Jump to content

Recommended Posts

'Evening!

I have a redirect virus that has been going on for a few weeks. I had AVG installed, which detected a trojan, but it didn't solve the problem. Since then I have run TDSS, Combofix, Spybot Search and Destroy, and Malwarebytes, but to no avail. I also installed Chrome (started in Firefox), also unsuccessful. What should the next step be?

Thanks,

Carrie

Link to post
Share on other sites

Hello Carrie and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please do not run ComboFix tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu

(on Windows XP, click the Help menu at the top of the Firefox window) and select Troubleshooting Information.

Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.

click Reset Firefox in the confirmation window that opens. Firefox will close and be reset. When it's done. Click Finish and Firefox will open. Reboot your system and let me know.

Step 3

Please follow the instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 9/8/2008 12:50:34 AM

System Uptime: 9/22/2012 3:24:38 PM (0 hours ago)

.

Motherboard: Hewlett-Packard | | 30BE

Processor: Intel® Core™2 Duo CPU T7500 @ 2.20GHz | U10 | 2194/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 67 GiB total, 2.189 GiB free.

D: is FIXED (NTFS) - 8 GiB total, 0.588 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\297D231023FB7

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\297D231023FB7

Service: NIC1394

.

==== System Restore Points ===================

.

RP566: 6/23/2012 10:26:33 PM - System Checkpoint

RP567: 7/11/2012 9:48:17 PM - System Checkpoint

RP568: 7/12/2012 11:18:34 AM - Software Distribution Service 3.0

RP569: 7/15/2012 6:57:10 PM - Software Distribution Service 3.0

RP570: 7/16/2012 8:19:36 PM - System Checkpoint

RP571: 7/17/2012 11:42:10 PM - System Checkpoint

RP572: 7/20/2012 1:48:53 PM - System Checkpoint

RP573: 7/22/2012 12:36:47 PM - System Checkpoint

RP574: 7/24/2012 1:16:37 PM - System Checkpoint

RP575: 7/25/2012 1:55:18 PM - System Checkpoint

RP576: 7/28/2012 12:10:48 PM - System Checkpoint

RP577: 7/29/2012 4:58:35 PM - System Checkpoint

RP578: 7/30/2012 5:26:57 PM - System Checkpoint

RP579: 7/31/2012 8:17:11 PM - System Checkpoint

RP580: 8/3/2012 11:25:19 AM - System Checkpoint

RP581: 8/5/2012 6:42:23 PM - System Checkpoint

RP582: 8/7/2012 3:38:38 PM - System Checkpoint

RP583: 8/8/2012 5:04:04 PM - System Checkpoint

RP584: 8/9/2012 5:38:51 PM - System Checkpoint

RP585: 8/10/2012 6:38:50 PM - System Checkpoint

RP586: 8/11/2012 8:45:33 PM - System Checkpoint

RP587: 8/12/2012 9:01:37 PM - System Checkpoint

RP588: 8/13/2012 9:37:49 PM - System Checkpoint

RP589: 8/14/2012 10:45:29 PM - System Checkpoint

RP590: 8/15/2012 4:49:59 PM - Software Distribution Service 3.0

RP591: 8/16/2012 9:39:42 PM - System Checkpoint

RP592: 8/18/2012 2:22:57 PM - System Checkpoint

RP593: 8/19/2012 2:46:15 PM - System Checkpoint

RP594: 8/20/2012 3:43:27 PM - System Checkpoint

RP595: 8/21/2012 9:23:24 PM - System Checkpoint

RP596: 8/22/2012 10:18:47 PM - System Checkpoint

RP597: 8/23/2012 11:45:55 PM - System Checkpoint

RP598: 8/25/2012 12:38:37 AM - System Checkpoint

RP599: 8/26/2012 11:18:47 AM - System Checkpoint

RP600: 8/28/2012 5:07:00 PM - System Checkpoint

RP601: 8/29/2012 8:31:23 PM - System Checkpoint

RP602: 8/30/2012 9:26:55 PM - System Checkpoint

RP603: 9/1/2012 10:05:16 AM - System Checkpoint

RP604: 9/2/2012 11:15:31 AM - System Checkpoint

RP605: 9/3/2012 12:14:24 PM - Installed Microsoft Fix it 50454

RP606: 9/4/2012 10:20:53 PM - System Checkpoint

RP607: 9/6/2012 5:50:53 PM - System Checkpoint

