead.
Here are some more things to read about:
List of clean and infected download managers (http://www.safer-networking.org/en/articles/download-managers.html)
Configuring Skype (http://www.tcd.ie/iss/internet/skype.php)
Greater email safety (http://surfthenetsafely.com/surfsafely4.htm)
Phishing - what is it? (http://surfthenetsafely.com/phishing.htm)
Configuring Outlook Express (http://surfthenetsafely.com/slides/oeconfigureslide1.htm)
The Unofficial Cookie FAQ (http://www.cookiecentral.com/faq)
Securing your home wireless network (http://www.windowsecurity.com/articles/Wireless-Network-Security-Home.html)
80 Super Security Tips (http://www.pcmag.com/article2/0,1895,1838690,00.asp)
Please reply one last time so that I know you have read my post and this thread can be closed.
MadMonkey69
2010-07-20, 14:07
Oh yes i uninstalled AVG.
I am normally good with computers, and build and repair them as a hobby, BUT Malware etc.. is a nightmare. Normally i would just re-install windows, but i have a brain for knowledge, and love learning so i thought i would try with expert help. Most of what you showed me i understood what we were trying to accomplish (though i had never heard of any of those programs), as in what programs we ran, and what showed up in the logs. The last 2 runs of ComboFix (as in dragging those txt files into ComboFix) was straight forward to understand.
There must be so much more to become an expert on this subject. Is there anywhere i can go on the Internet to learn more ? It would be good for me, and for others, as then i would not have to ask for help, and maybe i could even help others. I guess i could just pick a thread here every so often and follow that, seeing if i would come up with the same as the experts. If you can think of anywhere to gain knowledge, PLEASE let me know.
I think i done everything. Still reading through the last lot of links :laugh:
I have booked mark this page so i can refer to it in future (will it get archived though ???).
So many, many thanks for you expert assistance and if you know of anywhere i can learn more PLEASE let me know.
Take care and thanks again :friend:
I have booked mark this page so i can refer to it in future (will it get archived though ???).
Yes, this thread will be archived into the archives (http://forums.spybot.info/forumdisplay.php?f=23) section of the forum. You'll still be able to read through the thread, just not reply to it.
There must be so much more to become an expert on this subject. Is there anywhere i can go on the Internet to learn more ? It would be good for me, and for others, as then i would not have to ask for help, and maybe i could even help others. I guess i could just pick a thread here every so often and follow that, seeing if i would come up with the same as the experts. If you can think of anywhere to gain knowledge, PLEASE let me know.
I was trained at malware removal at Malware Removal University (http://www.malwareremoval.com/university.php). If you decide to apply there, there's a waiting list to get in. And once you do get in, its a time intensive process to learn how to identify and remove malware/spyware. Expect to spend at least 6 months of study/training before you can take on logs/help people with supervised help. :)
Finally, I'm glad I was able to help you out. You're welcome. :)
Good luck and safe surfing!
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.