Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Please help: malware infection and internet connection lost  (Read 11091 times)

0 Members and 1 Guest are viewing this topic.

chakik

    Topic Starter


    Greenhorn

    • Credit Consommation Sans Justificatif
  • Experience: Beginner
  • OS: Unknown
Please help: malware infection and internet connection lost
« on: August 25, 2011, 04:23:38 PM »
Hello,

I was trying to download softwares from the internet and sunddenly chorme and firefox don't run. IE still running so I connected to the internet and searched for this and posts recommended to download SUPERAntispyware. I did download SUPERantispyware and run it.
It detects a lot of things.. then I proceed to deleted the detected warm, trojan etc..

I restarted the computer, now chrome and firefox and IE all could be opened
BUT I LOST INTERNET CONNECTION. The wireless of my laptop is detecting the connection but the small icon has a red x on it.

If I try to connect to the wireless connection, I get connection unsuccessful.

I'm using windows vista.

The log file generated by SUPERantispyware is attached to this post.

PLEASE HELP.

Thank you.
-FADI




[regaining space - attachment deleted by admin]

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 996
  • Certifications: List
  • Experience: Expert
  • OS: Windows 8
Re: Please help: malware infection and internet connection lost
« Reply #1 on: August 26, 2011, 05:44:06 PM »
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
************************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

chakik

    Topic Starter


    Greenhorn

    • Credit Consommation Sans Justificatif
  • Experience: Beginner
  • OS: Unknown
Re: Please help: malware infection and internet connection lost
« Reply #2 on: August 27, 2011, 09:24:02 AM »
Hello,

Thank you for your support. Kindly find here after the content of the log files you asked me about.
Thanks a lot.
-Fadi

##### mbam-log-2011-08-26 (16-49-39) #########
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/26/2011 4:49:39 PM
mbam-log-2011-08-26 (16-49-39).txt

Scan type: Quick scan
Objects scanned: 214616
Time elapsed: 14 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\KYQ8ZBOAXR (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