RP608: 9/7/2012 10:59:43 PM - System Checkpoint

RP609: 9/9/2012 12:27:50 PM - System Checkpoint

RP610: 9/10/2012 7:26:19 PM - System Checkpoint

RP611: 9/12/2012 7:50:18 AM - System Checkpoint

RP612: 9/12/2012 8:15:27 AM - Software Distribution Service 3.0

RP613: 9/13/2012 6:33:48 PM - System Checkpoint

RP614: 9/15/2012 9:36:16 AM - System Checkpoint

RP615: 9/16/2012 4:15:21 PM - System Checkpoint

RP616: 9/17/2012 5:14:48 PM - System Checkpoint

RP617: 9/18/2012 6:32:14 PM - System Checkpoint

RP618: 9/20/2012 7:56:14 AM - System Checkpoint

RP619: 9/21/2012 3:45:39 PM - System Checkpoint

RP620: 9/22/2012 1:31:18 AM - Restore Operation

.

==== Installed Programs ======================

.

.

Acrobat.com

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Digital Editions

Adobe Drive CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Linguistics CS4

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Reader 9.4.0

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Installer 4.00.B13

AVG 2012

Bonjour

Brother MFL-Pro Suite MFC-5895CW

Connect

Credential Manager for HP ProtectTools

Google Chrome

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP 3D DriveGuard

HP Backup and Recovery Manager Installer

HP BIOS Configuration for ProtectTools

HP Broadband Wireless Modules

HP Doc Viewer

HP Help and Support

HP Notebook Accessories Product Tour

HP Officejet 6500 E710n-z Basic Device Software

HP Officejet 6500 E710n-z Help

HP ProtectTools Security Manager

HP Quick Launch Buttons 6.40 B2

HP Update

HP User Guide Bluetooth Addendum 0062

HP User Guides 0058

HP Wireless Assistant

HP WWAN Setup Utility

I.R.I.S. OCR

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

InterVideo DVD Check

InterVideo Register Manager

InterVideo WinDVD

iTunes

Java Auto Updater

Java™ 6 Update 11

Java™ 7 Update 4

Java™ SE Runtime Environment 6

JavaFX 2.1.0

kuler

LightScribe 1.4.136.1

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Move Media Player

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB954459)

MyPDFConverter

PaperPort Image Printer

PDF Complete

PDF Settings CS4

Photoshop Camera Raw

PMB

QuickTime

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator Tools

Roxio Express Labeler 3

ScanSoft PaperPort 11

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows XP (KB923789)

Soft Data Fax Modem with SmartCP

Sonic Activation Module

Sony Image Data Suite

SoundMAX

Suite Shared Configuration CS4

swMSM

Synaptics Pointing Device Driver

Text-To-Speech-Runtime

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2736233)

Viewpoint Media Player

WebFldrs XP

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Movie Maker 2.0

Windows XP Service Pack 3

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

9/22/2012 1:40:04 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

9/19/2012 7:07:59 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

9/18/2012 2:38:40 PM, error: Dhcp [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 001F3B718B21 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

9/17/2012 1:42:18 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ASBroker service.

9/16/2012 3:57:26 PM, error: Print [6161] - The document https://ublearns.buf...9_13484/Henrich et al %282010%29 - The weirdest people in the world.pdf owned by Administrator failed to print on printer HP Officejet 6500 E710n-z. Data type: NT EMF 1.008. Size of the spool file in bytes: 334557940. Number of bytes printed: 333523780. Total number of pages in the document: 75. Number of pages printed: 1. Client machine: \\CARRIE. Win32 error code returned by the print processor: 0 (0x0).

