Computer Hope
Software => Computer viruses and spyware => Topic started by: garddfon on August 19, 2009, 09:01:17 AM
-
Dear Computer Hope,
I have been infected with this virus and need help with manual removal of files, dlls and registry entries. I can only run Windows in safe mode and I am unable to run McAfee, Hijack This, or any other spyware removal applications. I am running Win XP but don't know how to tell which service pack I have in safe mode, I'm assuming SP2. I hope you can still help. I have found instructions elsewhere on how to remove registry entries and unregister .dll files through cmd prompt but in following instructions at hxxp://wiki-security.com/wiki/Parasite/WindowsAntivirusPro I went ahead and (unwisely?) deleted the Programmes\Windows Anti Virus Pro\ folder altogether and now do not have the .dlls to unregister. Any advice would be greatly appreciated, thanks.
garddfon
-
Stay out of the registry.
You'll have to go here....
http://www.computerhope.com/forum/index.php/topic,46313.0.html
If you've lost your connection, download the programs to a USB stick on a good PC and transfer them to your PC.
If you have difficulty, you may have to run them in safe mode, tap F8 at start, .
If you have difficulty, you may have to rename the programs when you save them.
If you get stuck on a step, proceed to the next .
Post the logs for step 3,4 and 6.
-
Hi Karnac,
Thanks very much for the instructions. Here's the update on my situation.
Step A Antivirus
McAfee would not run a full scan. I downloaded AVG Free 8.5 and tried to install from USB stick but it will not install without an internet connection. I removed McAfee before trying to install AVG as per the instructions so currently have no Antivirus protection.
Step 1 Add/Remove Programmes
(had to access this through Start>Run...appwiz.cpl as all application shortcuts are disabled) - Windows Antivirus Pro is listed but I'll wait for advice before taking action.
Step 2 House Cleaning
Completed successfully.
Step 3 SuperAntiSpyware
Renamed the .exe but got the error messge box: "SUPERAntiSpyware Free Edition has encountered a problem and needs to close".
Step 4 Malwarebytes
Renamed the .exe and installed succesfully. Performed scan, 12 problems were found. Chose Remove Selected. Application requested reboot as per the note in your instructions. System froze on reboot. Rebooted again and reperformed scan. 2 infections were still found. Checked both logs – all problems successfully quarantined and removed except two the items which were supposed to be deleted on reboot. Both log files attached.
Step 5 – not taken as not connected to internet.
Step 6 – Hikack This
Renamed the .exe and installed successfully. Performed scan. Log file attached.
Thanks for all the help so far.
garddfon
[attachment deleted by admin]
-
P.S. I should have mentioned that since my original post I managed to reboot in normal XP mode through choosing 'Last Known Good Configuration' on the f8 startup screen, so all the above was carried out in normal XP not safe mode.
-
Go here for self help
http://www.computerhope.com/forum/index.php/topic,81761.0.html
Paste your HJT log into the window of the process tool and follow the instructions at the end to remove the problems....
-
Dear Karnac,
Thanks for all your help. I have done what you suggested and followed the procedure in self help. Repeated scans in Hijack This and MalwareBytes have detected and fixed a number of problems but the following one seems impossible to shift, see extract from Self Help report below.
Missing o23 - service: antipyproex (antippro2009_100) - unknown owner - c:\windows\svchast.exe (file missing)
Here's the link to the full report (http://www.computerhope.com/cgi-bin/process.pl?o=451543)
I have not performed any of the tasks which require going online yet either as I'm not sure it's safe to do so.
Your advice on the next step would be much appreciated.
Regards,
Garddfon
-
Evilfantasy will be assisting you from here on as you may require specialized tools to remove that entry.
-
Download DDS from |HERE| (http://www.techsupportforum.com/sectools/sUBs/dds) or |HERE| (http://download.bleepingcomputer.com/sUBs/dds.scr) or |HERE| (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
Dear evilfantasy,
Thanks for your latest instructions. Here are the DSS logs as requested.
