Author Topic: Possible viruses (Read 8476 times)

AmyLP2 · « **on:** May 18, 2011, 12:13:13 AM »

I was told to do the computer hope virus and spyware guildlines and send the logs to be looked at. My problem is everytime I log onto the internet, everything from the websites are going into my temporary internet files! I mean everything from logo's,png's,gif's,cookies, ect.! This is so bad that my computer slows down and finally locks up. I have my security set on medium high and my privacy set the same. They are deleted once I log off from the internet. I'm sending all the logs from all the different programs. I did find that after running the MBAM, I had one infection. Waiting to hear back from you as to what I should do next. Thank you for all your help and time!!! Amy

[recovering disk space - old attachment deleted by admin]

SuperDave · « **Reply #1 on:** May 18, 2011, 04:52:48 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
**********************************************************
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

AmyLP2 · « **Reply #2 on:** May 18, 2011, 08:34:18 PM »

Dave....I downloaded the DDS to desktop and it started to run. Then it stopped responding. Unable to do anything, ctl-alt-delete....esc....couldn't even shut down the computer. Finally had to remove the battery. Started the DDS again and computer locked up again. Any suggestions? My Online Armor kept asking me if to allow, which I did. Amy

SuperDave · « **Reply #3 on:** May 19, 2011, 04:58:20 PM »

Please tell me how much free space you have on your hard drive C: To do this click on My Computer, right click on the C drive and give me the information. Disk size and free space.

AmyLP2 · « **Reply #4 on:** May 20, 2011, 01:05:22 PM »

Hi, Dave:

Capacity: 20,003,848,192 bytes (18.6 GB)

Free Space: 553,978,816 bytes (5.13 GB)

Used space: 14,488,869,376 bytes (13.4 GB)

I have removed programs from my installed programs as much as I could. I have not removed anything thing that may have been installed during my instructions for all the steps ie: Malware Removel Steps. Thank-you!! Amy

SuperDave · « **Reply #5 on:** May 20, 2011, 05:16:29 PM »

Can you run DDS now?

AmyLP2 · « **Reply #6 on:** May 20, 2011, 07:45:31 PM »

Hello...well I was finally able to run DDS!! Ya-Hoo.....hope these attachments help you understand what I have going on! ....Again, Thank-you so much for your time!! Amy

[recovering disk space - old attachment deleted by admin]

AmyLP2 · « **Reply #7 on:** May 20, 2011, 07:57:42 PM »

Sorry, just noticed you prefer no attachments:
.
==== Installed Programs ======================
.
.
3Com 3Link
3Com Wireless LAN Manager
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.1
Adobe® Photoshop® Album Starter Edition 3.2
ATI Display Driver
AVG Free 8.5
CCleaner
Comcast High-Speed Internet Install Wizard
Compaq Easy Access Buttons 3.00 B3
Compatibility Pack for the 2007 Office system
Crown Print Monitor
Crown Print Monitor+
Encarta Online
Google Toolbar for Internet Explorer
Google Update Helper
GSview and Aladdin Ghostscript
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 25
Learn2 Player (Uninstall Only)
magicolor 2300 DL
Malwarebytes' Anti-Malware
MetWINS
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft XML Parser
MINOLTA-QMS magicolor 2300 DL Printer Driver Software
MSN Music Assistant
Online Armor 5.0
PA070 Driver Uninstall
PDFLIB
PDFlib 4.0.1
Protection PLUS 4.2 Enterprise Edition
PVRLoader
QuickTime
Radioshack USB-to-Serial Cable Driver Installer
RadioShack USB to Serial Driver
RealPlayer Basic
RTLSetup
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Setup Compaq Software
SoundMAX
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics TouchPad
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinZip
Yahoo! Install Manager
.
==== End Of File ===========================

