Jump to content


Photo
- - - - -

security protection and xp antivirus 2012


  • This topic is locked This topic is locked
17 replies to this topic

#1 duffman1021

duffman1021

    New Member

  • Members
  • Pip
  • 10 posts

Posted 04 September 2011 - 11:54 PM

Thanks so much for looking at my post. What a mess.

- Malwarebytes log: unavailable. I have tried your troubleshooting methods to run the program but it has been shutting down before the scan even starts. Subsequent attempts to access the program yields 'you do not have access to this file'.

DEFOGGER

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:25 on 05/09/2011 (Anthua)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

- No DDS.txt file appeared


DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/22/2005 1:35:34 PM
System Uptime: 9/4/2011 10:36:44 PM (2 hours ago)
Processor: Intel® Pentium® M processor 1.60GHz | N/A | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 26.583 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1298: 6/8/2011 12:52:49 PM - System Checkpoint
RP1299: 6/9/2011 8:14:51 PM - System Checkpoint
RP1300: 6/11/2011 8:19:43 AM - System Checkpoint
RP1301: 6/17/2011 2:16:35 PM - System Checkpoint
RP1302: 6/18/2011 2:31:24 PM - System Checkpoint
RP1303: 6/20/2011 9:10:04 AM - System Checkpoint
RP1304: 6/28/2011 1:35:59 PM - System Checkpoint
RP1305: 6/28/2011 5:11:25 PM - Installed Ad-Aware
RP1306: 6/28/2011 5:13:55 PM - Installed Ad-Aware
RP1307: 6/29/2011 8:03:00 PM - System Checkpoint
RP1308: 6/30/2011 8:25:02 PM - System Checkpoint
RP1309: 7/1/2011 8:58:52 PM - System Checkpoint
RP1310: 7/2/2011 9:27:25 PM - System Checkpoint
RP1311: 7/4/2011 7:48:54 AM - System Checkpoint
RP1312: 7/5/2011 9:54:02 AM - System Checkpoint
RP1313: 7/6/2011 7:36:36 PM - System Checkpoint
RP1314: 7/7/2011 8:43:31 PM - System Checkpoint
RP1315: 7/8/2011 9:25:15 PM - System Checkpoint
RP1316: 7/10/2011 8:00:55 PM - System Checkpoint
RP1317: 7/11/2011 8:04:52 PM - System Checkpoint
RP1318: 7/12/2011 8:43:19 PM - System Checkpoint
RP1319: 7/18/2011 3:15:58 PM - System Checkpoint
RP1320: 7/19/2011 8:23:48 PM - System Checkpoint
RP1321: 7/20/2011 9:04:11 PM - System Checkpoint
RP1322: 7/25/2011 2:58:40 PM - System Checkpoint
RP1323: 7/29/2011 9:43:38 PM - System Checkpoint
RP1324: 7/31/2011 7:53:38 AM - System Checkpoint
RP1325: 8/1/2011 7:58:21 AM - System Checkpoint
RP1326: 8/2/2011 8:25:30 PM - System Checkpoint
RP1327: 8/3/2011 9:31:03 PM - System Checkpoint
RP1328: 8/5/2011 7:54:58 PM - System Checkpoint
RP1329: 8/6/2011 8:43:53 PM - System Checkpoint
RP1330: 8/7/2011 9:32:22 PM - System Checkpoint
RP1331: 8/8/2011 10:16:47 PM - System Checkpoint
RP1332: 8/9/2011 10:39:37 PM - System Checkpoint
RP1333: 8/11/2011 6:41:17 PM - System Checkpoint
RP1334: 8/12/2011 8:18:19 PM - System Checkpoint
RP1335: 8/13/2011 8:22:01 PM - System Checkpoint
RP1336: 8/14/2011 9:13:57 PM - System Checkpoint
RP1337: 8/15/2011 10:05:37 PM - System Checkpoint
RP1338: 8/17/2011 7:35:51 AM - System Checkpoint
RP1339: 8/18/2011 7:42:28 AM - System Checkpoint
RP1340: 8/19/2011 2:03:27 PM - System Checkpoint
RP1341: 8/20/2011 2:38:33 PM - System Checkpoint
RP1342: 8/21/2011 3:20:44 PM - System Checkpoint
RP1343: 8/22/2011 4:27:24 PM - System Checkpoint
RP1344: 8/23/2011 8:17:02 PM - System Checkpoint
RP1345: 9/1/2011 2:27:39 PM - System Checkpoint
RP1346: 9/2/2011 2:32:09 PM - System Checkpoint
.
==== Installed Programs ======================
.
AAC Decoder
AC3Filter (remove only)
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
AnyDVD
AutoUpdate
AVG Free 8.5
Avira AntiVir Personal - Free Antivirus
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CDDRV_Installer
Citrix online plug-in (Web)
Click to DVD 2.0.03 Menu Data
Click to DVD 2.4.02
CompTracker 4.7
CompTracker 4.8
Dell Photo Printer 720
Dell Photo Printer 720 Logger
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Documents To Go
DVD Shrink 3.2
DVgate Plus
H.264 Decoder
High Definition Audio Driver Package - KB835221
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Converter 2
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD for VAIO
InterVideo WinDVDX
ISI ResearchSoft - Export Helper
ISScript
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 18
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
Kaplan's DAT DTB
KhalInstallWrapper
Logitech QuickCam
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.1.1800
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
mMHouse
MoodLogic
Mozilla Firefox (3.6.21)
mPfMgr
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
Neonatal Resuscitation DVD-ROM
Nero 6 Ultra Edition
Netscape Internet Service Setup
NVIDIA Drivers
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PDF Manual NW-A600
PictureGear Studio 2.0
QuickTime
R.A.L.E. Lung Sounds Demo
RealPlayer
Realtek High Definition Audio Driver
Reference Manager 10
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Setting Utility Series
SigmaPlot 8.0
Sonic RecordNow!
SonicStage 4.3
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony Download Taxi 1.5.0.0
Sony MP4 Shared Library
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
SPSS 11.0 for Windows Student Version
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
TVUPlayer 2.2.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Control Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Launcher
VAIO Light Flo Wallpaper
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Motion SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Survey Standalone
VAIO TV Tuner Library 1.4
VAIO Update 2
VAIO Wireless Utility
VAIO Zone
VAIO Zone Remote Commander
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx
WebFldrs XP
WinAVI Video Converter
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
Wireless Adapter Manager 1.3
Xvid 1.1.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
9/4/2011 9:24:50 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: Access is denied.
9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The VAIO Entertainment Database Service service depends on the MSSQL$VAIO_VEDB service which failed to start because of the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The Intel® PROSet/Wireless Service service depends on the Intel® PROSet/Wireless Event Log service which failed to start because of the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The Image Converter video recording monitor for VAIO Entertainment service depends on the VAIO Entertainment Aggregation and Control Service service which failed to start because of the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Event Service service failed to start due to the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment UPnP Client Adapter service failed to start due to the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment TV Device Arbitration Service service failed to start due to the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment Task Scheduler service failed to start due to the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment Aggregation and Control Service service failed to start due to the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The MSSQL$VAIO_VEDB service failed to start due to the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The LexBce Server service failed to start due to the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The system cannot find the file specified.
9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The Canon Camera Access Library 8 service failed to start due to the following error: The system cannot find the file specified.
9/4/2011 10:38:21 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service VAIO Entertainment Aggregation and Control Service with arguments "" in order to run the server: {21ADFCC3-710C-492D-847C-342CE7B7BEC4}
9/4/2011 10:31:26 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:31:17 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:31:15 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:30:25 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: Access is denied.
9/4/2011 10:30:01 PM, error: Service Control Manager [7034] - The MSSQL$VAIO_VEDB service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:29:41 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:27:50 PM, error: Service Control Manager [7034] - The VAIO Entertainment Aggregation and Control Service service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:27:44 PM, error: Service Control Manager [7034] - The VAIO Entertainment Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:27:42 PM, error: Service Control Manager [7034] - The VAIO Entertainment TV Device Arbitration Service service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:27:40 PM, error: Service Control Manager [7034] - The VAIO Event Service service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:27:37 PM, error: Service Control Manager [7034] - The VAIO Entertainment UPnP Client Adapter service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:27:32 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:27:27 PM, error: Service Control Manager [7034] - The Image Converter video recording monitor for VAIO Entertainment service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:27:25 PM, error: Service Control Manager [7034] - The VAIO Entertainment Database Service service terminated unexpectedly. It has done this 1 time(s).
9/4/2011 10:27:11 PM, error: Service Control Manager [7034] - The VAIO Entertainment File Import Service service terminated unexpectedly. It has done this 1 time(s).
9/3/2011 7:56:15 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
9/3/2011 7:34:30 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/3/2011 7:34:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
9/3/2011 4:49:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/3/2011 3:56:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00014A608987 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/3/2011 2:34:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/3/2011 2:33:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/3/2011 2:33:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/3/2011 2:17:06 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
9/3/2011 2:14:55 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/3/2011 2:14:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 WatchDog service to connect.
9/3/2011 2:14:55 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/3/2011 2:10:45 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
9/3/2011 2:07:05 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/3/2011 2:05:14 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'loader.tlb' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
9/3/2011 2:03:29 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

Thanks again

#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 07 September 2011 - 03:24 PM

Hi and welcome to Malwarebytes.



