1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active malwarebytes ip protection-infections constantly detected

Discussion in 'Malware and Virus Removal Archive' started by teelions, 2009/08/28.

  1. 2009/08/28
    teelions

    teelions Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    4
    Likes Received:
    0
    [Active] malwarebytes ip protection-infections constantly detected

    For the past several weeks I have been getting "Malwarebytes' Anti-Malware IP Protection: Infection Detected" pop-up message from the Malwarebytes' Anti-Malware icon in the notification area. And lately I have been getting them more frequently. How do i distinguish between what is real and what may be a false positive?

    By the way, I cannot see how to attach the Attach.zip file (I have one). But please don't dismiss this post!

    Here is the DDS.txt:


    DDS (Ver_09-07-30.01) - NTFSx86
    Run by Terry at 9:14:41.57 on Fri 08/28/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3032.2103 [GMT -4:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
    svchost.exe
    C:\Program Files\Rhapsody\rhaphlpr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Terry\Desktop\Malware removal Guide\DDS scanning tool\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = https://remoteaccess.wyndhamworldwide.com/dana-na/auth/url_2/welcome.cgi
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AdobeBridge]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
    mRun: [OODefragTray] c:\windows\system32\oodtray.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe
    mRun: [HPHUPD06] c:\program files\hp\{ba2d9411-dbb4-43e4-9421-780413650a67}\hphupd06.exe
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe "
    mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - file://l:\drivers\msxml4.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://svphxqcenter01.hotelgroup.com/qcbin/Spider91.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remoteaccess.wyndhamworldwide.com/dana-cached/setup/JuniperSetupSP1.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LMIinit - LMIinit.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\terry\applic~1\mozilla\firefox\profiles\vjaou9jo.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://us.mc527.mail.yahoo.com/mc/welcome?.gx=1&.tm=1250430580&.rand=5d7nhcvu7gcco
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\terry\application data\move networks\plugins\npqmp071504000001.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-15 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-15 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-15 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-16 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-16 297752]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-8-18 47640]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-15 232720]
    R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-7-26 2062872]
    R3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\drivers\e1q5132.sys [2009-7-26 135264]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-15 19096]
    R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1558000]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    =============== Created Last 30 ================