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by John at 20:35:04.15 on Fri 05/20/2011
Internet Explorer: 8.0.6001.18702
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01111E00-3E00-11D2-8470-0060089874ED} - hxxp://support.charter.com/sdccommon/download/tgctlsi.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120443198675
DPF: {670821E0-76D1-11D4-9F60-009027A966BF} - hxxp://racing.youbet.com/wr_6_2/controls/ybrequest.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - hxxp://racing.youbet.com/controls/YBUICtrl.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online armor\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? AllWirelessLansService;3Com Wireless LAN Support
R? ATICDSDr;ATICDSDr
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? LanSupportService;3Com LAN Support
R? LMIInfo;LogMeIn Kernel Information Provider
R? LMIRfsClientNP;LMIRfsClientNP
R? SAEngine;3Link Engine
R? SvcOnlineArmor;Online Armor
S? avg8emc;AVG Free8 E-mail Scanner
S? avg8wd;AVG Free8 WatchDog
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? AvgTdiX;AVG Free8 Network Redirector
S? C4C_BSC2;C4C_BSC2
S? LMIGuardianSvc;LMIGuardianSvc
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? MLPTDR_B;MLPTDR_B
S? OAcat;Online Armor Helper Service
S? OADevice;OADriver
S? oahlpXX;Online Armor helper driver
S? OAmon;OAmon
S? OAnet;OAnet
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? WLP92B;3Com 3CRWE62092B Wireless LAN PC Card
.
=============== Created Last 30 ================
.
2011-05-18 04:55:18   388096   ----a-r-   c:\docume~1\john\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-18 04:55:17   --------   d-----w-   c:\program files\Trend Micro
2011-05-17 23:56:21   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-17 23:56:11   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-17 23:56:04   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-05-17 20:05:25   --------   d-----w-   c:\docume~1\john\applic~1\SUPERAntiSpyware.com
2011-05-17 20:05:25   --------   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-05-17 20:04:43   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-05-16 05:40:10   --------   d-----w-   c:\program files\CCleaner
2011-05-16 05:39:16   --------   d-----w-   c:\docume~1\john\locals~1\applic~1\Temp
2011-05-16 00:06:09   --------   d-----w-   c:\docume~1\john\applic~1\OnlineArmor
2011-05-16 00:06:09   --------   d-----w-   c:\docume~1\alluse~1\applic~1\OnlineArmor
2011-05-16 00:04:29   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-05-16 00:04:29   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-05-16 00:04:27   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-05-16 00:04:27   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-05-16 00:04:19   --------   d-----w-   c:\program files\Online Armor
2011-05-15 23:31:08   --------   d-----w-   c:\documents and settings\all users\Uniblue
2011-05-15 20:14:58   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-05-15 20:14:58   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-05-15 03:15:27   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-03 17:39:29   954368   ------w-   c:\windows\system32\dllcache\mfc40.dll
2011-05-03 17:39:28   953856   ------w-   c:\windows\system32\dllcache\mfc40u.dll
2011-05-03 17:38:24   617472   ------w-   c:\windows\system32\dllcache\comctl32.dll
2011-05-03 17:34:13   40960   ------w-   c:\windows\system32\dllcache\ndproxy.sys
2011-05-03 17:25:23   45568   ------w-   c:\windows\system32\dllcache\wab.exe
2011-05-03 07:00:34   0   ----a-w-   C:\VDM20.tmp
2011-05-03 07:00:34   0   ----a-w-   C:\VDM1F.tmp
2011-05-03 04:42:12   --------   d-----w-   C:\Temp Internet files
2011-05-03 01:37:44   --------   d-sh--w-   c:\documents and settings\john\IECompatCache
2011-05-03 01:36:19   --------   d-sh--w-   c:\documents and settings\john\PrivacIE
2011-05-03 01:33:32   --------   d-sh--w-   c:\documents and settings\john\IETldCache
2011-05-03 01:24:15   --------   d-----w-   c:\windows\ie8updates
2011-05-03 01:16:50   --------   dc-h--w-   c:\windows\ie8
2011-05-03 00:59:50   7680   ------w-   c:\windows\system32\dllcache\iecompat.dll
2011-05-03 00:59:26   12800   ------w-   c:\windows\system32\dllcache\xpshims.dll
2011-05-03 00:59:24   743424   ------w-   c:\windows\system32\dllcache\iedvtool.dll
2011-05-03 00:59:23   247808   ------w-   c:\windows\system32\dllcache\ieproxy.dll
2011-05-02 20:59:20   --------   d-----w-   c:\windows\system32\scripting
2011-05-02 20:59:15   --------   d-----w-   c:\windows\l2schemas
2011-05-02 20:59:14   --------   d-----w-   c:\windows\system32\en
2011-05-02 19:12:50   276992   ------w-   c:\windows\system32\wmphoto.dll
2011-05-02 19:12:39   69120   ------w-   c:\windows\system32\wlanapi.dll
2011-05-02 19:12:32   712704   ------w-   c:\windows\system32\windowscodecs.dll
2011-05-02 19:12:32   346112   ------w-   c:\windows\system32\windowscodecsext.dll
2011-05-02 19:11:59   50688   ------w-   c:\windows\system32\tspkg.dll
2011-05-02 19:11:58   53248   ------w-   c:\windows\system32\tsgqec.dll
2011-05-02 19:10:40   10240   ------w-   c:\windows\system32\drivers\sffp_mmc.sys
2011-05-02 19:10:37   32768   ------w-   c:\windows\system32\setupn.exe
2011-05-02 19:10:18   290304   ------w-   c:\windows\system32\rhttpaa.dll