  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.


Next, delete your copy of DDS. Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 duffman1021

duffman1021

    New Member

  • Members
  • Pip
  • 10 posts

Posted 07 September 2011 - 08:58 PM

thanks for replying

2011/09/07 21:44:54.0734 2896 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56
2011/09/07 21:44:55.0390 2896 ================================================================================
2011/09/07 21:44:55.0390 2896 SystemInfo:
2011/09/07 21:44:55.0390 2896
2011/09/07 21:44:55.0390 2896 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/07 21:44:55.0390 2896 Product type: Workstation
2011/09/07 21:44:55.0390 2896 ComputerName: A25BD8260D5F438
2011/09/07 21:44:55.0390 2896 UserName: Anthua
2011/09/07 21:44:55.0390 2896 Windows directory: C:\WINDOWS
2011/09/07 21:44:55.0390 2896 System windows directory: C:\WINDOWS
2011/09/07 21:44:55.0406 2896 Processor architecture: Intel x86
2011/09/07 21:44:55.0406 2896 Number of processors: 1
2011/09/07 21:44:55.0406 2896 Page size: 0x1000
2011/09/07 21:44:55.0406 2896 Boot type: Normal boot
2011/09/07 21:44:55.0406 2896 ================================================================================
2011/09/07 21:44:57.0390 2896 Initialize success
2011/09/07 21:44:58.0828 3072 ================================================================================
2011/09/07 21:44:58.0828 3072 Scan started
2011/09/07 21:44:58.0828 3072 Mode: Manual;
2011/09/07 21:44:58.0828 3072 ================================================================================
2011/09/07 21:45:01.0609 3072 6b7d23d2 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\3525541227:2491604013.exe
2011/09/07 21:45:05.0671 3072 Suspicious file (Hidden): C:\WINDOWS\3525541227:2491604013.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/09/07 21:45:05.0687 3072 6b7d23d2 - detected HiddenFile.Multi.Generic (1)
2011/09/07 21:45:05.0890 3072 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/07 21:45:05.0937 3072 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/07 21:45:06.0015 3072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/07 21:45:06.0093 3072 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/07 21:45:06.0156 3072 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/09/07 21:45:06.0359 3072 AnyDVD (22b2e9cd92611f64618c9824dc234a60) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/09/07 21:45:06.0421 3072 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/09/07 21:45:06.0531 3072 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/07 21:45:06.0671 3072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/07 21:45:06.0734 3072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/07 21:45:06.0812 3072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/07 21:45:06.0859 3072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/07 21:45:06.0937 3072 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/09/07 21:45:06.0984 3072 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/09/07 21:45:07.0046 3072 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/09/07 21:45:07.0125 3072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/07 21:45:07.0218 3072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/07 21:45:07.0359 3072 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/07 21:45:07.0421 3072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/07 21:45:07.0484 3072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/07 21:45:07.0531 3072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/07 21:45:07.0593 3072 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/07 21:45:07.0656 3072 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/07 21:45:07.0765 3072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/07 21:45:07.0859 3072 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/07 21:45:07.0937 3072 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/09/07 21:45:08.0046 3072 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/07 21:45:08.0203 3072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/07 21:45:08.0359 3072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/07 21:45:08.0515 3072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/07 21:45:08.0578 3072 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/07 21:45:08.0687 3072 ElbyCDIO (cd35088d84a17ca694658a3cb0ebd13c) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/09/07 21:45:08.0812 3072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/07 21:45:08.0875 3072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/07 21:45:08.0921 3072 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/07 21:45:08.0953 3072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/07 21:45:09.0000 3072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/07 21:45:09.0031 3072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/07 21:45:09.0078 3072 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/07 21:45:09.0140 3072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/07 21:45:09.0203 3072 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/07 21:45:09.0296 3072 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/07 21:45:09.0390 3072 HSFHWAZL (3d812d0de9344bc9bd1a1b8575b883db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/09/07 21:45:09.0656 3072 HSF_DP (0e130bec5a13cf68adaa216ab55a8dff) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/09/07 21:45:09.0750 3072 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/07 21:45:09.0859 3072 i8042prt (58449fff9a05f9632c11baf723cf5ba8) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/07 21:45:09.0859 3072 i8042prt - detected Rootkit.Win32.ZAccess.e (0)
2011/09/07 21:45:10.0031 3072 ialm (0c7b8efc2b1ac4cd62f4e7eafc864b95) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/09/07 21:45:10.0171 3072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/07 21:45:10.0406 3072 IntcAzAudAddService (93903ddd430db2fc61cbeeb2be651e9f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/07 21:45:10.0546 3072 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/07 21:45:10.0609 3072 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/07 21:45:10.0656 3072 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/07 21:45:10.0796 3072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/07 21:45:10.0859 3072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/07 21:45:10.0921 3072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/07 21:45:11.0000 3072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/07 21:45:11.0046 3072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/07 21:45:11.0125 3072 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/07 21:45:11.0156 3072 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/07 21:45:11.0203 3072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/07 21:45:11.0296 3072 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/07 21:45:11.0375 3072 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/09/07 21:45:11.0468 3072 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/09/07 21:45:11.0531 3072 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/09/07 21:45:11.0593 3072 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/07 21:45:11.0640 3072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/07 21:45:11.0687 3072 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/07 21:45:11.0765 3072 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/07 21:45:11.0781 3072 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/07 21:45:11.0828 3072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/07 21:45:11.0921 3072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/07 21:45:12.0015 3072 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/07 21:45:12.0078 3072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/07 21:45:12.0125 3072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/07 21:45:12.0156 3072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/07 21:45:12.0187 3072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/07 21:45:12.0234 3072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/07 21:45:12.0296 3072 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/07 21:45:12.0343 3072 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/07 21:45:12.0406 3072 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/07 21:45:12.0453 3072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/07 21:45:12.0484 3072 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/07 21:45:12.0531 3072 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/07 21:45:12.0640 3072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/07 21:45:12.0671 3072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/07 21:45:12.0718 3072 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/07 21:45:12.0765 3072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/07 21:45:12.0796 3072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/07 21:45:12.0890 3072 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/07 21:45:12.0937 3072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/07 21:45:13.0312 3072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/07 21:45:13.0437 3072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/07 21:45:13.0656 3072 nv (2d09525d0f4f373397893f45b2e4e9ea) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/07 21:45:13.0859 3072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/07 21:45:13.0890 3072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/07 21:45:14.0015 3072 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/07 21:45:14.0093 3072 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/09/07 21:45:14.0140 3072 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/07 21:45:14.0171 3072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/07 21:45:14.0218 3072 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/07 21:45:14.0250 3072 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/07 21:45:14.0312 3072 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/07 21:45:14.0343 3072 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/07 21:45:14.0406 3072 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/09/07 21:45:14.0781 3072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/07 21:45:14.0843 3072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/07 21:45:14.0890 3072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/07 21:45:14.0937 3072 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/07 21:45:15.0000 3072 QCDonner (18b6755475f560dfffda079495cffd7c) C:\WINDOWS\system32\DRIVERS\LVCD.sys
2011/09/07 21:45:15.0203 3072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/07 21:45:15.0234 3072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/07 21:45:15.0265 3072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/07 21:45:15.0296 3072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/07 21:45:15.0343 3072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/07 21:45:15.0453 3072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/07 21:45:15.0546 3072 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/07 21:45:15.0625 3072 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/07 21:45:15.0703 3072 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/09/07 21:45:15.0812 3072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/07 21:45:15.0859 3072 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/07 21:45:15.0921 3072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/09/07 21:45:16.0015 3072 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/07 21:45:16.0156 3072 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2011/09/07 21:45:16.0250 3072 SONYTVC (2100a5cc7dd75a5a0dba3cb9eb4f16bb) C:\WINDOWS\system32\DRIVERS\SONYTVC.sys
2011/09/07 21:45:16.0359 3072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/07 21:45:16.0421 3072 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/07 21:45:16.0484 3072 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/07 21:45:16.0562 3072 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/07 21:45:16.0609 3072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/07 21:45:16.0687 3072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/07 21:45:16.0875 3072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/07 21:45:16.0937 3072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/07 21:45:17.0031 3072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/07 21:45:17.0109 3072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/07 21:45:17.0125 3072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/07 21:45:17.0203 3072 tifmsony (fb481e8cd426d0e5f96a838a47390c94) C:\WINDOWS\system32\drivers\tifmsony.sys
2011/09/07 21:45:17.0281 3072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/07 21:45:17.0375 3072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/07 21:45:17.0546 3072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/07 21:45:17.0625 3072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/07 21:45:17.0671 3072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/07 21:45:17.0718 3072 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/07 21:45:17.0750 3072 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/07 21:45:17.0812 3072 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/07 21:45:17.0875 3072 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/07 21:45:17.0968 3072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/07 21:45:18.0031 3072 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/07 21:45:18.0218 3072 w29n51 (68eb5bc07781a36a63633541c11e1ad6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/09/07 21:45:18.0453 3072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/07 21:45:18.0546 3072 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/07 21:45:18.0625 3072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/07 21:45:18.0750 3072 winachsf (c08fad1207bb219bdf9eec30afc1809e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/07 21:45:18.0843 3072 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/07 21:45:18.0906 3072 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/07 21:45:18.0953 3072 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/07 21:45:19.0234 3072 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/09/07 21:45:19.0281 3072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/07 21:45:19.0453 3072 Boot (0x1200) (887e43c46e9611c62e6a9f758ead4853) \Device\Harddisk0\DR0\Partition0
2011/09/07 21:45:19.0468 3072 ================================================================================
2011/09/07 21:45:19.0468 3072 Scan finished
2011/09/07 21:45:19.0468 3072 ================================================================================
2011/09/07 21:45:19.0484 3056 Detected object count: 2
2011/09/07 21:45:19.0484 3056 Actual detected object count: 2
2011/09/07 21:45:21.0531 3056 HiddenFile.Multi.Generic(6b7d23d2) - User select action: Skip
2011/09/07 21:45:21.0578 3056 i8042prt (58449fff9a05f9632c11baf723cf5ba8) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/07 21:45:21.0593 3056 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\i8042prt.sys) error 1813
2011/09/07 21:45:25.0546 3056 Backup copy found, using it..
2011/09/07 21:45:25.0562 3056 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured after reboot
2011/09/07 21:45:25.0562 3056 Rootkit.Win32.ZAccess.e(i8042prt) - User select action: Cure
2011/09/07 21:45:37.0859 3000 Deinitialize success