    2009-08-27 13:44 54 a------- c:\windows\system\BSinf78158.drv
    2009-08-26 23:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DFX
    2009-08-26 23:36 <DIR> --d----- c:\program files\common files\DFX
    2009-08-26 01:22 <DIR> --d----- c:\program files\Rhapsody
    2009-08-25 01:27 <DIR> --d----- c:\program files\NoteAttack
    2009-08-24 19:44 <DIR> --d----- c:\program files\vanBasco's Karaoke Player
    2009-08-24 12:06 <DIR> --d----- c:\windows\MSSecurityNS
    2009-08-24 12:06 <DIR> --d----- c:\windows\MSSecurityNi
    2009-08-24 09:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2009-08-24 09:49 <DIR> --d----- c:\docume~1\terry\applic~1\AVG8
    2009-08-24 09:26 <DIR> --d----- c:\windows\system32\wbem\Repository
    2009-08-24 09:25 <DIR> --d-h--- C:\$AVG8.VAULT$
    2009-08-24 09:25 <DIR> --d----- c:\windows\system32\drivers\Avg
    2009-08-24 09:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
    2009-08-24 09:25 <DIR> --d----- c:\program files\AVG
    2009-08-23 17:50 119,750 a------- C:\MGlogs.zip
    2009-08-23 17:50 <DIR> --d----- C:\MGtools
    2009-08-23 17:50 <DIR> --d----- C:\RECYCLER(2)
    2009-08-23 17:44 <DIR> --d----- C:\32788R22FWJFW(2)
    2009-08-23 17:33 <DIR> --d----- C:\cmdcons
    2009-08-23 16:26 <DIR> --d----- c:\program files\Trend Micro(3)
    2009-08-23 12:50 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-08-23 12:50 <DIR> --d----- c:\program files\Lavasoft
    2009-08-23 12:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
    2009-08-23 12:06 <DIR> --d----- c:\program files\Trend Micro(2)
    2009-08-21 17:23 <DIR> --d----- c:\program files\common files\Adobe AIR(2)
    2009-08-20 14:48 <DIR> --d----- c:\docume~1\terry\applic~1\Synthesia
    2009-08-20 14:41 <DIR> --d-h--- c:\windows\msdownld.tmp
    2009-08-20 14:40 <DIR> --d----- c:\windows\Logs
    2009-08-20 08:49 <DIR> --d----- c:\program files\AmazingMIDI
    2009-08-20 01:03 54 a------- c:\windows\Composer.INI
    2009-08-20 01:02 <DIR> --d----- c:\program files\Notation
    2009-08-19 15:41 5,632 a------- c:\windows\system32\ptpusb.dll
    2009-08-19 15:41 159,232 a------- c:\windows\system32\ptpusd.dll
    2009-08-19 15:41 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
    2009-08-19 15:41 15,104 a------- c:\windows\system32\drivers\usbscan.sys
    2009-08-19 10:23 <DIR> --d----- c:\windows\system32\appmgmt
    2009-08-19 02:18 <DIR> --d----- c:\program files\common files\Macrovision Shared
    2009-08-19 00:29 <DIR> --d----- c:\program files\CIB software GmbH
    2009-08-18 20:57 <DIR> --d----- c:\program files\WinPcap
    2009-08-18 17:38 <DIR> --d----- c:\program files\MultipleIEs
    2009-08-18 15:23 214 a------- c:\windows\HP_48BitScanUpdatePatch.ini
    2009-08-18 15:20 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
    2009-08-18 15:20 25,856 a------- c:\windows\system32\drivers\usbprint.sys
    2009-08-18 14:34 48,440 -------- c:\windows\HPHins04.dat.temp
    2009-08-18 14:34 2,725 -------- c:\windows\hphmdl03.dat.temp
    2009-08-18 14:14 <DIR> --d----- c:\program files\HP
    2009-08-18 14:13 48,458 a------- c:\windows\HPHins04.dat
    2009-08-18 14:13 2,725 -------- c:\windows\hphmdl03.dat
    2009-08-18 14:13 <DIR> --d----- c:\temp\photosmart6.2
    2009-08-18 14:13 <DIR> --d----- C:\temp
    2009-08-18 10:24 <DIR> --d----- c:\docume~1\terry\applic~1\OpenOffice.org
    2009-08-18 10:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LogMeIn
    2009-08-18 10:21 28,984 a------- c:\windows\system32\LMIport.dll
    2009-08-18 10:21 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
    2009-08-18 10:21 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys
    2009-08-18 10:21 87,352 a------- c:\windows\system32\LMIinit.dll
    2009-08-18 10:21 1,024 a------- C:\.rnd
    2009-08-18 10:21 <DIR> --d----- c:\program files\LogMeIn
    2009-08-17 19:15 <DIR> --d----- c:\docume~1\terry\applic~1\Anvil Studio
    2009-08-17 19:15 <DIR> --d----- c:\program files\Anvil Studio
    2009-08-17 19:09 <DIR> --d----- c:\program files\intelliScore Polyphonic Demo
    2009-08-17 19:00 <DIR> --d----- c:\program files\GoldWave
    2009-08-17 17:47 <DIR> --d----- c:\program files\JRE
    2009-08-17 17:47 <DIR> --d----- c:\program files\OpenOffice.org 3
    2009-08-17 11:19 <DIR> --d----- c:\windows\RegisteredPackages
    2009-08-17 11:17 44,944 -------- c:\windows\system32\drivers\PxHelp20.sys
    2009-08-17 11:17 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
    2009-08-17 11:17 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
    2009-08-17 11:16 129,520 -------- c:\windows\system32\pxafs.dll
    2009-08-17 10:29 <DIR> --d----- C:\IWTemp