Regards,
garddfon
Attach.txt
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 26/03/2006 14:08:06
System Uptime: 15/09/2009 11:01:20 (0 hours ago)
Motherboard: Dell Inc. | | 0FF049
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 70 GiB total, 19.465 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1141: 02/09/2009 17:28:38 - Windows Defender Checkpoint
RP1142: 02/09/2009 17:28:38 - System Checkpoint
RP1143: 03/09/2009 18:49:49 - System Checkpoint
RP1144: 04/09/2009 13:32:14 - Removed SUPERAntiSpyware Free Edition
RP1145: 07/09/2009 20:07:50 - System Checkpoint
RP1146: 09/09/2009 23:18:06 - System Checkpoint
RP1147: 14/09/2009 20:53:22 - System Checkpoint
==== Installed Programs ======================
4oD
Absolute Patience
Adobe After Effects 6.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Premiere Pro
Adobe Reader 7.0.9
Anarchy Effects VST v1.3
Anarchy Rhythms VST v1.0
Antares Auto-Tune 3.10 DirectX
Antares Autotune DX v4.15
Antares Microphone Modeler 1.31 DirectX
ARTEuro
AVG 8.5
AVG Identity Protection
Broadcom Management Programs
Bubblets 1.0
CCleaner (remove only)
CD-LabelPrint
CGoban 3
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Cubase 4
Dell Media Experience
Dell System Restore
DellSupport
Digital Line Detect
DivX Content Uploader
DivX Web Player
Edirol HQ Orchestral v1.01
Google Earth
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hoyle Board Games 2003
Hoyle Card Games 2003
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Learn2 Player (Uninstall Only)
Lounge Lizard EP-2 v2.0
Malwarebytes' Anti-Malware
MangoDrum (MightyMango)
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.13)
Mozilla Thunderbird (1.5.0.7)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mXML
mZConfig
Native Instruments Absynth v3.0.2
Native Instruments B4
Native Instruments B4 Tone Wheels Bundle v1.11
NetWaiting
Ohmforce Hematohm VST v1.20
Ohmforce Mobilohm VST v1.04
Ohmforce OhmBoyz VST v1.40
Ohmforce Predatohm VST v1.30
Ohmforce Quad Frohmage Pro VST v1.10
PowerDVD 5.7
Prosoniq Morph VST v1.0
QuickSet
QuickTime
RealPlayer
Saffire PRO 2.1
SCRABBLEÆ 2005 EDITION
Seagate Manager Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sibelius 5
Skypeô 3.2
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony DVD Architect 2.0
Sony Vegas 5.0a
Spybot - Search & Destroy 1.4
Steinberg PLEX VSTi v1.0
Steinberg Voice Designer v1.03
Synaptics Pointing Device Driver
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Update Service
US122 Driver 3.40
USB Keyboard Device 1.0.1.0
Viewpoint Media Player
Warp VST V1.0
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
WordBiz version 1.8
X-treme FX
==== Event Viewer Messages From Past Week ========
08/09/2009 10:44:54, error: Service Control Manager [7000] - The Nsynas32 service failed to start due to the following error: The system cannot find the device specified.
08/09/2009 10:44:54, error: Service Control Manager [7000] - The hakgu service failed to start due to the following error: The system cannot find the file specified.
08/09/2009 10:44:54, error: Service Control Manager [7000] - The AntipyProex service failed to start due to the following error: The system cannot find the file specified.
==== End Of File ===========================
dss.txt
DDS (Ver_09-07-30.01) - NTFSx86
Run by simonp at 11:15:21.43 on 15/09/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.402 [GMT 1:00]
AV: AVG Internet Security *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://search.bearshare.com/sidebar.html?src=ssb
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
uInternet Connection Wizard,ShellNext = hxxp://www.hackerwatch.org/probe/?lips=c0a80067
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [<NO NAME>]
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\simonp\applic~1\mozilla\firefox\profiles\an2kcd0c.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPBOARDS.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-7-22 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-2 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-2 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-2 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-2 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-2 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-2 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-9-2 1370488]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-7-22 5641736]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-7-22 571912]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-9-2 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-7-22 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-7-22 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-7-22 27232]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2006-3-27 33792]
S2 AntipPro2009_100;AntipyProex;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]
S2 hakgu;hakgu;c:\windows\system32\drivers\hxwtqzjh.sys --> c:\windows\system32\drivers\hxwtqzjh.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-9-2 29208]
S3 ffPro26IO_1394;ffPro26IO_1394;c:\windows\system32\drivers\ffPro26IO_1394.sys [2008-4-10 116736]
S3 ffPro26IO_avs;ffPro26IO_avs;c:\windows\system32\drivers\ffPro26IO_avs.sys [2008-4-10 44544]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2006-3-27 16896]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2006-3-28 13504]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2009-4-23 131968]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2004-7-30 18304]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2009-4-23 39168]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2006-3-28 22304]
=============== Created Last 30 ================
2009-09-02 18:45 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-02 17:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-02 17:50 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-02 17:50 <DIR> --d----- c:\docume~1\simonp\applic~1\SUPERAntiSpyware.com