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Run by Anthua at 21:52:42 on 2011-09-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.31 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\sony\Wireless adapter\ZDWLan.EXE
C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Apoint\Apntex.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [VAIO Recovery] "c:\windows\sonysys\vaio recovery\PartSeal.exe"
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [VZRemoteCommander] "c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe"
mRun: [LVCOMS] "c:\program files\common files\logitech\qcdriver\LVCOMS.EXE"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Wireless Adapter Manager] c:\program files\sony\wireless adapter\ZDWLan.EXE -minisize
mRun: [AutoEJCD_0ACE20FF] c:\program files\autoinstall\zd1211b_auto_install_cd_only_gen_0ace20ff\AutoEJCD.EXE /VID=0ACE /PID=20FF
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [2906743578] c:\windows\system32\config\systemprofile\local settings\application data\pdo.exe
dRun: [2432639790] c:\windows\system32\config\systemprofile\local settings\application data\eio.exe
dRun: [2078852255] c:\windows\system32\config\systemprofile\local settings\application data\uor.exe
dRun: [781995231] c:\windows\system32\config\systemprofile\local settings\application data\hmg.exe
dRun: [3930296170] c:\windows\system32\config\systemprofile\local settings\application data\vrt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\program files\common files\dataviz\DvzIncMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
TCP: Interfaces\{B9BE900E-F2E9-485B-9184-2EE8AC141EA3} : DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: VESWinlogon - VESWinlogon.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\anthua\application data\mozilla\firefox\profiles\9mi3mtl9.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-28 64512]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-13 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-2 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-13 108552]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
.
=============== Created Last 30 ================
.
2011-09-08 01:36:58 52480 ----a-w- c:\windows\system32\drivers\tsk17.tmp
2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\lcnx.exe
2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\jesr.exe
2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\gygs.exe
2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\fkfr.exe
2011-09-05 16:22:37 0 ----a-w- c:\documents and settings\all users\application data\rlvn.exe
2011-09-05 16:22:36 0 ----a-w- c:\documents and settings\all users\application data\ncoh.exe
2011-09-05 16:22:35 0 ----a-w- c:\documents and settings\all users\application data\jhde.exe
2011-09-05 16:22:34 0 ----a-w- c:\documents and settings\all users\application data\osxi.exe
2011-09-05 05:22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-04 23:38:29 0 ----a-w- c:\documents and settings\all users\application data\vkaj.exe
2011-09-04 23:38:28 0 ----a-w- c:\documents and settings\all users\application data\obwp.exe
2011-09-04 23:38:28 0 ----a-w- c:\documents and settings\all users\application data\fjex.exe
2011-09-04 23:38:28 0 ----a-w- c:\documents and settings\all users\application data\cvxw.exe
2011-09-03 22:50:29 0 ----a-w- c:\documents and settings\all users\application data\fasx.exe
2011-09-03 22:50:28 0 ----a-w- c:\documents and settings\all users\application data\tkbk.exe
2011-09-03 22:50:28 0 ----a-w- c:\documents and settings\all users\application data\aywq.exe
2011-09-03 22:50:27 0 ----a-w- c:\documents and settings\all users\application data\cyph.exe
2011-09-03 14:02:38 0 ----a-w- c:\documents and settings\all users\application data\vokj.exe
2011-09-03 14:02:37 0 ----a-w- c:\documents and settings\all users\application data\kvdi.exe
2011-09-03 14:02:37 0 ----a-w- c:\documents and settings\all users\application data\grrd.exe
2011-09-03 14:02:37 0 ----a-w- c:\documents and settings\all users\application data\fxmg.exe
2011-09-03 11:55:25 4194304 ----a-w- c:\windows\system32\gmjfyemo.dll
2011-09-03 11:54:35 893952 ----a-w- c:\documents and settings\all users\application data\defender.exe
.
==================== Find3M ====================
.
2011-09-08 01:46:56 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-06-28 21:21:49 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-20 14:31:32 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
.
============= FINISH: 21:54:57.37 ===============

Looking forward to your reply

#4 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 08 September 2011 - 04:26 PM

Hi,


I notice that you are using more than one antivirus program (Lavasoft and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program. Reboot.

Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 duffman1021

duffman1021

    New Member

  • Members
  • Pip
  • 10 posts

Posted 10 September 2011 - 10:18 PM

An issue with running combofix.

- I uninstalled all antivirus programs except one (AVG)

When I tried to run combofix:

- I was warned AVG real time was still running and could interfere with combofix resulting in system damage

- I turned off AVG but the real time still runs

- I uninstalled AVG, but when the computer was restarted it came back???

That being said, should I still run combofix with that error? (combofix says it can run at my own risk).

What do you suggest?

Thank you.

#6 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 13 September 2011 - 03:21 AM

Hi,

Use AVG's removal tool:

http://download.avg....6_2012_1796.exe


Reboot.

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).


Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall


See if it will run successfully now.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 duffman1021

duffman1021

    New Member

  • Members
  • Pip
  • 10 posts

Posted 14 September 2011 - 12:00 PM

I ran the AVG removal program. It was interrupted/shut down in the middle of its running.

After the reboot, the program was not gone. When I tried to run the removal program again, it said 'windows cannot access the specified device, path, or file, you may not have the appropriate permission.