    2009-08-17 10:28 411,368 a------- c:\windows\system32\deploytk.dll
    2009-08-17 10:28 73,728 a------- c:\windows\system32\javacpl.cpl
    2009-08-16 21:25 <DIR> --d----- c:\program files\WMR11
    2009-08-16 21:07 <DIR> --d--r-- c:\program files\Skype
    2009-08-16 19:55 30,520 a------- c:\windows\system32\midiwrap3405.deu
    2009-08-16 19:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\KB Piano
    2009-08-16 19:49 102,400 a------- c:\windows\system32\DrvTrNTl.dll
    2009-08-16 19:49 45,568 a------- c:\windows\system32\DrvTrNTm.dll
    2009-08-16 19:49 <DIR> --d----- c:\program files\HighCriteria
    2009-08-16 19:45 737,280 a------- c:\windows\iun6002.exe
    2009-08-16 19:45 <DIR> --d----- c:\program files\PlayPianoTODAY
    2009-08-16 12:44 <DIR> --d----- C:\VProRecovery
    2009-08-16 11:34 <DIR> --d----- c:\program files\common files\Mercury Interactive
    2009-08-16 11:34 217 a------- c:\windows\mercury.ini
    2009-08-16 11:26 345,384 a------- c:\windows\system32\dsNcCredProv.dll
    2009-08-16 11:26 <DIR> --d----- c:\program files\Juniper Networks
    2009-08-16 11:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Juniper Networks
    2009-08-16 11:25 <DIR> --d----- c:\docume~1\terry\applic~1\Juniper Networks
    2009-08-16 11:00 <DIR> --d----- c:\docume~1\terry\applic~1\Symantec
    2009-08-16 10:49 215,144 a----r-- c:\windows\patchw32.dll
    2009-08-16 10:48 215,144 a----r-- c:\windows\pw32a.dll
    2009-08-16 10:11 1,060,864 a------- c:\windows\system32\MFC71.DLL
    2009-08-16 10:11 503,808 a------- c:\windows\system32\MSVCP71.DLL
    2009-08-16 10:11 348,160 a------- c:\windows\system32\MSVCR71.DLL
    2009-08-16 10:11 <DIR> --d----- c:\program files\Symantec
    2009-08-16 10:10 107,368 a------- c:\windows\system32\GEARAspi.dll
    2009-08-16 10:10 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-08-16 10:10 128,104 a------- c:\windows\system32\drivers\WimFltr.sys
    2009-08-16 10:10 15,088 a------- c:\windows\system32\drivers\vproeventmonitor.sys
    2009-08-16 10:10 38,112 a------- c:\windows\system32\drivers\v2imount.sys
    2009-08-16 10:10 138,080 a------- c:\windows\system32\drivers\symsnap.sys
    2009-08-16 10:10 <DIR> --d----- c:\program files\common files\Symantec Shared
    2009-08-16 10:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
    2009-08-16 09:22 9,344 ac------ c:\windows\system32\dllcache\compbatt.sys
    2009-08-16 09:22 9,344 a------- c:\windows\system32\drivers\compbatt.sys
    2009-08-16 09:22 19,200 ac------ c:\windows\system32\dllcache\hidbatt.sys
    2009-08-16 09:22 19,200 a------- c:\windows\system32\drivers\hidbatt.sys
    2009-08-16 09:22 14,080 ac------ c:\windows\system32\dllcache\battc.sys
    2009-08-16 09:22 14,080 a------- c:\windows\system32\drivers\battc.sys
    2009-08-15 13:25 <DIR> --d----- c:\program files\Defraggler
    2009-08-15 13:23 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
    2009-08-15 13:23 11,952 a------- c:\windows\system32\avgrsstx.dll
    2009-08-15 13:23 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
    2009-08-15 11:33 <DIR> --d----- c:\program files\Yahoo!
    2009-08-15 11:33 388,608 a------- c:\windows\system32\CF28902.exe
    2009-08-15 11:33 <DIR> --ds---- C:\ComboFix1
    2009-08-15 11:21 19,096 a------- c:\windows\system32\drivers\mbam.sys
    2009-08-15 11:21 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-15 11:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-08-15 11:13 <DIR> -cd----- c:\windows\system32\dllcache\cache
    2009-08-15 11:08 216,064 a------- c:\windows\PEV.exe
    2009-08-15 11:08 161,792 a------- c:\windows\SWREG.exe
    2009-08-15 11:08 98,816 a------- c:\windows\sed.exe
    2009-08-14 18:21 <DIR> --d----- c:\windows\ServicePackFiles
    2009-08-14 18:19 <DIR> --d----- c:\program files\MSXML 4.0
    2009-08-14 13:59 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
    2009-08-14 13:59 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
    2009-08-14 13:59 272,128 -------- c:\windows\system32\drivers\bthport.sys
    2009-08-14 13:58 2,142,720 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-08-14 13:58 2,186,112 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
    2009-08-14 13:58 2,062,976 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-08-14 13:58 2,020,864 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
    2009-08-13 09:24 <DIR> --d----- c:\program files\Vantec USB Graphic
    2009-08-13 09:24 <DIR> --d----- c:\program files\DisplayLink Core Software
    2009-08-13 09:21 19,072 a------- c:\windows\system32\drivers\ax88772.sys
    2009-08-13 09:21 <DIR> --d----- c:\program files\AX88772