######## ATTACH ############
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/14/2009 6:22:49 AM
System Uptime: 8/27/2011 4:19:04 PM (2 hours ago)
.
Motherboard: TOSHIBA |  | KSRAA
Processor: Intel(R) Core(TM)2 Duo CPU     P7350  @ 2.00GHz | U2E1 | 2000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 176 GiB total, 13.745 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia E51
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia E51
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
50 FREE MP3s +1 Free Audiobook!
AAC Decoder
ActivePerl 522
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
ALI WEB FONTS
ALPS Touch Pad Driver
Altostorm Rectilinear Panorama v1.3 Pro
Antechinus JavaScript Editor v10.0
Apache Web Server
Apple Application Support
Apple Software Update
Article Marketing Robot
Article Submitter 2.1
Ask Toolbar
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
AudiA7 v0.6.0
Auto Blog Samurai
Autopano-SIFT 2.3
AutoUpdate
AVD Video Processor 8.0.1 TRIAL
AVG 2011
Badongo
bazAR
BitTorrent
Bluetooth Stack for Windows by Toshiba
BMW 3D Paintbrush
Camera Assistant Software for Toshiba
CamStudio
CCleaner
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CMake 2.8 a cross-platform, open-source build system
CodeCharge Studio 3.0
Crystal Reports Basic for Visual Studio 2008
CyberLink PowerCinema for TOSHIBA
DashCommand
Data Entry for Windows 4.0.0
dbQwikSite 6
Deluxe Menus Trial
DHTML Editing Component
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DivX Version Checker
DNA
Dolby Control Center
Download Accelerator Plus (DAP)
Dundas Chart Builder
Dundas Chart v7.0 for Windows Forms - Professional Eval (VS2008)
Dundas Map v1.1 for Windows Forms - Eval (VS2008)
DVD Flick 1.3.0.7
DVD MovieFactory for TOSHIBA
DzSoft Perl Editor 5.8
DzSoft PHP Editor 4.2.3
E-Data Collection Survey Engine
EasyPHP 1.8
EditPlus 3
Epi Info
Evrsoft First Page 2006
Ext Designer
FaceOnIt - Face Detector
FaceOnIt - Face Tracker
Feedback Tool
FileZilla Client 3.3.5.1
Firebird PHP Generator Professional 10.8
FlashGet 3.7
Free Monitor for Google 2.5
FusionCharts for VB Trial Version
Geany 0.20
GearDrvs
GnuWin32: Gsl version 1.6
Google Chrome
Google Chrome Frame
Google Desktop
Google Earth Plug-in
Google Talk (remove only)
Google Update Helper
GoToMeeting 4.5.0.457
GrindEQ LaTeX-to-Word (remove only)
GrindEQ Math Utilities (remove only)
GrindEQ Word-to-Latex (remove only)
GSview 4.8
Gtk+ Development Environment for Windows 2.8.8-rc2
H.264 Decoder
HomeCamera Client
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HP LaserJet Professional M1530 MFP Series
HP LJ M1530 MFP Series HP Scan
HPLaserJetHelp_LearnCenter
HPLJUT
hppFaxDrvM1530
hppFaxUtilityM1530
hppLaserJetService
hppM1530LaserJetService
hppSendFaxM1530
hppTLBXFXM1530
hpzTLBXFX
HTML-Kit
I.R.I.S. OCR
IBP 11.9
Inspyder Rank Reporter Trial
Intel® Matrix Storage Manager
Ipswitch WS_FTP LE
IrfanView (remove only)
Java(TM) 6 Update 6
JMicron JMB38X Flash Media Controller
JPEG to PDF 1.0
K-Lite Codec Pack 3.2.5 Standard
Keyword Research Pro
KompoZer 0.8b3
Kurdish
Likno Web Modal Windows Builder 2.0.206
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Macromedia Dreamweaver 8
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Magic ISO Maker v5.4 (build 0256)
MagicSymbol v0.5
Malwarebytes' Anti-Malware version 1.51.1.1800
Market Samurai
MathType 6
MATLAB R2007a
MATLAB R2009a
MedCalc
Memeo AutoBackup
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft ASP.NET Web Matrix
Microsoft Choice Guard
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Suite Activation Assistant
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Visual Studio Web Authoring Component
Microsoft Web Publishing Wizard 1.53
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft XML Parser
MiKTeX 2.7
MKV Splitter
Mozilla Firefox (3.6.18)
MP4 Player
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser
MVision
My Screen Recorder 3.1
MyReporter
MySQL Connector/ODBC 3.51
MySQL Server 5.1
MySQL Servers and Clients 4.0.12
MySQL Workbench 5.0 OSS
Nakido
NeuroSolutions for MATLAB
NeuroXL Package 3.0.2
Nokia Connectivity Cable Driver
Nokia PC Suite
Notepad++
Nuclass7.1 - Nonlinear Networks for Classification
NVIDIA Drivers
Open Source Computer Vision Library 1.1pre1
OpenAL
OpenCV SDK
PC Connectivity Solution
PC Image Editor
PhpMySQLWizard  Demo 1.5
Picasa 2
Python 2.7
QuickBooks Financial Center
QuickTime
Rank Tracker
Rapid PHP 2010 v10.2
RAR Password Cracker 4.12
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Recognize, Predict, Forecast!
Revo Uninstaller Pro 2.5.3
Roadnav v0.19
ScanXL Professional
Screen Master (remove only)
Screen Video Recorder 1.5
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SEO Administrator 4.42
Setup_ELECTIONS
Skype Toolbars
Skype™ 5.3
SlickEdit 2009 (14.0.0)
Slik Subversion 1.6.15 (x86)
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
soft Xpansion Hair Master 4 International Demo
SpeedBit Video Accelerator
SpeedBit Video Downloader
SPSS 16.0 for Windows
SPSS 17
SPSS Data Access Pack 4.5 for Windows
SPSS Dimensions Component Pack 4.5
SPSS SmartViewer 16.0
SQLyog Community 8.71
SQLyog Trial 8.71
Subtitle Workshop 2.51
SUPERAntiSpyware
SurveyPro4 Demonstration
TeXnicCenter Version 1.0 Stable RC1
Tiberius
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Games
TOSHIBA Hardware Setup
TOSHIBA PowerCinema Helper
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Total Immersion - Molson Dry AR
Total Immersion D'Fusion @Home Web Plug-In
TradeManager 2008
Traffic Travis 3.3.16
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Utility Common Driver
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
Ventuz 2008
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
WampServer 2.0
WebCam for MSN Messenger
Winamp
Winamp Detector Plug-in
Winamp Toolbar
Windows Driver Package - Nokia Modem  (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem  (10/12/2007 3.6)
Windows Kurdish Support
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
WinSCP 4.2.9
WinSurvey
Xvid 1.2.1 final uninstall
Zend Studio - 7.0.0
.
==== Event Viewer Messages From Past Week ========
.
8/27/2011 6:13:33 PM, Error: Service Control Manager [7001]  - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:  The operation completed successfully.
8/27/2011 6:04:10 PM, Error: Microsoft-Windows-Dhcp-Client [1008]  - Your computer was unable to initialize a Network Interface attached to the system. The error code is: Access is denied..
8/27/2011 4:30:50 PM, Error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).
8/27/2011 4:28:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/27/2011 4:27:46 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/27/2011 4:26:55 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
8/27/2011 4:26:22 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/27/2011 4:25:32 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  Operation aborted
8/27/2011 4:25:32 PM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/27/2011 4:24:49 PM, Error: EventLog [6008]  - The previous system shutdown at 03:05:25 ć on 27/08/2011 was unexpected.
8/27/2011 4:19:12 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
8/27/2011 2:55:37 PM, Error: EventLog [6008]  - The previous system shutdown at 02:12:46 ć on 27/08/2011 was unexpected.
8/26/2011 6:03:27 PM, Error: Service Control Manager [7023]  - The DHCP Client service terminated with the following error:  Access is denied.
8/26/2011 6:00:16 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
8/26/2011 5:30:51 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/26/2011 5:04:31 PM, Error: Service Control Manager [7034]  - The Process Monitor service terminated unexpectedly.  It has done this 1 time(s).
8/26/2011 5:04:30 PM, Error: Service Control Manager [7034]  - The VideoAcceleratorService service terminated unexpectedly.  It has done this 1 time(s).
8/26/2011 4:34:25 AM, Error: EventLog [6008]  - The previous system shutdown at 04:22:44 Õ on 26/08/2011 was unexpected.
8/26/2011 4:29:01 PM, Error: EventLog [6008]  - The previous system shutdown at 04:07:07 ć on 26/08/2011 was unexpected.
8/26/2011 4:07:11 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/26/2011 3:49:53 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
8/26/2011 3:49:39 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