2009-09-02 15:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-09-02 15:31 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-09-02 15:31 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-02 15:31 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-02 15:31 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-02 15:31 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-02 15:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-09-02 15:29 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-09-02 15:29 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-08-20 11:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-19 18:30 <DIR> --d----- c:\docume~1\simonp\applic~1\Malwarebytes
2009-08-19 17:51 <DIR> --d----- c:\program files\CCleaner
2009-08-19 17:46 <DIR> --d----- c:\docume~1\simonp\applic~1\AVG8
2009-08-19 17:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 17:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-19 17:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-19 17:01 <DIR> --d----- c:\program files\TestMW
2009-08-19 16:58 <DIR> --d----- c:\program files\Inncognito
2009-08-19 15:23 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-18 21:31 <DIR> --d----- c:\docume~1\simonp\applic~1\McAfee
==================== Find3M ====================
2009-08-05 10:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 10:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-22 17:23 74,760 a------- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 17:23 25,608 a------- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-19 14:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 14:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 19:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 19:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 14:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-29 12:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 12:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 09:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 09:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 09:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-22 12:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 12:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 12:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 12:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 12:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 12:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 12:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-03-29 19:03 13,012 a------- c:\documents and settings\simonp\Bubblets.dat
2008-05-20 15:55 604 a---h--- c:\program files\STLL Notifier
2008-03-14 16:28 1,941 a------- c:\program files\uninstal.log
2009-04-28 19:45 88 ---shr-- c:\windows\system32\107A2D91F8.sys
2009-01-09 14:54 104 ---shr-- c:\windows\system32\F8912D7A10.sys
2009-04-28 19:45 6,736 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-15 18:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051520090516\index.dat
============= FINISH: 11:16:24.64 ===============
-
Download ComboFix from one of the below links. You must rename it before saving it!
Important! You MUST save ComboFix to your desktop. DO NOT run it yet!
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Rename ComboFix to Combo-Fix before saving it to the desktop.
(http://i154.photobucket.com/albums/s258/evilfantasy69/CF1.gif)
(http://i154.photobucket.com/albums/s258/evilfantasy69/CF2.gif)
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Driver::
AntipPro2009_100
AntipyProex
hakgu
File::
c:\windows\svchast.exe
c:\windows\system32\drivers\hxwtqzjh.sys
Folder::
c:\program files\messenger
c:\program files\viewpoint
DDS::
uSearch Page = hxxp://search.bearshare.com/sidebar.html?src=ssb
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [<NO NAME>]
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Firefox::
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
----------
Go to Add or Remove Programs and uninstall:
- Spybot - Search & Destroy 1.4 <- Way out of date. New version is 1.6 http://www.safer-networking.org/en/download/index.html
- Viewpoint Media Player
.
----------
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to infect your system.
First install the new Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html)
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close all browser windows before beginning the install.
Remove the old version(s)
Download JavaRa (http://sourceforge.net/projects/javara/)
* Unzip the file and open the JavaRa.exe
* Click Remove Older Versions
* JavaRa will search for and remove any outdated version of Java and remove any that are found.
* Click Additional Tasks
* Place a check next to Remove Useless JRE Files and click Go
* Exit JavaRa
* Delete the JavaRa files from the Desktop
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
----------
-
Dear Evilfantasy,
Many thanks for the instructions. Here is the log file as requested.
Regards,
garddfon
ComboFix 09-09-20.01 - simonp 21/09/2009 15:43.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.305 [GMT 1:00]
Running from: c:\documents and settings\simonp\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\simonp\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\svchast.exe"
"c:\windows\system32\drivers\hxwtqzjh.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\messenger
c:\program files\messenger\custsat.dll
c:\program files\messenger\logowin.gif
c:\program files\messenger\lvback.gif
c:\program files\messenger\msgsc.dll
c:\program files\messenger\msgslang.dll
c:\program files\messenger\msmsgs.exe
c:\program files\messenger\newalert.wav
c:\program files\messenger\newemail.wav
c:\program files\messenger\online.wav
c:\program files\messenger\type.wav
c:\program files\messenger\xpmsgr.chm
c:\windows\Installer\15af4d.msi
c:\windows\Installer\1c4d5.msi
c:\windows\Installer\59923.msi
c:\windows\Installer\807ce.msi
c:\windows\Installer\aaf8d.msi
c:\windows\Installer\b36f6c.msp
c:\windows\Installer\debc.msi
c:\windows\Installer\e1b68.msi
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ANTIPPRO2009_100
-------\Legacy_HAKGU
-------\Service_AntipPro2009_100
-------\Service_hakgu
((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.