    ==================== Find3M ====================

    2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-07-29 00:53 119,808 a------- c:\windows\system32\t2embed.dll
    2009-07-29 00:53 82,432 a------- c:\windows\system32\fontsub.dll
    2009-07-27 23:03 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-07-27 09:31 331,776 a------- c:\windows\system32\WDBtnMgr.exe
    2009-07-26 22:16 21,640 a------- c:\windows\system32\emptyregdb.dat
    2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
    2009-07-13 02:18 233,472 a------- c:\windows\system32\wmpdxm.dll
    2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
    2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
    2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
    2009-06-25 14:36 661,504 a------- c:\windows\system32\mqqm.dll
    2009-06-25 14:36 517,120 a------- c:\windows\system32\mqsnap.dll
    2009-06-25 14:36 471,552 a------- c:\windows\system32\mqutil.dll
    2009-06-25 14:36 225,280 a------- c:\windows\system32\mqoa.dll
    2009-06-25 14:36 186,880 a------- c:\windows\system32\mqtrig.dll
    2009-06-25 14:36 177,152 a------- c:\windows\system32\mqrt.dll
    2009-06-25 14:36 138,240 a------- c:\windows\system32\mqad.dll
    2009-06-25 14:36 123,392 a------- c:\windows\system32\mqrtdep.dll
    2009-06-25 14:36 95,744 a------- c:\windows\system32\mqsec.dll
    2009-06-25 14:36 48,640 a------- c:\windows\system32\mqupgrd.dll
    2009-06-25 14:36 47,104 a------- c:\windows\system32\mqdscli.dll
    2009-06-25 14:36 16,896 a------- c:\windows\system32\mqise.dll
    2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
    2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe
    2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe
    2009-06-12 07:50 80,896 a------- c:\windows\system32\tlntsess.exe
    2009-06-12 07:50 76,288 a------- c:\windows\system32\telnet.exe
    2009-06-10 10:21 84,992 a------- c:\windows\system32\avifil32.dll
    2009-06-10 02:32 132,096 a------- c:\windows\system32\wkssvc.dll
    2009-06-05 03:42 655,872 a------- c:\windows\system32\mstscax.dll
    2009-06-03 15:27 1,290,752 a------- c:\windows\system32\quartz.dll

    ============= FINISH: 9:14:56.07 ===============
     
    teelions,
    #1
  2. 2009/08/28
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)
    From here ....
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2009/08/28
    teelions

    teelions Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    4
    Likes Received:
    0
    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/26/2009 10:20:27 PM
    System Uptime: 8/27/2009 10:15:46 AM (23 hours ago)

    Motherboard: Intel Corporation | | DQ45CB
    Processor: Intel Pentium III Xeon processor | LGA775 | 2833/333mhz
    Processor: Intel Pentium III Xeon processor | LGA775 | 2833/333mhz
    Processor: Intel Pentium III Xeon processor | LGA775 | 2833/333mhz
    Processor: Intel Pentium III Xeon processor | LGA775 | 2832/333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 439 GiB total, 421.947 GiB free.
    D: is FIXED (NTFS) - 233 GiB total, 125.938 GiB free.
    E: is Removable
    F: is FIXED (FAT32) - 233 GiB total, 9.287 GiB free.
    K: is FIXED (FAT32) - 26 GiB total, 20.453 GiB free.
    L: is CDROM ()
    M: is CDROM ()
    N: is FIXED (NTFS) - 233 GiB total, 222.805 GiB free.
    O: is FIXED (FAT32) - 298 GiB total, 205.285 GiB free.
    P: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Serial Port
    Device ID: PCI\VEN_8086&DEV_2E17&SUBSYS_10038086&REV_03\3&11583659&0&1B
    Manufacturer:
    Name: PCI Serial Port
    PNP Device ID: PCI\VEN_8086&DEV_2E17&SUBSYS_10038086&REV_03\3&11583659&0&1B
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\INTC0102\3&11583659&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\INTC0102\3&11583659&0
    Service:

    ==== System Restore Points ===================

    RP1: 7/26/2009 11:00:23 PM - System Checkpoint
    RP2: 7/26/2009 11:20:41 PM - Intel Express Installer
    RP3: 7/26/2009 11:21:34 PM - Intel (R) Express Installer CD Installation - Before
    RP4: 7/26/2009 11:23:45 PM - Intel Express Installer
    RP5: 7/26/2009 11:24:41 PM - Installed SoundMAX
    RP6: 7/26/2009 11:25:17 PM - Installed Windows XP KB888111WXPSP2.
    RP7: 7/26/2009 11:25:39 PM - Installed SoundMAX
    RP8: 7/26/2009 11:37:04 PM - Intel Express Installer
    RP9: 7/26/2009 11:37:07 PM - Intel (R) Express Installer CD Installation - After
    RP10: 7/27/2009 12:26:35 AM - Intel Express Installer
    RP11: 7/27/2009 12:33:08 AM - Installed Trend Micro Internet Security
    RP12: 7/27/2009 12:40:50 AM - Installed Windows XP KB915865.
    RP13: 7/27/2009 12:41:11 AM - Installed Windows NLSDownlevelMapping.
    RP14: 7/27/2009 12:41:25 AM - Installed Windows IDNMitigationAPIs.
    RP15: 7/27/2009 12:42:23 AM - Installed Windows Internet Explorer 7.
    RP16: 7/27/2009 1:01:31 AM - Installed O&O Defrag Professional.
    RP17: 7/27/2009 1:17:19 AM - Installed Macromedia Dreamweaver 8
    RP18: 7/27/2009 1:22:33 AM - Installed Macromedia Dreamweaver 8.0.2 Updater
    RP19: 7/27/2009 1:29:36 AM - Installed Adobe Photoshop CS2
    RP20: 7/27/2009 1:52:40 AM - Installed Windows Media Format 9 Series Runtime Setup
    RP21: 7/27/2009 8:52:08 AM - Installed Adobe Photoshop
    RP22: 7/27/2009 8:52:42 AM - Removed Adobe Bridge 1.0
    RP23: 7/27/2009 8:52:59 AM - Installed Adobe Bridge 1.0
    RP24: 7/27/2009 9:14:03 AM - Software Distribution Service 3.0
    RP25: 7/27/2009 9:31:06 AM - Installed Norton Ghost.
    RP26: 7/27/2009 9:31:09 AM - Installed Retrospect 6.5
    RP27: 8/13/2009 9:21:18 AM - Software Distribution Service 3.0
    RP28: 8/13/2009 9:24:05 AM - Installed DisplayLink Core Software
    RP29: 8/13/2009 9:24:28 AM - Installed Vantec USB Graphic
    RP30: 8/14/2009 6:17:20 PM - Software Distribution Service 3.0
    RP31: 8/15/2009 3:00:14 AM - Software Distribution Service 3.0
    RP32: 8/15/2009 10:21:14 AM - Removed Trend Micro Internet Security
    RP33: 8/15/2009 12:08:03 PM - Installed AVG Free 8.5
    RP34: 8/15/2009 1:23:41 PM - Installed AVG Free 8.5
    RP35: 8/15/2009 1:25:45 PM - Software Distribution Service 3.0
    RP36: 8/16/2009 10:00:10 AM - Avg8 Update
    RP37: 8/16/2009 10:01:20 AM - Avg8 Update
    RP38: 8/16/2009 10:09:48 AM - Installed Norton Ghost.
    RP39: 8/16/2009 6:40:03 PM - Installed QuickTime
    RP40: 8/17/2009 10:27:40 AM - Installed Java(TM) 6 Update 15
    RP41: 8/17/2009 11:19:27 AM - Installed Windows Media Format Runtime
    RP42: 8/17/2009 5:47:04 PM - Installed Java(TM) 6 Update 13
    RP43: 8/17/2009 5:47:21 PM - Installed OpenOffice.org 3.1
    RP44: 8/18/2009 10:21:07 AM - Installed LogMeIn
    RP45: 8/19/2009 12:29:20 AM - Installed CIB pdf brewer
    RP46: 8/20/2009 1:42:40 AM - System Checkpoint
    RP47: 8/20/2009 2:44:31 PM - Installed DirectX
    RP48: 8/21/2009 8:13:18 AM - Installed WinZip 12.0
    RP49: 8/22/2009 8:23:31 AM - System Checkpoint
    RP50: 8/23/2009 11:10:39 AM - System Checkpoint
    RP51: 8/23/2009 12:04:15 PM - Removed AVG 8.5
    RP52: 8/23/2009 12:06:09 PM - Installed Trend Micro Internet Security
    RP53: 8/23/2009 12:08:49 PM - Installed AVG 8.5
    RP54: 8/23/2009 12:46:50 PM - Installed SUPERAntiSpyware Free Edition
    RP55: 8/23/2009 12:48:45 PM - Removed SUPERAntiSpyware Free Edition
    RP56: 8/23/2009 1:03:06 PM - Restore Operation
    RP57: 8/23/2009 4:22:22 PM - Removed AVG 8.5
    RP58: 8/23/2009 4:26:03 PM - Installed Trend Micro Internet Security
    RP59: 8/24/2009 9:20:51 AM - Restore Operation
    RP60: 8/24/2009 9:53:50 AM - Configured AVG Free 8.5
    RP61: 8/24/2009 12:47:25 PM - Installed Sibelius Scorch (Firefox, Opera, Netscape only)
    RP62: 8/24/2009 11:09:58 PM - Installed DirectX
    RP63: 8/25/2009 4:01:13 PM - Installed Adobe Acrobat 6.0 Professional - English, Français, Deutsch
    RP64: 8/26/2009 7:37:54 PM - System Checkpoint
    RP65: 8/27/2009 12:40:35 AM - Removed Sibelius Scorch (Firefox, Opera, Netscape only)
    RP66: 8/28/2009 1:27:17 AM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Acrobat 6.0 Professional - English, Français, Deutsch
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge 1.0
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Common File Installer
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Center 1.0
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS2
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Stock Photos 1.0
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AmazingMIDI
    Anvil Studio
    Apple Software Update
    AVG Free 8.5
    CIB pdf brewer 2.5.29
    Color Efex Pro 3.0 Complete
    Connect
    Defraggler (remove only)
    Ear Training 101 v3.4 plus Rhythmic Patterns Demo
    Firehand Ember
    Google Toolbar for Internet Explorer
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB952287)
    HP Image Zone 4.7
    HP Software Update
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Interface
    Intel(R) Network Connections 13.1.4.0
    Intel® Active Management Technology
    Java(TM) 6 Update 13
    Java(TM) 6 Update 15
    Juniper Networks Host Checker
    Juniper Networks Network Connect 6.2.0
    kuler
    LiveUpdate 3.2 (Symantec Corporation)
    LogMeIn
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia HomeSite+
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Visual C++ 2005 Redistributable
    Move Media Player
    Mozilla Firefox (3.0.13)
    MSXML 4.0 SP2 (KB954430)
    MultipleIEs
    Nero OEM
    Norton Ghost
    Note Attack v1.36
    O&O Defrag Professional
    OpenOffice.org 3.1
    PDF Settings CS4
    Photoshop Camera Raw
    Photosmart 320,370,7400,8100,8400,8700 Series
    PowerDVD
    PSPrinters06
    QFolder
    QuickTime
    Rhapsody
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Skypeâ„¢ 4.0
    SoundMAX
    Suite Shared Configuration CS4
    Total Recorder 3.2
    TrayApp
    Unload
    Update for Windows XP (KB898461)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 0.9.8a
    WebFldrs XP
    WebReg
    Winamp
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows XP Hotfix - KB839210
    WinPcap 4.0
    WM Recorder 12.3