8/26/2011 3:49:39 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/26/2011 3:49:39 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/26/2011 3:49:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/26/2011 3:48:55 PM, Error: EventLog [6008]  - The previous system shutdown at 03:41:55 ć on 26/08/2011 was unexpected.
8/26/2011 3:26:07 PM, Error: EventLog [6008]  - The previous system shutdown at 01:56:23 ć on 26/08/2011 was unexpected.
8/26/2011 2:55:36 AM, Error: EventLog [6008]  - The previous system shutdown at 02:53:53 Õ on 26/08/2011 was unexpected.
8/26/2011 2:52:19 AM, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
8/26/2011 2:52:19 AM, Error: Service Control Manager [7031]  - The Windows Error Reporting Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/26/2011 2:12:36 AM, Error: EventLog [6008]  - The previous system shutdown at 01:12:13 Õ on 26/08/2011 was unexpected.
8/26/2011 12:20:16 PM, Error: EventLog [6008]  - The previous system shutdown at 12:07:15 ć on 26/08/2011 was unexpected.
8/26/2011 11:45:27 AM, Error: EventLog [6008]  - The previous system shutdown at 05:38:05 Õ on 26/08/2011 was unexpected.
8/26/2011 1:30:47 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/25/2011 8:37:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.2 for the Network Card with network address 00226891379C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/25/2011 2:33:35 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 153 time(s).
8/25/2011 12:33:33 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 151 time(s).
8/25/2011 11:39:44 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
8/25/2011 11:39:09 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
8/25/2011 11:19:29 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
8/25/2011 11:08:56 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 2 time(s).
8/25/2011 11:06:44 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/25/2011 11:06:16 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).
8/25/2011 1:47:05 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.3 for the Network Card with network address 00226891379C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/25/2011 1:33:25 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 152 time(s).
8/24/2011 9:33:35 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 148 time(s).
8/24/2011 8:33:41 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 147 time(s).
8/24/2011 7:34:07 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 146 time(s).
8/24/2011 6:33:37 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 145 time(s).
8/24/2011 5:33:27 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 144 time(s).
8/24/2011 4:33:32 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 143 time(s).
8/24/2011 3:33:39 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 139 time(s).
8/24/2011 3:33:35 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 142 time(s).
8/24/2011 2:34:12 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 138 time(s).
8/24/2011 2:33:36 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 141 time(s).
8/24/2011 12:34:11 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 136 time(s).
8/24/2011 11:34:31 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 150 time(s).
8/24/2011 10:34:11 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 149 time(s).
8/24/2011 1:51:58 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 140 time(s).
8/24/2011 1:46:51 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec Core LC service.
8/24/2011 1:45:09 PM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00-26-82-8D-DE-DD. Network operations on this system may be disrupted as a result.
8/24/2011 1:34:18 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 137 time(s).
8/23/2011 8:33:56 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 133 time(s).
8/23/2011 7:33:35 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 132 time(s).
8/23/2011 6:34:05 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 131 time(s).
8/23/2011 5:33:58 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 130 time(s).
8/23/2011 4:33:27 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 129 time(s).
8/23/2011 3:46:51 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 128 time(s).
8/23/2011 3:33:27 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 127 time(s).
8/23/2011 2:33:31 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 126 time(s).
8/23/2011 12:33:25 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 124 time(s).
8/23/2011 11:34:02 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 135 time(s).
8/23/2011 11:00:30 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 134 time(s).
8/23/2011 10:57:58 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/23/2011 10:57:58 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
8/23/2011 10:57:57 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
8/23/2011 10:56:53 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
8/23/2011 1:33:23 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 125 time(s).
8/22/2011 9:33:25 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 121 time(s).
8/22/2011 8:33:22 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 120 time(s).
8/22/2011 7:33:27 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 119 time(s).
8/22/2011 6:33:26 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 118 time(s).
8/22/2011 5:33:26 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 117 time(s).
8/22/2011 4:33:52 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 116 time(s).
8/22/2011 2:33:24 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 115 time(s).
8/22/2011 12:53:35 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
8/22/2011 11:33:25 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 123 time(s).
8/22/2011 10:33:24 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 122 time(s).
8/22/2011 1:33:31 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 114 time(s).
8/21/2011 8:33:25 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 113 time(s).
8/21/2011 7:33:24 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 112 time(s).
8/21/2011 6:37:16 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 111 time(s).
8/21/2011 4:33:23 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 110 time(s).
8/21/2011 3:33:24 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 109 time(s).
8/21/2011 3:33:23 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 106 time(s).
8/21/2011 2:33:45 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 105 time(s).
8/21/2011 2:33:43 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 108 time(s).
8/21/2011 2:32:47 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.4 for the Network Card with network address 00226891379C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/21/2011 2:30:16 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 107 time(s).
8/21/2011 12:33:23 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 103 time(s).
8/21/2011 1:33:23 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 104 time(s).
8/20/2011 9:34:00 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 100 time(s).
8/20/2011 8:33:31 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 99 time(s).
8/20/2011 8:03:44 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 98 time(s).
8/20/2011 6:33:34 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 97 time(s).
8/20/2011 5:34:02 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 96 time(s).
8/20/2011 4:33:31 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 95 time(s).
8/20/2011 3:34:00 AM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 91 time(s).
8/20/2011 3:33:58 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 94 time(s).
8/20/2011 3:01:32 AM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 60-33-4B-F6-9B-A6. Network operations on this system may be disrupted as a result.
8/20/2011 2:33:29 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 93 time(s).
8/20/2011 11:33:54 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 102 time(s).
8/20/2011 10:33:58 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 101 time(s).
8/20/2011 1:53:54 PM, Error: Service Control Manager [7034]  - The HP LaserJet Service service terminated unexpectedly.  It has done this 92 time(s).
.
==== End Of File ===========================