2009-09-21 11:48 . 2009-09-21 11:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-02 17:45 . 2009-09-03 11:58 -------- d-----w- C:\$AVG8.VAULT$
2009-09-02 17:05 . 2009-09-02 17:05 -------- d-----w- c:\documents and settings\simonp\Local Settings\Application Data\AVG Security Toolbar
2009-09-02 16:50 . 2009-09-02 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-02 16:50 . 2009-09-04 12:36 -------- d-----w- c:\documents and settings\simonp\Application Data\SUPERAntiSpyware.com
2009-09-02 16:50 . 2009-09-04 12:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-02 14:31 . 2009-09-02 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-02 14:31 . 2009-09-02 14:31 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-09-02 14:31 . 2009-09-02 14:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-02 14:31 . 2009-09-02 14:31 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-02 14:31 . 2009-09-02 14:31 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-02 14:31 . 2009-09-02 14:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-02 14:31 . 2009-09-21 11:30 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-02 14:31 . 2009-09-02 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-02 14:29 . 2009-09-02 14:29 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-09-02 14:29 . 2009-09-02 14:29 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 14:53 . 2008-10-27 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-09-21 14:52 . 2009-08-19 14:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-21 14:36 . 2007-07-11 10:14 -------- d-----w- c:\documents and settings\simonp\Application Data\Skype
2009-09-21 12:08 . 2006-03-20 21:41 -------- d-----w- c:\program files\Java
2009-09-21 11:46 . 2007-05-29 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-20 21:38 . 2009-01-06 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-02 14:29 . 2009-08-20 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-19 17:30 . 2009-08-19 17:30 -------- d-----w- c:\documents and settings\simonp\Application Data\Malwarebytes
2009-08-19 16:51 . 2009-08-19 16:51 -------- d-----w- c:\program files\CCleaner
2009-08-19 16:47 . 2009-05-03 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-19 16:46 . 2009-08-19 16:46 -------- d-----w- c:\documents and settings\simonp\Application Data\AVG8
2009-08-19 16:04 . 2009-08-19 16:01 -------- d-----w- c:\program files\TestMW
2009-08-19 16:01 . 2009-08-19 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 15:58 . 2009-08-19 15:58 -------- d-----w- c:\program files\Inncognito
2009-08-18 20:31 . 2009-08-18 20:31 -------- d-----w- c:\documents and settings\simonp\Application Data\McAfee
2009-08-05 09:11 . 2004-08-11 17:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 12:36 . 2009-08-19 16:01 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-08-19 16:01 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 10:28 . 2009-05-08 21:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-01 10:24 . 2006-03-27 21:11 52304 ----a-w- c:\documents and settings\simonp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-01 00:56 . 2009-08-01 00:56 -------- d-----w- c:\program files\MSBuild
2009-08-01 00:56 . 2009-08-01 00:56 -------- d-----w- c:\program files\Reference Assemblies
2009-07-22 16:23 . 2009-07-22 16:23 74760 ----a-w- c:\windows\system32\drivers\UniversalDD.sys
2009-07-22 16:23 . 2009-07-22 16:23 25608 ----a-w- c:\windows\system32\drivers\AVGIDSErHr.sys
2009-07-17 18:55 . 2004-08-11 17:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 09:08 . 2004-08-11 17:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-11 17:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-11 17:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-11 17:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 2004-08-11 17:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-11 17:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-11 17:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-11 17:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-11 17:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-11 17:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-11 17:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-11 17:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-11 17:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-11 17:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-11 17:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-11 17:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2008-05-20 14:55 . 2008-05-20 14:55 604 ---ha-w- c:\program files\STLL Notifier
2008-03-14 15:28 . 2008-03-14 15:13 1941 ----a-w- c:\program files\uninstal.log
2009-04-28 18:45 . 2006-10-06 00:41 88 --sh--r- c:\windows\system32\107A2D91F8.sys
2009-01-09 13:54 . 2006-03-27 21:10 104 --sh--r- c:\windows\system32\F8912D7A10.sys