    ==== Event Viewer Messages From Past Week ========

    8/27/2009 10:31:22 AM, error: Dhcp [1002] - The IP address lease 10.230.166.14 for the Network Card with network address 00FF9042D189 has been denied by the DHCP server 10.230.160.2 (The DHCP Server sent a DHCPNACK message).
    8/25/2009 3:56:05 PM, error: Dhcp [1002] - The IP address lease 10.230.166.14 for the Network Card with network address 00FF38D4D089 has been denied by the DHCP server 10.230.160.2 (The DHCP Server sent a DHCPNACK message).
    8/25/2009 10:02:26 AM, error: Dhcp [1002] - The IP address lease 10.230.166.14 for the Network Card with network address 00FFE8F5D889 has been denied by the DHCP server 10.230.160.2 (The DHCP Server sent a DHCPNACK message).
    8/24/2009 9:57:22 AM, error: Dhcp [1002] - The IP address lease 10.230.162.84 for the Network Card with network address 00FF58C54B8A has been denied by the DHCP server 10.230.160.2 (The DHCP Server sent a DHCPNACK message).
    8/23/2009 6:24:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    8/23/2009 5:33:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
    8/23/2009 5:12:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    8/23/2009 5:11:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm tmtdi
    8/23/2009 5:01:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    8/23/2009 12:57:56 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/23/2009 12:57:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    8/23/2009 12:37:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
    8/23/2009 12:30:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi
    8/23/2009 12:30:17 PM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/23/2009 12:30:17 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    8/23/2009 12:30:17 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/23/2009 12:30:17 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/23/2009 12:30:17 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    8/23/2009 12:29:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/23/2009 1:13:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86
    8/23/2009 1:13:55 PM, error: Service Control Manager [7024] - The AVG Free8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
    8/23/2009 1:13:55 PM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
    8/21/2009 5:20:03 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.