##### DDS #############
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Fadi at 18:14:42 on 2011-08-27
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1256.961.1033.18.3066.1301 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\system32\conime.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\fadi\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\13.0.782.215\npchrome_frame.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Zend Studio: {95188727-288f-4581-a48d-eab3bd027314} - c:\progra~1\zend\zendst~1.0\toolbars\ZENDIE~1.DLL
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP LaserJet Professional M1530 MFP Series Fax] c:\program files\hp\hp laserjet professional m1530 mfp series\fax driver\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Download all by FlashGet3 - c:\users\fadi\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\fadi\appdata\roaming\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Zend Studio - Debug current page - c:\program files\zend\zend studio - 7.0.0\toolbars\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\zend\zend studio - 7.0.0\toolbars\ZendIEToolbar.dll/DebugNext.html
IE: ????3?? - c:\users\fadi\appdata\roaming\flashgetbho\GetUrl.htm
IE: ????3?????? - c:\users\fadi\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {95188727-288F-4581-A48D-EAB3BD027314} - c:\progra~1\zend\zendst~1.0\toolbars\ZENDIE~1.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\13.0.782.215\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fadi\appdata\roaming\mozilla\firefox\profiles\kducrio1.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\users\fadi\appdata\roaming\mozilla\firefox\profiles\kducrio1.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
FF - Ext: MyTranslationShoes: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Zend Studio Toolbar: {3c9761ad-a43d-4447-b924-f5d83cb48063} - %profile%\extensions\{3c9761ad-a43d-4447-b924-f5d83cb48063}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - Ext: Wappalyzer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SEO Blogger: [email protected] - %profile%\extensions\[email protected]
FF - Ext: WhoLinks2Me.com Domain SEO Analyzer: {C0B2E03C-3CD3-11E0-9588-2B4BE0D72085} - %profile%\extensions\{C0B2E03C-3CD3-11E0-9588-2B4BE0D72085}
FF - Ext: Foxy SEO Tool: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SEO Website Analysis: {8BCA0E8A-E57B-425b-A05B-CD3868EB577E} - %profile%\extensions\{8BCA0E8A-E57B-425b-A05B-CD3868EB577E}
.
---- FIREFOX POLICIES ----
FF - user.js: zend.ZDE_Path - c:\program files\zend\zend studio - 7.0.0\ZendStudio.exe
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-4-14 20384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-26 366640]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-4 126976]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-5-22 86672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-26 22712]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-25 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-29 135664]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-4-12 142336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-13 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-29 135664]
S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-4-18 20504]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2011-4-18 21528]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-4-14 954368]
S3 MySQL51;MySQL51;"c:\program files\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\program files\mysql\mysql server 5.1\my.ini" mysql51 --> c:\program files\mysql\mysql server 5.1\bin\mysqld [?]
S3 Nakido;Nakido;c:\program files\nakido\nakido.exe [2009-11-1 328192]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-25 27192]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-21 11264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
.
=============== Created Last 30 ================
.
2011-08-26 20:24:46   --------   d-----w-   C:\MGtools
2011-08-26 14:40:29   --------   d-sh--w-   C:\$RECYCLE.BIN
2011-08-26 14:07:09   98816   ----a-w-   c:\windows\sed.exe
2011-08-26 14:07:09   518144   ----a-w-   c:\windows\SWREG.exe
2011-08-26 14:07:09   256000   ----a-w-   c:\windows\PEV.exe
2011-08-26 14:07:09   208896   ----a-w-   c:\windows\MBR.exe
2011-08-26 14:07:01   --------   d-----w-   C:\ComboFix
2011-08-26 02:07:15   --------   d-----w-   C:\found.000
2011-08-25 22:08:37   --------   d-----w-   c:\users\fadi\appdata\roaming\Malwarebytes
2011-08-25 22:08:29   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-25 22:08:29   --------   d-----w-   c:\programdata\Malwarebytes
2011-08-25 22:08:26   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-25 22:08:26   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-08-25 14:22:54   --------   d-----w-   c:\program files\Market Samurai
2011-08-25 12:34:18   --------   d-----w-   c:\users\fadi\appdata\local\VS Revo Group
2011-08-25 12:34:03   27192   ----a-w-   c:\windows\system32\drivers\revoflt.sys
2011-08-25 12:33:59   --------   d-----w-   c:\program files\VS Revo Group
2011-08-25 12:09:10   --------   d-----w-   c:\users\fadi\appdata\roaming\SUPERAntiSpyware.com
2011-08-25 12:08:46   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-08-25 12:08:46   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-08-25 12:08:36   --------   d-----w-   c:\program files\CCleaner
2011-08-25 08:28:35   --------   d-----w-   C:\seo projects
2011-08-24 11:58:09   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-08-23 15:56:52   --------   d-----w-   c:\program files\RAR Password Cracker
2011-08-21 12:04:27   --------   d-----w-   c:\users\fadi\appdata\roaming\Inspyder Rank Reporter
2011-08-21 12:03:43   --------   d-----w-   c:\program files\Inspyder Software Inc
2011-08-20 22:39:22   --------   d-----w-   c:\users\fadi\appdata\roaming\Free Monitor for Google
2011-08-20 22:37:41   --------   d-----w-   c:\program files\Free Monitor for Google
2011-08-20 20:36:38   --------   d-----w-   c:\users\fadi\.ranktracker
2011-08-20 17:37:58   --------   d-----w-   c:\users\fadi\appdata\roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2011-08-16 09:14:35   --------   d-----w-   c:\users\fadi\appdata\roaming\Affilorama
2011-08-16 09:14:33   --------   d-----w-   c:\program files\Traffic Travis v3
2011-08-13 20:58:20   --------   d-----w-   c:\program files\Submit Suite
2011-08-13 20:57:58   --------   d-----w-   c:\programdata\Submit Suite
2011-08-13 20:10:48   --------   d-----w-   c:\program files\ABS
2011-08-13 20:02:22   --------   d-----w-   c:\users\fadi\appdata\roaming\Article Marketing Robot
2011-08-13 20:02:22   --------   d-----w-   c:\program files\Article Marketing Robot
2011-08-13 18:57:44   --------   d-----w-   c:\programdata\Niche Finder
2011-08-13 18:54:06   --------   d-----w-   c:\program files\Niche Finder
2011-08-11 19:01:48   --------   d-----w-   c:\users\fadi\appdata\roaming\Keyword Elite 2.0
2011-08-11 18:39:40   --------   d-----w-   c:\programdata\Keyword Elite 2.0
2011-08-11 18:39:18   --------   d-----w-   c:\program files\Keyword Elite 2.0
2011-08-11 01:18:59   375808   ----a-w-   c:\windows\system32\winsrv.dll
2011-08-11 00:51:33   3602832   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-08-11 00:51:33   3550096   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-08-11 00:47:41   905104   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-08-11 00:33:51   214016   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 00:28:37   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
2011-08-10 05:39:09   --------   d-----w-   c:\program files\Market Samurai - files
2011-08-08 23:05:03   --------   d-----w-   c:\users\fadi\appdata\local\SeoDevGroup
2011-08-08 17:21:23   --------   d-----w-   c:\users\fadi\appdata\local\Media Get LLC
2011-08-08 17:20:09   --------   d-----w-   c:\users\fadi\appdata\local\MediaGet2
2011-08-08 17:07:41   73728   ----a-w-   c:\program files\common files\microsoft shared\vfp\foxhhelp9.exe
2011-08-08 17:07:41   16384   ----a-w-   c:\program files\common files\microsoft shared\vfp\foxhhelpps9.dll
2011-08-08 17:07:37   --------   d-----w-   c:\program files\Micro Niche Finder 5.0
.
==================== Find3M  ====================
.
2011-08-04 17:21:10   924672   ----a-w-   c:\windows\system