2009-04-28 18:45 . 2006-03-27 21:10 6736 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-21 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-13 155648]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-02 2007832]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-20 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-02 14:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [22/07/2009 17:23 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [02/09/2009 15:31 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/09/2009 15:31 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/09/2009 15:31 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/09/2009 15:30 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/09/2009 15:30 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [02/09/2009 15:30 1370488]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [22/07/2009 17:23 5641736]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [22/07/2009 17:23 571912]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28/10/2008 16:42 156968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [02/09/2009 15:29 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [22/07/2009 17:23 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [22/07/2009 17:23 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [22/07/2009 17:23 27232]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [27/03/2006 18:27 33792]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [02/09/2009 15:29 29208]
S3 ffPro26IO_1394;ffPro26IO_1394;c:\windows\system32\drivers\ffPro26IO_1394.sys [10/04/2008 15:48 116736]
S3 ffPro26IO_avs;ffPro26IO_avs;c:\windows\system32\drivers\ffPro26IO_avs.sys [10/04/2008 15:48 44544]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [27/03/2006 18:27 16896]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [28/03/2006 09:29 13504]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [23/04/2009 11:50 131968]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [30/07/2004 12:02 18304]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [23/04/2009 11:50 39168]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [28/03/2006 09:29 22304]
.
Contents of the 'Scheduled Tasks' folder
2009-09-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-06 22:28]
2009-09-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{74E648E9-0735-49EE-BE00-E2FDFD544E18}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
2009-09-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 22:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.hackerwatch.org/probe/?lips=c0a80067
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\simonp\Application Data\Mozilla\Firefox\Profiles\an2kcd0c.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBOARDS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Anarchy Effects VST v1.3 - c:\progra~1\STEINB~1\VSTPLU~1\ANARCH~2\UNWISE.EXE
AddRemove-Anarchy Rhythms VST v1.0 - c:\progra~1\STEINB~1\VSTPLU~1\ANARCH~1\UNWISE.EXE
AddRemove-HijackThis - c:\program files\Inncognito\Incog\HijackThis.exe
AddRemove-Native Instruments Absynth v3.0.2 - c:\progra~1\ABSYNT~1\UNWISE.EXE
AddRemove-Ohmforce Hematohm VST v1.20 - c:\progra~1\STEINB~1\VSTPLU~1\Hematohm\UNWISE.EXE
AddRemove-Ohmforce Mobilohm VST v1.04 - c:\progra~1\STEINB~1\VSTPLU~1\Ohmforce\Mobilohm\UNWISE.EXE
AddRemove-Ohmforce OhmBoyz VST v1.40 - c:\progra~1\STEINB~1\VSTPLU~1\OhmBoyz\UNWISE.EXE
AddRemove-Ohmforce Predatohm VST v1.30 - c:\progra~1\STEINB~1\VSTPLU~1\PREDAT~1\UNWISE.EXE
AddRemove-Ohmforce Quad Frohmage Pro VST v1.10 - c:\progra~1\STEINB~1\VSTPLU~1\OHMFOR~1\QUADFR~1\UNWISE.EXE
AddRemove-Prosoniq Morph VST v1.0 - c:\progra~1\STEINB~1\VSTPLU~1\PROSON~1\UNWISE.EXE
AddRemove-Warp VST V1.0 - c:\progra~1\STEINB~1\VSTPLU~1\WARPVS~1.0\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 15:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP000000294AF21BCF2303176A 524288 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-770456451-3562159303-2418692189-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1727FC36-5D3D-4896-9DEE-AFE8A6A530BF}\Version*Version]
"Version"=hex:ac,6b,4e,f9,2e,07,46,fc,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,
30,18,29,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,30,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(328)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Kontiki\KService.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-09-21 16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-21 15:00
Pre-Run: 20,419,534,848 bytes free
Post-Run: 20,494,442,496 bytes free
309 --- E O F --- 2009-08-18 09:29
-
* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combo-Fix /u in the runbox
* Make sure there's a space between Combo-Fix and /u
* Then hit Enter
* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
----------
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
----------
Use the Kaspersky Lab Online Scanner (http://www.kaspersky.com/virusscanner)
In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
- Click on SCAN NOW
- Click Accept.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
- The scan will take a while, so be patient and let it finish.