So it looks like the virus is hidden in AVG?

it produced a log, here it is;

2011-09-14 16:45:18,703 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2011-09-14 16:45:18,812 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2011-09-14 16:45:18,812 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2011-09-14 16:45:18,812 INFO Command line: "C:\Documents and Settings\Anthua\My Documents\Downloads\avg_remover_stf_x86_2012_1796.exe"
2011-09-14 16:45:18,812 DEBUG AvgDir param set to C:\Program Files\AVG\AVG8.
2011-09-14 16:45:18,812 DEBUG AvgDataDir param set to C:\Documents and Settings\All Users\Application Data\avg8.
2011-09-14 16:45:26,796 INFO AvgRemover runs in attempt number 1
2011-09-14 16:45:26,796 INFO Attempting to unregister AVG from the Windows Security Center.
2011-09-14 16:45:26,828 INFO Attempting to uninstall toolbar
2011-09-14 16:45:26,828 INFO ***** Msi data *****
2011-09-14 16:45:26,984 DEBUG No product code found for our upgrade codes, nothing to do here
2011-09-14 16:45:26,984 INFO ***** Exchange&Outlook plugins data *****
2011-09-14 16:45:26,984 INFO Removing AvgOutlook addin
2011-09-14 16:45:26,984 INFO AvgOutlook Removing HKCR addin keys x86
2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2011-09-14 16:45:26,984 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2011-09-14 16:45:26,984 INFO AvgOutlook Removing HKCR addin keys x64
2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2011-09-14 16:45:26,984 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2011-09-14 16:45:26,984 INFO Removing Sharepoint plugin if exists
2011-09-14 16:45:26,984 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2011-09-14 16:45:26,984 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2011-09-14 16:45:26,984 INFO Removing Antispam plugin for Exchange 2000/2003 if exists
2011-09-14 16:45:26,984 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...
2011-09-14 16:45:26,984 DEBUG Service MSExchangeIS Stop failed (error: c0070424)
2011-09-14 16:45:26,984 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424
2011-09-14 16:45:26,984 INFO ***** Services *****
2011-09-14 16:45:27,015 INFO Processing service avgfws8, it can take several minutes...
2011-09-14 16:45:27,015 INFO Processing service avg8wd, it can take several minutes...
2011-09-14 16:45:27,015 INFO Processing service AvgWFPx, it can take several minutes...
2011-09-14 16:45:27,015 INFO Processing service AvgWFPa, it can take several minutes...
2011-09-14 16:45:27,015 INFO Processing service avg9wd, it can take several minutes...
2011-09-14 16:45:27,015 INFO Processing service AvgMfx86, it can take several minutes...
2011-09-14 16:45:27,015 INFO Processing service AvgMfx64, it can take several minutes...
2011-09-14 16:45:27,015 INFO Processing service AvgLdx64, it can take several minutes...
2011-09-14 16:45:27,015 INFO Processing service AvgTdiX, it can take several minutes...
2011-09-14 16:45:27,015 INFO Processing service AvgTdiA, it can take several minutes...
2011-09-14 16:45:27,031 INFO Processing service AvgWfpX, it can take several minutes...
2011-09-14 16:45:27,031 INFO Processing service AvgWfpA, it can take several minutes...
2011-09-14 16:45:27,031 INFO Processing service AvgRkx86, it can take several minutes...
2011-09-14 16:45:27,031 INFO Processing service AvgRkx64, it can take several minutes...
2011-09-14 16:45:27,031 INFO Processing service avg9emc, it can take several minutes...
2011-09-14 16:45:27,031 INFO Processing service avgfws9, it can take several minutes...
2011-09-14 16:45:27,031 INFO Processing service avgfws, it can take several minutes...
2011-09-14 16:45:27,031 INFO Processing service AVGIDSAgent, it can take several minutes...
2011-09-14 16:45:27,031 INFO Processing service AVGIDSWatcher, it can take several minutes...
2011-09-14 16:45:27,031 INFO Processing service AVGIDSShimxpx, it can take several minutes...
2011-09-14 16:45:27,031 INFO Processing service AVGIDSFilterxpx, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSDriverxpx, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSShimvtx, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSFiltervtx, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSFiltervta, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSDrivervta, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSShimw7x, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSFilterw7x, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSDriverw7x, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSFilterw7a, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSDriverw7a, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSErHrxpx, it can take several minutes...
2011-09-14 16:45:27,046 INFO Processing service AVGIDSErHrvtx, it can take several minutes...
2011-09-14 16:45:27,062 INFO Processing service AVGIDSErHrvta, it can take several minutes...
2011-09-14 16:45:27,062 INFO Processing service AVGIDSErHrw7x, it can take several minutes...
2011-09-14 16:45:27,062 INFO Processing service AVGIDSErHrw7a, it can take several minutes...
2011-09-14 16:45:27,062 INFO Processing service avgwd, it can take several minutes...
2011-09-14 16:45:27,062 INFO Processing service avg8emc, it can take several minutes...
2011-09-14 16:45:27,062 INFO Processing service AvgLdx86, it can take several minutes...
2011-09-14 16:45:27,062 INFO Processing service AVGIDSDrivervtx, it can take several minutes...
2011-09-14 16:45:27,093 INFO Service AVGIDSErHrw7x is not installed
2011-09-14 16:45:27,093 DEBUG Service AVGIDSErHrw7x RegCleanup
2011-09-14 16:45:27,093 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2011-09-14 16:45:27,093 INFO Service avg8emc is not installed
2011-09-14 16:45:27,093 DEBUG Service avg8emc RegCleanup
2011-09-14 16:45:27,093 DEBUG Registry keys for service avg8emc are not present
2011-09-14 16:45:27,093 INFO Service avgfws8 is not installed
2011-09-14 16:45:27,093 DEBUG Service avgfws8 RegCleanup
2011-09-14 16:45:27,093 DEBUG Registry keys for service avgfws8 are not present
2011-09-14 16:45:27,093 INFO Service avg8wd is not installed
2011-09-14 16:45:27,093 DEBUG Service avg8wd RegCleanup
2011-09-14 16:45:27,093 DEBUG Registry keys for service avg8wd are not present
2011-09-14 16:45:27,093 INFO Service AvgWFPx is not installed
2011-09-14 16:45:27,093 DEBUG Service AvgWFPx RegCleanup
2011-09-14 16:45:27,093 DEBUG Registry keys for service AvgWFPx are not present
2011-09-14 16:45:27,093 INFO Service AvgWFPa is not installed
2011-09-14 16:45:27,093 DEBUG Service AvgWFPa RegCleanup
2011-09-14 16:45:27,093 DEBUG Registry keys for service AvgWFPa are not present
2011-09-14 16:45:27,093 INFO Service AVGIDSDrivervtx is not installed
2011-09-14 16:45:27,093 DEBUG Service AVGIDSDrivervtx RegCleanup
2011-09-14 16:45:27,093 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2011-09-14 16:45:27,093 INFO Service avg9wd is not installed
2011-09-14 16:45:27,109 DEBUG Service avg9wd RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service avg9wd are not present
2011-09-14 16:45:27,109 DEBUG Service AvgLdx86 Stop
2011-09-14 16:45:27,109 INFO Service AvgMfx64 is not installed
2011-09-14 16:45:27,109 DEBUG Service AvgMfx64 RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgMfx64 are not present
2011-09-14 16:45:27,109 INFO Service AvgLdx64 is not installed
2011-09-14 16:45:27,109 DEBUG Service AvgLdx64 RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgLdx64 are not present
2011-09-14 16:45:27,109 INFO Service AvgTdiA is not installed
2011-09-14 16:45:27,109 DEBUG Service AvgTdiA RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgTdiA are not present
2011-09-14 16:45:27,109 INFO Service AvgWfpX is not installed
2011-09-14 16:45:27,109 DEBUG Service AvgWfpX RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgWfpX are not present
2011-09-14 16:45:27,109 INFO Service AvgWfpA is not installed
2011-09-14 16:45:27,109 DEBUG Service AvgWfpA RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgWfpA are not present
2011-09-14 16:45:27,109 INFO Service AvgRkx86 is not installed
2011-09-14 16:45:27,109 DEBUG Service AvgRkx86 RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgRkx86 are not present
2011-09-14 16:45:27,109 INFO Service AvgRkx64 is not installed
2011-09-14 16:45:27,109 DEBUG Service AvgRkx64 RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgRkx64 are not present
2011-09-14 16:45:27,109 INFO Service avg9emc is not installed
2011-09-14 16:45:27,109 DEBUG Service avg9emc RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service avg9emc are not present
2011-09-14 16:45:27,109 INFO Service avgfws9 is not installed
2011-09-14 16:45:27,109 DEBUG Service avgfws9 RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service avgfws9 are not present
2011-09-14 16:45:27,109 INFO Service avgfws is not installed
2011-09-14 16:45:27,109 DEBUG Service avgfws RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service avgfws are not present
2011-09-14 16:45:27,109 INFO Service AVGIDSAgent is not installed
2011-09-14 16:45:27,109 DEBUG Service AVGIDSAgent RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSAgent are not present
2011-09-14 16:45:27,109 INFO Service AVGIDSWatcher is not installed
2011-09-14 16:45:27,109 DEBUG Service AVGIDSWatcher RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSWatcher are not present
2011-09-14 16:45:27,109 INFO Service AVGIDSShimxpx is not installed
2011-09-14 16:45:27,109 DEBUG Service AVGIDSShimxpx RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSShimxpx are not present
2011-09-14 16:45:27,109 INFO Service AVGIDSFilterxpx is not installed
2011-09-14 16:45:27,109 DEBUG Service AVGIDSFilterxpx RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2011-09-14 16:45:27,109 INFO Service AVGIDSDriverxpx is not installed
2011-09-14 16:45:27,109 DEBUG Service AVGIDSDriverxpx RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2011-09-14 16:45:27,109 INFO Service AVGIDSShimvtx is not installed
2011-09-14 16:45:27,109 DEBUG Service AVGIDSShimvtx RegCleanup
2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSShimvtx are not present
2011-09-14 16:45:27,109 INFO Service AVGIDSFiltervtx is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSFiltervtx RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2011-09-14 16:45:27,125 INFO Service AVGIDSFiltervta is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSFiltervta RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFiltervta are not present
2011-09-14 16:45:27,125 INFO Service AVGIDSDrivervta is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSDrivervta RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSDrivervta are not present
2011-09-14 16:45:27,125 INFO Service AVGIDSShimw7x is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSShimw7x RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSShimw7x are not present
2011-09-14 16:45:27,125 INFO Service AVGIDSFilterw7x is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSFilterw7x RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2011-09-14 16:45:27,125 INFO Service AVGIDSDriverw7x is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSDriverw7x RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2011-09-14 16:45:27,125 INFO Service AVGIDSFilterw7a is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSFilterw7a RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2011-09-14 16:45:27,125 INFO Service AVGIDSDriverw7a is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSDriverw7a RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2011-09-14 16:45:27,125 INFO Service AVGIDSErHrxpx is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrxpx RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2011-09-14 16:45:27,125 INFO Service AVGIDSErHrvtx is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrvtx RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2011-09-14 16:45:27,125 INFO Service AVGIDSErHrvta is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrvta RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrvta are not present
2011-09-14 16:45:27,125 INFO Service AVGIDSErHrw7a is not installed
2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrw7a RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2011-09-14 16:45:27,125 INFO Service avgwd is not installed
2011-09-14 16:45:27,125 DEBUG Service avgwd RegCleanup
2011-09-14 16:45:27,125 DEBUG Registry keys for service avgwd are not present
2011-09-14 16:45:27,125 DEBUG Service AvgMfx86 Stop
2011-09-14 16:45:27,125 DEBUG Service AvgTdiX Stop
2011-09-14 16:45:27,328 DEBUG Service AvgTdiX Stop failed (error: c007041c), RESTART planned
2011-09-14 16:45:27,328 DEBUG Service AvgTdiX Stop failed
2011-09-14 16:45:27,328 DEBUG Service AvgTdiX Delete
2011-09-14 16:45:27,328 DEBUG Service AvgMfx86 Delete
2011-09-14 16:45:27,328 DEBUG Service AvgLdx86 Delete
2011-09-14 16:45:27,343 DEBUG Service AvgTdiX Delete failed (error: c007041c)
2011-09-14 16:45:27,343 DEBUG Service AvgTdiX Delete failed
2011-09-14 16:45:27,343 DEBUG Service AvgTdiX RegCleanup
2011-09-14 16:45:27,687 DEBUG Service AvgLdx86 RegCleanup
2011-09-14 16:45:27,687 DEBUG Service AvgMfx86 RegCleanup
2011-09-14 16:45:28,140 DEBUG Restart is needed (restart counter: 1)
2011-09-14 16:45:28,140 INFO ***** Avg Fw NDIS driver(separate process) *****
2011-09-14 16:45:28,625 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2011-09-14 16:45:28,640 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2011-09-14 16:45:28,640 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2011-09-14 16:45:28,640 INFO Command line: "C:\Documents and Settings\Anthua\My Documents\Downloads\avg_remover_stf_x86_2012_1796.exe" /ndisonly /skipask
2011-09-14 16:45:28,640 DEBUG AvgDir param set to C:\Program Files\AVG\AVG8.
2011-09-14 16:45:28,640 DEBUG AvgDataDir param set to C:\Documents and Settings\All Users\Application Data\avg8.
2011-09-14 16:45:28,640 INFO AvgRemover runs in attempt number 1
2011-09-14 16:45:28,640 INFO ***** Avg Fw NDIS driver *****
2011-09-14 16:45:28,640 INFO ...this operation can take several minutes...
2011-09-14 16:45:28,640 INFO FW removing policy
2011-09-14 16:45:28,640 INFO FW policy: deleting value 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\program files\avg\avg8\avgupd.exe'
2011-09-14 16:45:33,250 INFO FW NDIS driver not present
2011-09-14 16:45:33,281 DEBUG Remove NDIS driver pass, next uninstalation step is 10, old was 1
2011-09-14 16:45:33,281 INFO ***** end of Fw NDIS separated process *****
2011-09-14 16:45:33,281 INFO ***** Drivers *****
2011-09-14 16:45:33,281 DEBUG Deleting driver 'avgldx86'...
2011-09-14 16:45:40,687 DEBUG Deleting driver 'avgmfx86'...
2011-09-14 16:45:41,421 DEBUG Deleting driver 'avgtdix'...
2011-09-14 16:45:41,796 INFO ***** Running AVG process *****