    ==== End Of File ===========================
     
    teelions,
    #3
  5. 2009/08/28
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Thanks :)

    One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

    Thank you for your patience.
     
    PeteC,
    #4
  6. 2009/08/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    IP Protection info: http://www.malwarebytes.org/forums/index.php?showtopic=21076

    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #5
  7. 2009/08/28
    teelions

    teelions Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    4
    Likes Received:
    0
    HiJackThis Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:13:47 AM, on 8/29/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
    C:\Documents and Settings\Terry\Desktop\Malware removal Guide\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://remoteaccess.wyndhamworldwide.com/dana-na/auth/url_2/welcome.cgi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://L:\Drivers\msxml4.cab
    O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} (Loader Class v4) - http://svphxqcenter01.hotelgroup.com/qcbin/Spider91.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remoteaccess.wyndhamworldwide.com/dana-cached/setup/JuniperSetupSP1.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
    O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

    --
    End of file - 9970 bytes
     
    teelions,
    #6
  8. 2009/08/28
    teelions

    teelions Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    4
    Likes Received:
    0
    DrWeb.csv AND hijackthis.log

    A0042038.exe;C:\System Volume Information\_restore{99799ED1-E79D-4970-B812-6A605808BB6D}\RP59;Tool.Prockill;;
    A0006308.exe\data066;O:\System Volume Information\_restore{5A1F9988-556B-42DC-B093-2136450B05E9}\RP14\A0006308.exe;Probably WIN.WORM.Virus;;
    A0006308.exe;O:\System Volume Information\_restore{5A1F9988-556B-42DC-B093-2136450B05E9}\RP14;Archive contains infected objects;Moved.;
    xampp-win32-1.7.0-installer.exe\data239;O:\Downloads\XAMP\xampp-win32-1.7.0-installer.exe;Program.PrcView.3725;;
    xampp-win32-1.7.0-installer.exe;O:\Downloads\XAMP;Archive contains infected objects;Moved.;
    pv.exe;O:\Downloads\XAMP\xampp\apache\bin;Program.PrcView.3725;;
    VirtumundoBeGone.exe\data005;O:\Downloads\remove Vundo\VirtumundoBeGone.exe;Tool.Prockill;;
    VirtumundoBeGone.exe;O:\Downloads\remove Vundo;Archive contains infected objects;Moved.;

    --------------------------------------------------------
    --------------------------------------------------------
    --------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:13:47 AM, on 8/29/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
    C:\Documents and Settings\Terry\Desktop\Malware removal Guide\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://remoteaccess.wyndhamworldwide.com/dana-na/auth/url_2/welcome.cgi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://L:\Drivers\msxml4.cab
    O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} (Loader Class v4) - http://svphxqcenter01.hotelgroup.com/qcbin/Spider91.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remoteaccess.wyndhamworldwide.com/dana-cached/setup/JuniperSetupSP1.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
    O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

    --
    End of file - 9970 bytes
     
    Last edited: 2009/08/28
    teelions,
    #7
  9. 2009/08/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Java(TM) 6 Update 13 through Add\Remove.


    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    - O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    - O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    - O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    - O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    - O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
    - O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
    - O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
    - O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    - O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe


    5. Click on Fix checked button.

    6. Restart computer.


    When done....


    Your computer is clean :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    2. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    3. Restart computer.

    4. Turn System Restore on.

    5. Make sure, Windows Updates are current.

    [SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    8. Run defrag at your convenience.

    9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    10. Please, let me know, how is your computer doing.
     
    broni,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...