2011-05-02 19:10:13   61952   ------w-   c:\windows\system32\rasqec.dll
2011-05-02 19:10:07   76800   ------w-   c:\windows\system32\qutil.dll
2011-05-02 19:09:59   62464   ------w-   c:\windows\system32\qcliprov.dll
2011-05-02 19:09:58   291328   ------w-   c:\windows\system32\qagentrt.dll
2011-05-02 19:09:58   150528   ------w-   c:\windows\system32\qagent.dll
2011-05-02 19:09:48   412160   ------w-   c:\windows\system32\photometadatahandler.dll
2011-05-02 19:09:31   144384   ------w-   c:\windows\system32\onex.dll
2011-05-02 19:09:22   86016   ------w-   c:\program files\msn\msncorefiles\oobe\obepopc.dll
2011-05-02 19:09:22   77824   ------w-   c:\program files\msn\msncorefiles\oobe\obemtllc.dll
2011-05-02 19:09:21   966656   ------w-   c:\program files\msn\msncorefiles\oobe\obemetal.dll
2011-05-02 19:09:20   229376   ------w-   c:\program files\msn\msncorefiles\oobe\obelog.dll
2011-05-02 19:08:48   30208   ------w-   c:\windows\system32\napipsec.dll
2011-05-02 19:08:48   193024   ------w-   c:\windows\system32\napmontr.dll
2011-05-02 19:08:48   176640   ------w-   c:\windows\system32\napstat.exe
2011-05-02 19:08:43   79872   ------w-   c:\windows\system32\msxml6r.dll
2011-05-02 19:08:43   79872   ------w-   c:\windows\system32\dllcache\msxml6r.dll
2011-05-02 19:08:41   1372672   ------w-   c:\windows\system32\msxml6.dll
2011-05-02 19:08:41   1372672   ------w-   c:\windows\system32\dllcache\msxml6.dll
2011-05-02 19:08:18   76800   ------w-   c:\windows\system32\msshavmsg.dll
2011-05-02 19:08:18   155136   ------w-   c:\windows\system32\mssha.dll
2011-05-02 19:08:05   1327320   ------w-   c:\program files\msn\msncorefiles\install\msnsusii.exe
2011-05-02 19:07:48   11053008   ------w-   c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
2011-05-02 19:06:40   33792   ------w-   c:\windows\system32\mmcperf.exe
2011-05-02 19:06:39   106496   ------w-   c:\windows\system32\mmcfxcommon.dll
2011-05-02 19:06:38   397312   ------w-   c:\windows\system32\mmcex.dll
2011-05-02 19:06:38   184320   ------w-   c:\windows\system32\microsoft.managementconsole.dll
2011-05-02 19:05:05   37376   ------w-   c:\windows\system32\l2gpstore.dll
2011-05-02 19:04:51   61440   ------w-   c:\windows\system32\kmsvc.dll
2011-05-02 19:04:48   6144   ------w-   c:\windows\system32\kbdpash.dll
2011-05-02 19:04:48   6144   ------w-   c:\windows\system32\kbdnepr.dll
2011-05-02 19:04:47   6144   ------w-   c:\windows\system32\kbdiultn.dll
2011-05-02 19:04:47   6144   ------w-   c:\windows\system32\kbdbhc.dll
2011-05-02 19:02:59   884712   ------w-   c:\program files\msn\msncorefiles\install\msn9components\digcore.exe
2011-05-02 19:02:58   48640   ------w-   c:\windows\system32\dhcpqec.dll
2011-05-02 19:02:49   12800   ------w-   c:\windows\system32\credssp.dll
2011-05-02 19:02:25   7168   ------w-   c:\windows\system32\bitsprx4.dll
2011-05-02 19:02:23   233472   ------w-   c:\windows\system32\azroles.dll
2011-05-02 19:01:51   136192   ------w-   c:\windows\system32\aaclient.dll
2011-05-02 04:58:16   22   --sha-w-   c:\docume~1\john\applic~1\Sys2662.Config.Repository.bin
2011-05-02 04:50:50   9918280   ----a-w-   C:\jv16pt_setup_hb.exe
2011-05-02 01:19:37   81920   ------w-   c:\windows\system32\dllcache\fontsub.dll
2011-05-02 01:13:03   2066432   -c----w-   c:\windows\system32\dllcache\mstscax.dll
2011-05-02 01:05:05   5120   -c--a-w-   c:\windows\system32\xpsp4res.dll
2011-05-02 00:57:05   471552   ------w-   c:\windows\system32\dllcache\aclayers.dll
2011-05-02 00:55:13   744448   ------w-   c:\windows\system32\dllcache\helpsvc.exe
2011-05-02 00:49:30   284160   ------w-   c:\windows\system32\dllcache\pdh.dll
2011-05-02 00:49:29   401408   ------w-   c:\windows\system32\dllcache\rpcss.dll
2011-05-02 00:49:29   35328   ------w-   c:\windows\system32\dllcache\sc.exe
2011-05-02 00:49:28   110592   ------w-   c:\windows\system32\dllcache\services.exe
2011-05-02 00:49:27   473600   ------w-   c:\windows\system32\dllcache\fastprox.dll
2011-05-02 00:49:26   227840   ------w-   c:\windows\system32\dllcache\wmiprvse.exe
2011-05-02 00:49:24   453120   ------w-   c:\windows\system32\dllcache\wmiprvsd.dll
2011-05-02 00:49:22   730112   -c----w-   c:\windows\system32\dllcache\lsasrv.dll
2011-05-02 00:49:21   617472   ------w-   c:\windows\system32\dllcache\advapi32.dll
2011-05-02 00:49:19   718336   ------w-   c:\windows\system32\dllcache\ntdll.dll
2011-05-02 00:49:14   2148864   ------w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2011-05-02 00:49:07   2192768   ------w-   c:\windows\system32\dllcache\ntoskrnl.exe
2011-05-02 00:48:58   2027008   ------w-   c:\windows\system32\dllcache\ntkrpamp.exe
.
==================== Find3M ====================
.
2011-05-01 23:51:10   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2011-03-07 05:33:50   692736   -c--a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21:11   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06:29   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06:29   43520   ------w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59   385024   ------w-   c:\windows\system32\html.iec
2001-09-29 00:00:28   164864   -c--a-w-   c:\program files\UNWISE.EXE
.
============= FINISH: 20:39:12.77 ===============