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 996
  • Certifications: List
  • Experience: Expert
  • OS: Windows 8
Re: Please help: malware infection and internet connection lost
« Reply #3 on: August 27, 2011, 01:52:51 PM »
The logs shows that you only have 13.7 Gb of free space. In order for Windows to function properly it needs at least 15% (27 Gb) of free space. You will need to find some way of freeing up some space on your C drive. You can do this by uninstalling programs that you no longer use. You can also save important files, pictures, videos and music to DVD's or an external hard drive. If you don't free up space, your computer will start acting weird or won't even boot.

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
****************************************************
P2P - I see you have P2P software installed on your machine (BitTorrent. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
***************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]
:OTL
mURLSearchHooks: H - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

:Files
C:\found.000

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
This next scanner will not run with AVG on your computer. You can uninstall it and re-install it after the scan is done or you can download and install one of these other free AV's.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
********************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

chakik

    Topic Starter


    Greenhorn

    • Credit Consommation Sans Justificatif
  • Experience: Beginner
  • OS: Unknown
Re: Please help: malware infection and internet connection lost
« Reply #4 on: August 27, 2011, 05:06:06 PM »
Hello,
Thank you a lot for you time.

For sure, I will take your suggestions in consideration. But will do this after getting back the internet connection enabled.
I did the requested scans, and kindly find the log files here after:

Thank you.