When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As- Next, in the Save as prompt, Save in area, select: Desktop.
- In the File name area use KScan, or something similar.
- In Save as type: click the drop arrow and select: Text file [*.txt]
- Then, click: Save
(http://i154.photobucket.com/albums/s258/evilfantasy69/Kas-Savetxt.gif)
Copy and paste the Kaspersky Online Scanner Report in your next reply.
Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
If needed, this animation (http://img505.imageshack.us/my.php?image=kassm9.gif) will guide you through the process.
-
Hello again,
Thanks for those instructions.
1. I get the following error when I try to remove Combo-Fix: "Windows cannot find 'Combo-Fix' Make sure you typed the name correctly, and then try again." The file is called 'Combo-Fix.exe' and located on the Desktop as per the instructions.
2. Done.
3. I've been offline up until now and my AVG firewall is currently blocking everything; I'm not sure how to safely configure AVG to go online to use the Kaspersky tool.
Many thanks.
Garddfon
-
You will need to manually delete the Combo-Fix files.
Delete ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt
Is AVG a trial or paid version?
You can try to create a rule in the AVG Firewall. To do this you will need to open the AVG Control Center, Right click on the Firewall, and then left click on Configure.
-
OK thanks.
At the moment I've got AVG Internet Security Suite 8.5 on trial 'til 2/10/09. I have run the Firewall Configuration Wizard, which creates a new Profile (standalone computer in my case). I can see from the profile settings that my defined adapters and networks are all classified as unsafe but I'm not sure what configurations settings I actually need and not convinced that changing the definitions to 'safe' is the right thing to do...
Really appreciate your help.
Garddfon
-
If you don't plan on buying the full version I would suggest going ahead and uninstalling it then download/install the free version and also a free firewall. No need paying for something that you can get for free...
Avira is the top of the list as far as reliability and performance.
Remember to only install one antivirus!
1) Avast! Home Free Edition (http://www.avast.com/eng/download-avast-home.html)
2) AVG Free Edition (http://free.avg.com/)
3) Avira AntiVir Personal (http://www.free-av.com/)
I suggest the free version of Online Armour but these are all good.
Remember only install ONE firewall
1) Comodo (http://www.personalfirewall.comodo.com/) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any Ask.com options if you choose this one)
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) Sunbelt/Kerio (http://www.sunbeltsoftware.com/Home-Home-Office/Sunbelt-Personal-Firewall/)
4) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
5) PC Tools Firewall Plus (http://www.pctools.com/firewall/)
-
OK well I have time left on a subscription to McAfee Security Centre but it got screwed up with the virus and I decided to use AVG in meantime since I couldn't find the offline installation download on their website at the time. Anyhow, I'll have another go with the McAfee site or failing that, try your suggestions. Thank you.
Regards,
Graddfon
-
Run this and then you should be able to reinstall McAfee.
Download the McAfee Consumer Product Removal Tool (http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html) to your Desktop.
Using McAfee Consumer Product Removal tool:
- Double click the MCPR.exe
- A Command Line window will be displayed, and then close automatically.
- Wait for a second Command Line window to be displayed.
- Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
- After the second window appears, the program will begin the cleanup.
- Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
- Press Y on the keyboard.
- Wait for the computer to restart.
- All McAfee products are now removed from your computer.
-
OK thanks for that, I've done that. Still can't seem to find an offline install version of McAfee so will try the products you've suggested now. Thanks again.
Regards,
garddfon
-
Are you on dial-up?
-
Hi evilfantasy,
OK I've successfully installed Avira and Online Armor and have now run the Kaspersky Scan. Results pasted below.
No I'm not dial-up, but didn't want to connect until sure that Firewall and Antivirus functioning properly.
Thanks,
Garddfon
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 23, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 23, 2009 13:25:40
Records in database: 2871703
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 92651
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:12:07
File name / Threat / Threats count
C:\Documents and Settings\simonp\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan.Win32.Agent2.bl 1
Selected area has been scanned.
-
How is the computer running now?
-
Hi again,
No obvious signs of anything dodgy thankfully. Any thoughts on the 1 infected item from the Kaspersky scan?
Regards,
Garddfon
-
I'm thinking it's a false positive but I'm not sure. It's an email in your Outlook Inbox. Check it to see if there is any spam there and delete it.
Final suggestions.
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy (http://www.safer-networking.org/en/spybotsd/index.html). Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.