SuperDave · « **Reply #8 on:** May 21, 2011, 01:17:55 PM »

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
This next scanner may not work with AVG on your computer. If you get such a message, please let me know and we'll do a work-around

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

AmyLP2 · « **Reply #9 on:** May 25, 2011, 01:43:43 PM »

Sorry its taken me so long to get back to you! You have no idea what I have been going through with this computer. I was able to download the Security Check finally, disabled the AVG, downloaded the ComboFix, tried running it, then it came to a complete stop and disappeared. So retried, started to run again, got a message about AVG and may hurt my computer. Then everything locked up again. Had to remove my battery and unplug computer. Tried unistalling and got error message. Here is the Security Check log and the error message I got when I tried to unistall the AVG.

Unistall failed!

1 error uccured. Click Details to show more information.

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005

Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG Free 8.5
Online Armor 5.0
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
CCleaner
Java(TM) 6 Update 25
Adobe Flash Player
Adobe Reader 8.1.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
``````````End of Log````````````

SuperDave · « **Reply #10 on:** May 25, 2011, 05:08:08 PM »

Ok. AVG gives me so much trouble. Here's what you should do. Download and install one of the other free AV programs from the link below. MicroSoft Security Essentials is the best one to work with; No registration and updates automatically. Once you have a new AV installed, run the AVG Removal Tool below. Then disable your new AV program and run ComboFix. Don't forget to re-enable your AV afterwards.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

AVG Antivirus Remover utility

Computer Hope Forum

News:

Author Topic: Possible viruses (Read 8476 times)

AmyLP2

Possible viruses

SuperDave

Re: Possible viruses

AmyLP2

Re: Possible viruses

SuperDave

Re: Possible viruses

AmyLP2

Re: Possible viruses

SuperDave

Re: Possible viruses

AmyLP2

Re: Possible viruses

AmyLP2

Re: Possible viruses

SuperDave

Re: Possible viruses

AmyLP2

Re: Possible viruses

SuperDave

Re: Possible viruses