######## OTL ######
All processes killed
========== OTL ==========
========== FILES ==========
C:\found.000\dir0001.chk folder moved successfully.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Fadi
->Temp folder emptied: 1135019 bytes
->Temporary Internet Files folder emptied: 8411752 bytes
->Java cache emptied: 93966 bytes
->FireFox cache emptied: 46303836 bytes
->Google Chrome cache emptied: 594288 bytes
->Flash cache emptied: 57346 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 264800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 54.00 mb
 
 
OTL by OldTimer - Version 3.2.26.6 log created on 08282011_001623

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


####ComboFix########
ComboFix 11-08-25.01 - Fadi 08/28/2011   1:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1256.961.1033.18.3066.1700 [GMT 3:00]
Running from: c:\users\Fadi\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-27 to 2011-08-27  )))))))))))))))))))))))))))))))
.
.
2011-08-27 22:14 . 2011-08-27 22:14   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-08-27 21:16 . 2011-08-27 21:16   --------   d-----w-   C:\_OTL
2011-08-26 20:24 . 2011-08-26 20:38   --------   d-----w-   C:\MGtools
2011-08-25 22:08 . 2011-08-25 22:08   --------   d-----w-   c:\users\Fadi\AppData\Roaming\Malwarebytes
2011-08-25 22:08 . 2011-08-27 11:01   --------   d-----w-   c:\programdata\Malwarebytes
2011-08-25 22:08 . 2011-07-06 16:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-25 22:08 . 2011-08-26 12:54   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-08-25 22:08 . 2011-07-06 16:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-25 14:22 . 2011-08-25 14:23   --------   d-----w-   c:\program files\Market Samurai
2011-08-25 12:34 . 2011-08-25 12:34   --------   d-----w-   c:\users\Fadi\AppData\Local\VS Revo Group
2011-08-25 12:34 . 2009-12-30 08:21   27192   ----a-w-   c:\windows\system32\drivers\revoflt.sys
2011-08-25 12:33 . 2011-08-25 12:33   --------   d-----w-   c:\program files\VS Revo Group
2011-08-25 12:09 . 2011-08-25 12:09   --------   d-----w-   c:\users\Fadi\AppData\Roaming\SUPERAntiSpyware.com
2011-08-25 12:08 . 2011-08-25 12:09   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-08-25 12:08 . 2011-08-25 12:08   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-08-25 12:08 . 2011-08-25 12:08   --------   d-----w-   c:\program files\CCleaner
2011-08-25 08:28 . 2011-08-25 08:33   --------   d-----w-   C:\seo projects
2011-08-24 11:58 . 2011-07-11 13:25   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-08-23 15:56 . 2011-08-23 15:56   --------   d-----w-   c:\program files\RAR Password Cracker
2011-08-21 12:04 . 2011-08-21 12:33   --------   d-----w-   c:\users\Fadi\AppData\Roaming\Inspyder Rank Reporter
2011-08-21 12:03 . 2011-08-21 12:03   --------   d-----w-   c:\program files\Inspyder Software Inc
2011-08-20 22:39 . 2011-08-20 22:42   --------   d-----w-   c:\users\Fadi\AppData\Roaming\Free Monitor for Google
2011-08-20 22:37 . 2011-08-20 22:37   --------   d-----w-   c:\program files\Free Monitor for Google
2011-08-20 20:36 . 2011-08-20 20:36   --------   d-----w-   c:\users\Fadi\.ranktracker
2011-08-20 17:37 . 2011-08-20 17:37   --------   d-----w-   c:\users\Fadi\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2011-08-16 09:14 . 2011-08-16 09:14   --------   d-----w-   c:\users\Fadi\AppData\Roaming\Affilorama
2011-08-16 09:14 . 2011-08-16 09:14   --------   d-----w-   c:\program files\Traffic Travis v3
2011-08-13 20:58 . 2011-08-13 20:58   --------   d-----w-   c:\program files\Submit Suite
2011-08-13 20:57 . 2011-08-13 20:57   --------   d-----w-   c:\programdata\Submit Suite
2011-08-13 20:10 . 2011-08-13 20:10   --------   d-----w-   c:\program files\ABS
2011-08-13 20:02 . 2011-08-13 22:15   --------   d-----w-   c:\users\Fadi\AppData\Roaming\Article Marketing Robot
2011-08-13 20:02 . 2011-08-13 20:02   --------   d-----w-   c:\program files\Article Marketing Robot
2011-08-13 18:57 . 2011-08-13 18:58   --------   d-----w-   c:\programdata\Niche Finder
2011-08-13 18:54 . 2011-08-13 18:54   --------   d-----w-   c:\program files\Niche Finder
2011-08-11 19:01 . 2011-08-11 19:33   --------   d-----w-   c:\users\Fadi\AppData\Roaming\Keyword Elite 2.0
2011-08-11 18:39 . 2011-08-11 19:00   --------   d-----w-   c:\programdata\Keyword Elite 2.0
2011-08-11 18:39 . 2011-08-11 19:01   --------   d-----w-   c:\program files\Keyword Elite 2.0
2011-08-11 01:18 . 2011-06-17 16:03   375808   ----a-w-   c:\windows\system32\winsrv.dll
2011-08-11 00:51 . 2011-06-20 08:54   3602832   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-08-11 00:51 . 2011-06-20 08:54   3550096   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-08-11 00:47 . 2011-06-17 20:13   905104   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-08-11 00:33 . 2011-07-06 15:31   214016   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 00:28 . 2011-06-06 10:59   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 05:39 . 2011-08-20 17:23   --------   d-----w-   c:\program files\Market Samurai - files
2011-08-10 05:39 . 2011-08-10 05:39   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-08-08 23:05 . 2011-08-08 23:05   --------   d-----w-   c:\users\Fadi\AppData\Local\SeoDevGroup
2011-08-08 17:21 . 2011-08-08 17:21   --------   d-----w-   c:\users\Fadi\AppData\Local\Media Get LLC
2011-08-08 17:20 . 2011-08-25 10:49   --------   d-----w-   c:\users\Fadi\AppData\Local\MediaGet2
2011-08-08 17:07 . 2009-10-19 03:48   16384   ----a-w-   c:\program files\Common Files\Microsoft Shared\VFP\foxhhelpps9.dll
2011-08-08 17:07 . 2009-10-19 03:47   73728   ----a-w-   c:\program files\Common Files\Microsoft Shared\VFP\foxhhelp9.exe
2011-08-08 17:07 . 2011-08-13 20:35   --------   d-----w-   c:\program files\Micro Niche Finder 5.0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 20:38 . 2011-08-26 20:24   444855   ----a-w-   C:\MGlogs.zip
2011-08-04 17:21 . 2011-06-27 08:24   924672   ----a-w-   c:\windows\system32\semtempl.dll
2011-06-30 06:32 . 2011-06-30 06:32   161792   ----a-w-   c:\windows\system32\msls31.dll
2011-06-30 06:32 . 2011-06-30 06:32   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2011-06-30 06:32 . 2011-06-30 06:32   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-06-30 06:32 . 2011-06-30 06:32   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-06-30 06:32 . 2011-06-30 06:32   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-06-30 06:32 . 2011-06-30 06:32   63488   ----a-w-   c:\windows\system32\tdc.ocx
2011-06-30 06:32 . 2011-06-30 06:32   367104   ----a-w-   c:\windows\system32\html.iec
2011-06-30 06:32 . 2011-06-30 06:32   74752   ----a-w-   c:\windows\system32\iesetup.dll
2011-06-30 06:32 . 2011-06-30 06:32   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2011-06-30 06:32 . 2011-06-30 06:32   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-06-30 06:32 . 2011-06-30 06:32   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-06-30 06:32 . 2011-06-30 06:32   152064   ----a-w-   c:\windows\system32\wextract.exe
2011-06-30 06:32 . 2011-06-30 06:32   150528   ----a-w-   c:\windows\system32\iexpress.exe
2011-06-30 06:32 . 2011-06-30 06:32   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-06-30 06:32 . 2011-06-30 06:32   11776   ----a-w-   c:\windows\system32\mshta.exe
2011-06-30 06:32 . 2011-06-30 06:32   101888   ----a-w-   c:\windows\system32\admparse.dll
2011-06-30 06:32 . 2011-06-30 06:32   35840   ----a-w-   c:\windows\system32\imgutil.dll
2011-06-30 06:32 . 2011-06-30 06:32   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-06-02 13:34 . 2011-07-14 07:03   2043392   ----a-w-   c:\windows\system32\win32k.sys
2008-11-06 15:46 . 2009-11-05 13:44   406016   ----a-w-   c:\program files\RectilinearPanorama.8bf
2001-05-24 09:59 . 2009-06-23 10:12   162304   ----a-w-   c:\program files\UNWISE.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-11-24 21:27   2447360   ----a-w-   c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50   1197448   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-11-24 2836656]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2007-09-19 438272]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-29 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-29 92704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
"HP LaserJet Professional M1530 MFP Series Fax"="c:\program files\HP\HP LaserJet Professional M1530 MFP Series\Fax Driver\hppfaxprintersrv.exe" [2010-04-09 2460472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 135664]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-13 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 135664]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-04-22 20504]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [2010-04-22 21528]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 MySQL51;MySQL51;c:\program files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.1\my.ini MySQL51