Is there anything else I can try? I didn't even bother with combofix yet.

thanks again, this is a nasty one.

#8 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 17 September 2011 - 03:28 AM

Hi and welcome to Malwarebytes.

Download this program, and save it next to MBAM.exe

Drag the AVG removal tool onto Inherit.exe.

Wait for it to say OK. See if it will run now.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 duffman1021

duffman1021

    New Member

  • Members
  • Pip
  • 10 posts

Posted 17 September 2011 - 01:38 PM

Hi! Did not work!

I did place inherit.exe next to mbam.exe. However, I could not move the AVGuninstaller program into the malwarebytes program folder (windows will not allow it).

Instead, I placed the inherit.exe in my mozilla firefox download folder. I placed the uninstall program onto the inherit.exe file, it said 'ok', but once I ran AVGuninstall it was again promptly halted.

I suspect I won't be able to delete this second version of avg_remover_stf_x86 once I reboot the computer. I also can't delete h5ceuzrc.exe (I used this program when trying to follow your standard protocol from your other forum).

Should I try any of this in safe mode? I have no idea what else to do.

I'm sorry for the trouble. Please let me know if you have any other suggestions. Thanks.

#10 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 20 September 2011 - 05:31 PM

Skip it and continue with the alternate method of running ComboFix outlined above.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 duffman1021

duffman1021

    New Member

  • Members
  • Pip
  • 10 posts

Posted 20 September 2011 - 05:58 PM

could not run combofix, windows could not find the file: this is exactly what I typed;

"%userprofile%\desktop\sega.com"/killall

Did I type a quotation mark out of place or use / or \ at wrong places?

I ran combofix from the desktop in safe mode (just clicked sega.com icon). Program ran a few seconds and shut down.

computer will now allow me to delete sega.com, and I 'dont have the appropriate permission' to access it now.

Am I going to need to take my computer somewhere?

thanks

#12 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 24 September 2011 - 02:52 AM

Hi,

My apologies for the delay.