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1

Run by Administrator at 15:34:11 on 2012-09-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1096 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe -k Cognizance

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\AccelerometerSt.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

svchost.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.privitize.com/?aff=7

mStart Page = hxxp://search.privitize.com/?aff=7

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe

mRun: [HPWWANGSAssistant] c:\swsetup\hpqwwan\HPWWanGSAssistant.exe /TrayMode

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8750C2A4-D3AE-4EBC-A9EE-5ECC807EE968} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: igfxcui - igfxdev.dll

Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll

AppInit_DLLs: c:\windows\system32\APSHook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 237408]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 301920]

R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]

R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-15 399432]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-6-26 539936]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 SWIHPWMI;SWIHPWMI;c:\program files\hpq\shared\sierra wireless\win32\unicode\SWIHPWMI.exe [2006-12-4 292384]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-11 24652]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-1-23 36608]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-6 22856]

R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2008-6-26 47616]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-6 676936]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2012-09-22 05:29:53 -------- d-----w- c:\program files\Red Sky

2012-09-22 04:21:46 -------- d-----w- c:\documents and settings\administrator\local settings\application data\DownTango

2012-09-12 04:58:42 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-09-12 04:57:22 16409960 ----a-w- c:\program files\spybotsd162.exe

2012-09-12 04:02:48 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU

2012-09-12 04:02:32 -------- d-----w- c:\documents and settings\administrator\application data\AVS4YOU

2012-09-12 03:59:24 24576 ----a-w- c:\windows\system32\msxml3a.dll

2012-09-12 03:59:24 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2012-09-12 03:59:24 -------- d-----w- c:\program files\common files\AVSMedia

2012-09-12 03:59:24 -------- d-----w- c:\program files\AVS4YOU

2012-09-12 03:55:56 158040400 ----a-w- c:\program files\AVSVideoEditor.exe

2012-09-10 05:22:15 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-10 03:28:48 -------- d-----w- c:\program files\PC Tools

2012-09-10 03:24:45 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-09-10 03:24:45 -------- d-----w- c:\program files\common files\PC Tools

2012-09-10 03:24:24 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2012-09-10 03:24:22 -------- d-----w- c:\documents and settings\administrator\application data\TestApp

2012-09-10 03:24:08 4166136 ----a-w- c:\program files\spdoc.exe

2012-09-07 02:00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-07 02:00:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-07 00:49:32 410984 ----a-w- c:\program files\mozilla firefox\plugins\npdeploytk.dll

2012-09-07 00:49:32 163256 ----a-w- c:\program files\mozilla firefox\plugins\np-mswmp.dll

2012-09-07 00:49:32 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll

2012-09-07 00:49:32 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll

2012-09-07 00:49:32 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll

2012-09-07 00:49:32 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll

2012-09-07 00:49:32 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll

2012-09-07 00:49:32 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2012-09-07 00:49:32 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2012-09-07 00:49:32 1446440 ----a-w- c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll

2012-08-26 20:40:38 -------- d-----w- c:\documents and settings\administrator\application data\AVG

.

==================== Find3M ====================

.

2012-09-10 05:22:15 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-24 19:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-07-26 07:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec

2010-03-22 22:45:53 27386256 ----a-w- c:\program files\AdbeRdr930_en_US.exe

2009-06-22 16:10:14 1878888 ----a-w- c:\program files\install_flash_player.exe

2006-09-06 16:32:36 521128 ----a-r- c:\program files\DPInst.exe

2006-09-06 16:32:36 16 ----a-r- c:\program files\Driver Installer.bat

2001-09-26 00:05:58 1707856 ----a-w- c:\program files\InstMsiA.Exe

2001-09-12 03:04:42 1821008 ----a-w- c:\program files\InstMsiW.Exe

.

============= FINISH: 15:34:49.32 ===============

attach.txt

dds.txt

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.