R3 Nakido;Nakido;c:\program files\Nakido\nakido.exe [2009-11-01 328192]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-21 86672]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 22:33]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 22:33]
.
2011-08-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a85a679d-3ae6-4261-b3ba-9263d0b9b502.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2011-08-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task aa28386e-f3eb-4ea3-a5ff-cb988dc017d3.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download all by FlashGet3 - c:\users\Fadi\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Fadi\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Zend Studio - Debug current page - c:\program files\Zend\Zend Studio - 7.0.0\toolbars\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\Zend\Zend Studio - 7.0.0\toolbars\ZendIEToolbar.dll/DebugNext.html
IE: ????3?? - c:\users\Fadi\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Fadi\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 192.168.1.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Fadi\AppData\Roaming\Mozilla\Firefox\Profiles\kducrio1.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\DAP\DAPFireFox
FF - Ext: MyTranslationShoes: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Zend Studio Toolbar: {3c9761ad-a43d-4447-b924-f5d83cb48063} - %profile%\extensions\{3c9761ad-a43d-4447-b924-f5d83cb48063}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - Ext: Wappalyzer: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SEO Blogger: [email protected] - %profile%\extensions\[email protected]
FF - Ext: WhoLinks2Me.com Domain SEO Analyzer: {C0B2E03C-3CD3-11E0-9588-2B4BE0D72085} - %profile%\extensions\{C0B2E03C-3CD3-11E0-9588-2B4BE0D72085}
FF - Ext: Foxy SEO Tool: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SEO Website Analysis: {8BCA0E8A-E57B-425b-A05B-CD3868EB577E} - %profile%\extensions\{8BCA0E8A-E57B-425b-A05B-CD3868EB577E}
FF - user.js: zend.ZDE_Path - c:\program files\Zend\Zend Studio - 7.0.0\ZendStudio.exe
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-28 01:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL51]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-255948995-4086951440-1813727491-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uė_f3* N}]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Fadi\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-255948995-4086951440-1813727491-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uė_f3* N}hQ萞”„c]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Fadi\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-255948995-4086951440-1813727491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*=*·*k%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-255948995-4086951440-1813727491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*q* %[%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-255948995-4086951440-1813727491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*q* %[%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-255948995-4086951440-1813727491-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):d3,5e,92,dc,41,42,87,75,61,93,73,18,b7,dd,b9,2e,79,4a,1e,62,23,
   95,ef,b5,0c,2c,94,e8,8e,62,1d,78,3c,27,20,d7,57,d8,f5,a8,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-255948995-4086951440-1813727491-1000_Classes\CLSID\{bf7e9fb6-f4c3-4dae-8527-55e383756306}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000023
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,9b,9c,9b,d0,46,85,82,5b,82,db,02,83,72,f7,41,bd,ea,56,7f,ea,8e,5a,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-28  01:20:13
ComboFix-quarantined-files.txt  2011-08-27 22:20
ComboFix2.txt  2011-08-26 14:40
.
Pre-Run: 14,436,999,168 bytes free
Post-Run: 16,810,319,872 bytes free
.
- - End Of File - - 2CDB76C7FFD6E9D8E8EF2D95C6C042FD