You need a space between the "/ and the killall. Please try it again with a fresh copy of ComboFix.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 duffman1021

duffman1021

    New Member

  • Members
  • Pip
  • 10 posts

Posted 03 October 2011 - 05:52 PM

No problem, thanks for getting back to me. So here's the combofix log

ComboFix 11-09-29.06 - Anthua 10/03/2011 17:36:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.285 [GMT -4:00]
Running from: c:\documents and settings\Anthua\Desktop\segaa.com
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ExecAfterFirstBoot.exe.e14e59e8.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL3F.tmp.f7e2aef4.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLD6.tmp.7a0f7bd3.ini
c:\documents and settings\All Users\Application Data\aywq.exe
c:\documents and settings\All Users\Application Data\cvxw.exe
c:\documents and settings\All Users\Application Data\cyph.exe
c:\documents and settings\All Users\Application Data\defender.exe
c:\documents and settings\All Users\Application Data\fasx.exe
c:\documents and settings\All Users\Application Data\fjex.exe
c:\documents and settings\All Users\Application Data\fkfr.exe
c:\documents and settings\All Users\Application Data\gygs.exe
c:\documents and settings\All Users\Application Data\jesr.exe
c:\documents and settings\All Users\Application Data\jhde.exe
c:\documents and settings\All Users\Application Data\lcnx.exe
c:\documents and settings\All Users\Application Data\ncoh.exe
c:\documents and settings\All Users\Application Data\obwp.exe
c:\documents and settings\All Users\Application Data\osxi.exe
c:\documents and settings\All Users\Application Data\rlvn.exe
c:\documents and settings\All Users\Application Data\tkbk.exe
c:\documents and settings\All Users\Application Data\vkaj.exe
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\ExecAfterFirstBoot.exe.e14e59e8.ini
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL10.tmp.fcfe1268.ini
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL2E.tmp.231a1edc.ini
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL3D.tmp.f55a211a.ini
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL3F.tmp.f7e2aef4.ini
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL5F.tmp.a98ba19a.ini
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL7.tmp.7173c420.ini
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL75.tmp.d5a634e7.ini
c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SLD6.tmp.7a0f7bd3.ini
c:\documents and settings\Anthua\WINDOWS
c:\windows\$NtUninstallKB46928$
c:\windows\$NtUninstallKB46928$\1803363282\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB46928$\1803363282\click.tlb
c:\windows\$NtUninstallKB46928$\1803363282\L\gmjfyemo
c:\windows\$NtUninstallKB46928$\1803363282\loader.tlb
c:\windows\$NtUninstallKB46928$\1803363282\U\@00000001
c:\windows\$NtUninstallKB46928$\1803363282\U\@000000c0
c:\windows\$NtUninstallKB46928$\1803363282\U\@000000cb
c:\windows\$NtUninstallKB46928$\1803363282\U\@000000cf
c:\windows\$NtUninstallKB46928$\1803363282\U\@80000000
c:\windows\$NtUninstallKB46928$\1803363282\U\@800000c0
c:\windows\$NtUninstallKB46928$\1803363282\U\@800000cb
c:\windows\$NtUninstallKB46928$\1803363282\U\@800000cf
c:\windows\$NtUninstallKB46928$\3712226711
c:\windows\kb835221.exe
c:\windows\system32\c_17133.nls
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsxp-kb307154-x86-enu.exe
c:\windows\windowsxp-kb867282-x86-enu.exe
c:\windows\windowsxp-kb873333-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxp-kb884575-x86-enu.exe
c:\windows\windowsxp-kb885250-x86-enu.exe
c:\windows\windowsxp-kb885835-x86-enu.exe
c:\windows\windowsxp-kb885836-x86-enu.exe
c:\windows\windowsxp-kb886185-x86-enu.exe
c:\windows\windowsxp-kb887472-x86-enu.exe
c:\windows\windowsxp-kb887742-x86-enu.exe
c:\windows\windowsxp-kb888113-x86-enu.exe
c:\windows\windowsxp-kb888239-x86-enu.exe
c:\windows\windowsxp-kb888302-x86-enu.exe
c:\windows\windowsxp-kb890047-x86-enu.exe
c:\windows\windowsxp-kb890175-x86-enu.exe
c:\windows\windowsxp-kb891781-x86-enu.exe
.
Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
Infected copy of c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP1361\A0091676.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TDSSSERV
-------\Service_6b7d23d2
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 21:51 . 2003-07-28 17:28 89136 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2011-10-03 21:30 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-10-03 21:30 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-09-17 18:29 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-17 18:29 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-13 03:22 . 2011-09-13 03:22 50112 --sha-w- c:\windows\system32\c_17133.nl_
2011-09-11 03:04 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-11 03:04 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-11 02:59 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-11 02:18 . 2011-10-03 21:24 -------- d-----w- C:\ComboFix
2011-09-09 18:54 . 2011-09-11 23:29 -------- d-----w- c:\windows\SxsCaPendDel
2011-09-08 01:36 . 2011-09-08 01:36 52480 ----a-w- c:\windows\system32\drivers\tsk17.tmp
2011-09-05 18:30 . 2011-09-08 01:43 -------- d-----w- c:\program files\Windows Defender
2011-09-05 05:22 . 2011-09-18 20:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2005-03-09 19:19 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\vokj.exe
2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\kvdi.exe
2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\grrd.exe
2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\fxmg.exe
2011-07-15 13:29 . 2005-03-09 19:19 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-03-09 19:19 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-07-05 18:59 . 2011-07-05 18:59 292664 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-15 184320]
"RTHDCPL"="RTHDCPL.EXE" [2005-02-22 13783040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-23 126976]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-06 155648]
"Wireless Adapter Manager"="c:\program files\sony\Wireless adapter\ZDWLan.EXE" [2007-08-17 530296]
"AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2008-09-22 40960]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-17 2048352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2009-3-5 28672]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2006-4-23 315392]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-18 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-30 17:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-01-18 20:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\All Users\\Start Menu\\Programs\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Anthua\\My Documents\\Downloads\\TDS extracted\\TDSSKiller.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbob.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
.
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/1/2009 7:43 PM 47360]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-01 c:\windows\Tasks\Java update check.job
- c:\program files\Java\jre1.6.0_07\bin\jucheck.exe [2008-11-19 09:27]
.
2005-09-22 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-03-09 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
FF - ProfilePath - c:\documents and settings\Anthua\Application Data\Mozilla\Firefox\Profiles\9mi3mtl9.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG8\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-95417315.sys
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
SafeBoot-svcWRSSSDK
AddRemove-Kaplan's DAT DTB - c:\program files\Kaplan\Kaplan's DAT DTB\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 17:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(3136)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2011-10-03 18:06:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-03 22:05
.
Pre-Run: 27,861,790,720 bytes free
Post-Run: 28,188,213,248 bytes free
.
- - End Of File - - F65E87E94E7603ADF45BC5C41945ED78

the program said something about a rootkit, sounds bad. do you know if the virus was removed?

#14 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 05 October 2011 - 05:08 PM

Hi,

Looks like it was hit hard by ComboFix. :)


However, your copy was pretty old. Please delete your copy of ComboFix, grab a fresh copy, save it to your Desktop, and try double-clicking on it normally.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 duffman1021

duffman1021

    New Member

  • Members
  • Pip
  • 10 posts

Posted 06 October 2011 - 02:39 PM

thanks friend, thanks for your patience. here is the report;

ComboFix 11-10-06.03 - Anthua 10/06/2011 15:03:09.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.297 [GMT -4:00]
Running from: c:\documents and settings\Anthua\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Anthua\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))
.
.
2011-10-04 19:27 . 2011-10-04 19:27 -------- d-----w- c:\program files\Dell 720
2011-10-04 19:27 . 2004-05-27 09:25 57344 ----a-w- c:\windows\system32\dlbccinf.dll
2011-10-04 19:27 . 2004-05-27 09:25 49152 ----a-w- c:\windows\system32\dlbccoin.dll
2011-10-04 19:27 . 2004-05-27 09:06 73728 ----a-w- c:\windows\system32\dlbcpwr.dll
2011-10-04 19:27 . 2004-03-04 15:30 311296 ----a-w- c:\windows\system32\LEXBCES.EXE
2011-10-04 19:27 . 2004-03-04 15:26 174592 ----a-w- c:\windows\system32\LEXPPS.EXE
2011-10-04 19:27 . 2003-07-29 13:27 78336 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\DLBCPP5C.DLL
2011-10-04 19:27 . 2002-11-13 19:40 40960 ----a-w- c:\windows\system32\dlbcvs.dll
2011-10-04 19:26 . 2011-10-04 19:26 -------- d-----w- C:\Dell720
2011-10-03 21:51 . 2003-07-28 17:28 89136 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2011-10-03 21:30 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-10-03 21:30 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-09-17 18:29 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-17 18:29 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-13 03:22 . 2011-09-13 03:22 50112 --sha-w- c:\windows\system32\c_17133.nl_
2011-09-11 03:04 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-11 03:04 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-11 02:59 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-09 18:54 . 2011-09-11 23:29 -------- d-----w- c:\windows\SxsCaPendDel
2011-09-08 01:36 . 2011-09-08 01:36 52480 ----a-w- c:\windows\system32\drivers\tsk17.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2005-03-09 19:19 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\vokj.exe
2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\kvdi.exe
2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\grrd.exe
2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\fxmg.exe
2011-07-15 13:29 . 2005-03-09 19:19 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-07-05 18:59 . 2011-07-05 18:59 292664 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-03_21.58.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-04 19:27 . 2002-05-09 18:25 24576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexgo.EXE
- 2002-05-09 19:25 . 2002-05-09 19:25 24576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexgo.EXE
- 2001-01-19 20:50 . 2001-01-19 20:50 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\INSTMON.EXE
+ 2011-10-04 19:27 . 2001-01-19 19:50 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\INSTMON.EXE
- 1996-09-01 15:19 . 1996-09-01 15:19 73856 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\HLP256.DLL
+ 2011-10-04 19:27 . 1996-09-01 14:19 73856 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\HLP256.DLL
- 2002-11-13 20:40 . 2002-11-13 20:40 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcvs.dll
+ 2011-10-04 19:27 . 2002-11-13 19:40 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcvs.dll
+ 2011-10-04 19:27 . 2004-05-27 09:22 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUPD.DLL
- 2005-01-06 07:48 . 2005-01-06 07:48 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUPD.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:26 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUNRS.DLL
- 2006-04-23 20:30 . 2005-01-06 07:56 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUNRS.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:23 48128 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUI5C.DLL
- 2005-01-06 07:51 . 2005-01-06 07:51 48128 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUI5C.DLL
- 2005-01-06 07:20 . 2005-01-06 07:20 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcpwr.dll
+ 2011-10-04 19:27 . 2004-05-27 09:06 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcpwr.dll
- 2003-07-29 14:27 . 2003-07-29 14:27 78336 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPP5C.DLL
+ 2011-10-04 19:27 . 2003-07-29 13:27 78336 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPP5C.DLL
- 2003-04-30 20:35 . 2003-04-30 20:35 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWX.EXE
+ 2011-10-04 19:27 . 2003-04-30 19:35 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWX.EXE
- 2005-01-06 07:50 . 2005-01-06 07:50 85504 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCDR5C.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:23 85504 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCDR5C.DLL
- 2005-01-06 07:54 . 2005-01-06 07:54 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccoin.dll
+ 2011-10-04 19:27 . 2004-05-27 09:25 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccoin.dll
+ 2011-10-04 19:27 . 2004-05-27 09:25 57344 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccinf.dll
- 2005-01-06 07:54 . 2005-01-06 07:54 57344 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccinf.dll
+ 2011-10-04 19:27 . 2002-05-09 18:25 24576 c:\windows\system32\spool\drivers\w32x86\3\lexgo.EXE
- 2002-05-09 19:25 . 2002-05-09 19:25 24576 c:\windows\system32\spool\drivers\w32x86\3\lexgo.EXE
- 2001-01-19 20:50 . 2001-01-19 20:50 40960 c:\windows\system32\spool\drivers\w32x86\3\INSTMON.EXE
+ 2011-10-04 19:27 . 2001-01-19 19:50 40960 c:\windows\system32\spool\drivers\w32x86\3\INSTMON.EXE
+ 2011-10-04 19:27 . 1996-09-01 14:19 73856 c:\windows\system32\spool\drivers\w32x86\3\HLP256.DLL
- 1996-09-01 15:19 . 1996-09-01 15:19 73856 c:\windows\system32\spool\drivers\w32x86\3\HLP256.DLL
+ 2011-10-04 19:27 . 2002-11-13 19:40 40960 c:\windows\system32\spool\drivers\w32x86\3\dlbcvs.dll
- 2002-11-13 20:40 . 2002-11-13 20:40 40960 c:\windows\system32\spool\drivers\w32x86\3\dlbcvs.dll
- 2005-01-06 07:48 . 2005-01-06 07:48 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCUPD.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:22 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCUPD.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:26 49152 c:\windows\system32\spool\drivers\w32x86\3\DLBCUNRS.DLL
- 2006-04-23 20:30 . 2005-01-06 07:56 49152 c:\windows\system32\spool\drivers\w32x86\3\DLBCUNRS.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:23 48128 c:\windows\system32\spool\drivers\w32x86\3\DLBCUI5C.DLL
- 2005-01-06 07:51 . 2005-01-06 07:51 48128 c:\windows\system32\spool\drivers\w32x86\3\DLBCUI5C.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:06 73728 c:\windows\system32\spool\drivers\w32x86\3\dlbcpwr.dll
- 2005-01-06 07:20 . 2005-01-06 07:20 73728 c:\windows\system32\spool\drivers\w32x86\3\dlbcpwr.dll
- 2003-07-29 14:27 . 2003-07-29 14:27 78336 c:\windows\system32\spool\drivers\w32x86\3\DLBCPP5C.DLL
+ 2011-10-04 19:27 . 2003-07-29 13:27 78336 c:\windows\system32\spool\drivers\w32x86\3\DLBCPP5C.DLL
+ 2011-10-04 19:27 . 2003-04-30 19:35 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWX.EXE
- 2003-04-30 20:35 . 2003-04-30 20:35 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWX.EXE
- 2005-01-06 07:50 . 2005-01-06 07:50 85504 c:\windows\system32\spool\drivers\w32x86\3\DLBCDR5C.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:23 85504 c:\windows\system32\spool\drivers\w32x86\3\DLBCDR5C.DLL
- 2005-01-06 07:54 . 2005-01-06 07:54 49152 c:\windows\system32\spool\drivers\w32x86\3\dlbccoin.dll
+ 2011-10-04 19:27 . 2004-05-27 09:25 49152 c:\windows\system32\spool\drivers\w32x86\3\dlbccoin.dll
- 2005-01-06 07:54 . 2005-01-06 07:54 57344 c:\windows\system32\spool\drivers\w32x86\3\dlbccinf.dll
+ 2011-10-04 19:27 . 2004-05-27 09:25 57344 c:\windows\system32\spool\drivers\w32x86\3\dlbccinf.dll
- 2005-10-05 22:01 . 1997-04-09 01:08 299520 c:\windows\uninst.exe
+ 2005-10-05 22:01 . 1997-04-09 00:08 299520 c:\windows\uninst.exe
+ 2011-10-04 19:27 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\ptzipw32.dll
- 1998-10-06 22:12 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\ptzipw32.dll
- 2004-03-04 16:26 . 2004-03-04 16:26 174592 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXPPS.EXE
+ 2011-10-04 19:27 . 2004-03-04 15:26 174592 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXPPS.EXE
- 2004-03-04 16:25 . 2004-03-04 16:25 201216 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXP2P32.DLL
+ 2011-10-04 19:27 . 2004-03-04 15:25 201216 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXP2P32.DLL
- 2003-03-26 19:29 . 2003-03-26 19:29 192512 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexlmpm.dll
+ 2011-10-04 19:27 . 2003-03-26 18:29 192512 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexlmpm.dll
- 2004-02-02 20:08 . 2004-02-02 20:08 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexedf.dll
+ 2011-10-04 19:27 . 2004-02-02 19:08 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexedf.dll
- 2000-02-09 13:35 . 2000-02-09 13:35 170496 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexdrvin.exe
+ 2011-10-04 19:27 . 2000-02-09 12:35 170496 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexdrvin.exe
+ 2011-10-04 19:27 . 2004-03-04 15:30 311296 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCES.EXE
- 2004-03-04 16:30 . 2004-03-04 16:30 311296 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCES.EXE
- 2004-03-04 16:27 . 2004-03-04 16:27 147456 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCE.DLL
+ 2011-10-04 19:27 . 2004-03-04 15:27 147456 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCE.DLL
- 2004-03-04 16:34 . 2004-03-04 16:34 197120 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEX2KUSB.DLL
+ 2011-10-04 19:27 . 2004-03-04 15:34 197120 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEX2KUSB.DLL
- 2005-01-06 07:24 . 2005-01-06 07:24 380928 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUTIL.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:08 380928 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUTIL.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:24 100352 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUN5C.EXE
+ 2011-10-04 19:27 . 2004-05-27 09:23 859136 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCSTRN.DLL
- 2005-01-06 07:51 . 2005-01-06 07:51 859136 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCSTRN.DLL
- 2004-03-09 12:38 . 2004-03-09 12:38 229376 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcsk0.dll
+ 2011-10-04 19:27 . 2004-03-09 11:38 229376 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcsk0.dll
+ 2011-10-04 19:27 . 2004-04-01 14:30 118784 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWX.EXE
- 2004-04-01 15:30 . 2004-04-01 15:30 118784 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWX.EXE
+ 2011-10-04 19:27 . 2004-05-27 09:06 610304 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWR.DLL
- 2005-01-06 07:21 . 2005-01-06 07:21 610304 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWR.DLL
- 2005-01-06 07:42 . 2005-01-06 07:42 303104 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSW.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:19 303104 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSW.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:21 450560 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRP.DLL
- 2005-01-06 07:48 . 2005-01-06 07:48 450560 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRP.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:17 839680 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPA.DLL
- 2005-01-06 07:39 . 2005-01-06 07:39 839680 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPA.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:06 479232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWR.DLL
- 2005-01-06 07:20 . 2005-01-06 07:20 479232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWR.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:09 126976 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSW.DLL
- 2005-01-06 07:25 . 2005-01-06 07:25 126976 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSW.DLL
+ 2011-10-04 19:27 . 2004-02-03 18:59 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCICUR.DLL
- 2004-02-03 19:59 . 2004-02-03 19:59 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCICUR.DLL
+ 2011-10-04 19:27 . 2004-01-28 12:14 983101 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCGF.DLL
- 2004-01-28 13:14 . 2004-01-28 13:14 983101 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCGF.DLL
+ 2011-10-04 19:27 . 2004-02-03 18:56 198144 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCFC5C.DLL
- 2004-02-03 19:56 . 2004-02-03 19:56 198144 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCFC5C.DLL
- 1998-10-06 22:12 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\3\ptzipw32.dll
+ 2011-10-04 19:27 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\3\ptzipw32.dll
+ 2011-10-04 19:27 . 2004-02-02 19:08 430080 c:\windows\system32\spool\drivers\w32x86\3\LEXEDF.DLL
- 2004-02-02 20:08 . 2004-02-02 20:08 430080 c:\windows\system32\spool\drivers\w32x86\3\LEXEDF.DLL
+ 2011-10-04 19:27 . 2000-02-09 12:35 170496 c:\windows\system32\spool\drivers\w32x86\3\lexdrvin.exe
- 2000-02-09 13:35 . 2000-02-09 13:35 170496 c:\windows\system32\spool\drivers\w32x86\3\lexdrvin.exe
- 2005-01-06 07:24 . 2005-01-06 07:24 380928 c:\windows\system32\spool\drivers\w32x86\3\DLBCUTIL.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:08 380928 c:\windows\system32\spool\drivers\w32x86\3\DLBCUTIL.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:24 100352 c:\windows\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE
+ 2011-10-04 19:27 . 2004-05-27 09:23 859136 c:\windows\system32\spool\drivers\w32x86\3\DLBCSTRN.DLL
- 2005-01-06 07:51 . 2005-01-06 07:51 859136 c:\windows\system32\spool\drivers\w32x86\3\DLBCSTRN.DLL
- 2004-03-09 12:38 . 2004-03-09 12:38 229376 c:\windows\system32\spool\drivers\w32x86\3\dlbcsk0.dll
+ 2011-10-04 19:27 . 2004-03-09 11:38 229376 c:\windows\system32\spool\drivers\w32x86\3\dlbcsk0.dll
- 2004-04-01 15:30 . 2004-04-01 15:30 118784 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWX.EXE
+ 2011-10-04 19:27 . 2004-04-01 14:30 118784 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWX.EXE
+ 2011-10-04 19:27 . 2004-05-27 09:06 610304 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWR.DLL
- 2005-01-06 07:21 . 2005-01-06 07:21 610304 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWR.DLL
- 2005-01-06 07:42 . 2005-01-06 07:42 303104 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSW.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:19 303104 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSW.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:21 450560 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRP.DLL
- 2005-01-06 07:48 . 2005-01-06 07:48 450560 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRP.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:17 839680 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPA.DLL
- 2005-01-06 07:39 . 2005-01-06 07:39 839680 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPA.DLL
- 2005-01-06 07:20 . 2005-01-06 07:20 479232 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWR.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:06 479232 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWR.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:09 126976 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSW.DLL
- 2005-01-06 07:25 . 2005-01-06 07:25 126976 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSW.DLL
- 2004-02-03 19:59 . 2004-02-03 19:59 430080 c:\windows\system32\spool\drivers\w32x86\3\DLBCICUR.DLL
+ 2011-10-04 19:27 . 2004-02-03 18:59 430080 c:\windows\system32\spool\drivers\w32x86\3\DLBCICUR.DLL
- 2004-01-28 13:14 . 2004-01-28 13:14 983101 c:\windows\system32\spool\drivers\w32x86\3\DLBCGF.DLL
+ 2011-10-04 19:27 . 2004-01-28 12:14 983101 c:\windows\system32\spool\drivers\w32x86\3\DLBCGF.DLL
- 2004-02-03 19:56 . 2004-02-03 19:56 198144 c:\windows\system32\spool\drivers\w32x86\3\DLBCFC5C.DLL
+ 2011-10-04 19:27 . 2004-02-03 18:56 198144 c:\windows\system32\spool\drivers\w32x86\3\DLBCFC5C.DLL
- 2004-03-04 16:25 . 2004-03-04 16:25 201216 c:\windows\system32\LEXP2P32.DLL
+ 2004-03-04 16:25 . 2004-03-04 15:25 201216 c:\windows\system32\LEXP2P32.DLL
+ 2003-03-26 19:29 . 2003-03-26 18:29 192512 c:\windows\system32\lexlmpm.dll
- 2003-03-26 19:29 . 2003-03-26 19:29 192512 c:\windows\system32\lexlmpm.dll
- 2004-03-04 16:27 . 2004-03-04 16:27 147456 c:\windows\system32\LEXBCE.DLL
+ 2004-03-04 16:27 . 2004-03-04 15:27 147456 c:\windows\system32\LEXBCE.DLL
- 2004-03-04 16:34 . 2004-03-04 16:34 197120 c:\windows\system32\LEX2KUSB.DLL
+ 2004-03-04 16:34 . 2004-03-04 15:34 197120 c:\windows\system32\LEX2KUSB.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:07 2015232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRPR.DLL
- 2005-01-06 07:21 . 2005-01-06 07:21 2015232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRPR.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:06 5419008 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPAR.DLL
- 2005-01-06 07:21 . 2005-01-06 07:21 5419008 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPAR.DLL
- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR3.DLL
+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR3.DLL
+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR2.DLL
- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR2.DLL
+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR1.DLL
- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR1.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:07 2015232 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRPR.DLL
- 2005-01-06 07:21 . 2005-01-06 07:21 2015232 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRPR.DLL
+ 2011-10-04 19:27 . 2004-05-27 09:06 5419008 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPAR.DLL
- 2005-01-06 07:21 . 2005-01-06 07:21 5419008 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPAR.DLL
+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR3.DLL
- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR3.DLL
- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR2.DLL
+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR2.DLL
+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR1.DLL
- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR1.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-15 184320]
"RTHDCPL"="RTHDCPL.EXE" [2005-02-22 13783040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-23 126976]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-06 155648]
"Wireless Adapter Manager"="c:\program files\sony\Wireless adapter\ZDWLan.EXE" [2007-08-17 530296]
"AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2008-09-22 40960]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-17 2048352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2009-3-5 28672]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-18 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-30 17:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-01-18 20:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\All Users\\Start Menu\\Programs\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Anthua\\My Documents\\Downloads\\TDS extracted\\TDSSKiller.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbob.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
.
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/1/2009 7:43 PM 47360]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-01 c:\windows\Tasks\Java update check.job
- c:\program files\Java\jre1.6.0_07\bin\jucheck.exe [2008-11-19 09:27]
.
2005-09-22 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-03-09 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
FF - ProfilePath - c:\documents and settings\Anthua\Application Data\Mozilla\Firefox\Profiles\9mi3mtl9.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG8\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-06 15:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(3580)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-06 15:20:49
ComboFix-quarantined-files.txt 2011-10-06 19:20
ComboFix2.txt 2011-10-03 22:06
.
Pre-Run: 28,144,541,696 bytes free
Post-Run: 28,123,430,912 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE
[spybotsd]
timeout.old=30
.
- - End Of File - - 28C14C18676B6E6599E7B0854F6CB814


I have two other major issues:

1) I cannot control the volume with my keyboard (ie. I used to be able to hit Fn --> F2 to turn speakers on/off).

2) I cannot delete desktop items that we tried to delete the malware with ie. h5ceuzrc.exe and sega.com say that 'access is restricted'

Do you think the malware did this? I already had to re-install my printer!

#16 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 09 October 2011 - 07:22 PM

Yes those sound like symptoms of the malware you have.

Grab a fresh copy of ComboFix, run it, and post its log. Do the same with TDSSKiller.

Also update MBAM, run a Quick Scan, and post its log.


Reboot and let me know what issues remain.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 12 October 2011 - 02:56 AM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#18 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 14 October 2011 - 04:32 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users