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 996
  • Certifications: List
  • Experience: Expert
  • OS: Windows 8
Re: Please help: malware infection and internet connection lost
« Reply #5 on: August 28, 2011, 05:27:33 PM »
Please run Notepad (start > All Programs > Accessories >
Notepad) and copy and paste the text in the code box into a new file:

Code: [Select]
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

•Go to the File menu at the top of the Notepad and select Save as.

•Select save in: desktop

•Fill in File name: test.bat

•Save as type: All file types (*.*)

•Click save.

•Close the Notepad.

•Locate and double-click test.bat on the desktop.

•A notepad opens, copy and paste the content it (log1.txt) to your reply.
************************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected
  • At the bottom of the page
    • Hidden Objects Only << Selected
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

chakik

    Topic Starter


    Greenhorn

    • Credit Consommation Sans Justificatif
  • Experience: Beginner
  • OS: Unknown
Re: Please help: malware infection and internet connection lost
« Reply #6 on: August 28, 2011, 07:24:00 PM »
Hi,
Thank you for your reply.
Kindly find here after the requested logs.
I had a problem after running SysProt.. after a while (scanning root drive phase) I got that there is a windows error and should select either "debug" or "close program". But I found a report and here it is attached.
Thank you.
-Fadi
#######Log1.txt- test.bat #########

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Fadi-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Server:  UnKnown
Address:  127.0.0.1

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.


######################

######## SysProt #########

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 8EC09000
Module End: 8ECD7000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwOpenProcess
Address: A52E67A0
Driver Base: A52E5000
Driver End: A52EB000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateProcess
Address: 92330640
Driver Base: 92326000
Driver End: 92348000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

Function Name: ZwTerminateThread
Address: A52E68E4
Driver Base: A52E5000
Driver End: A52EB000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwWriteVirtualMemory
Address: A52E6980
Driver Base: A52E5000
Driver End: A52EB000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
######################

SuperDave

  • Malware Removal Specialist


  • Genius
  • Thanked: 996
  • Certifications: List
  • Experience: Expert
  • OS: Windows 8
Re: Please help: malware infection and internet connection lost
« Reply #7 on: August 29, 2011, 04:55:22 PM »
Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • List content of Hosts
    • List IP Configuration
    • Lst Last 10 Event Viewer Errors
    • List Users, Partitions and Memory Size
    • [/b]
    Click Go and copy/paste the log (Result.txt) into your next post. .
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    chakik

      Topic Starter


      Greenhorn

      • Credit Consommation Sans Justificatif
    • Experience: Beginner
    • OS: Unknown
    Re: Please help: malware infection and internet connection lost
    « Reply #8 on: August 29, 2011, 08:00:29 PM »
    Hi,

    Here is the logs of MiniToolBox..
    Thanks in advance.
    -Fadi

    ### MiniToolBox logs #####
    MiniToolBox by Farbar
    Ran by Fadi (administrator) on 30-08-2011 at 04:55:53
    Windows Vista (TM) Home Premium Service Pack 2 (X86)

    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.
    ========================= Hosts content: =================================
    ::1       localhost

    127.0.0.1       localhost

    ========================= IP Configuration: ================================

    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global


    popd
    # End of IPv4 configuration



    Windows IP Configuration

       Host Name . . . . . . . . . . . . : Fadi-PC
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
    Server:  UnKnown
    Address:  127.0.0.1

    Ping request could not find host google.com. Please check the name and try again.

    Server:  UnKnown
    Address:  127.0.0.1

    Ping request could not find host yahoo.com. Please check the name and try again.



    Pinging 127.0.0.1 with 32 bytes of data:

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

        Minimum = 0ms, Maximum = 0ms, Average = 0ms


    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (08/29/2011 04:20:00 AM) (Source: Application Error) (User: )
    Description: Faulting application SysProt.exe, version 1.0.1.0, time stamp 0x49bd1541, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000005, fault offset 0x000663b8,
    process id 0xf40, application start time 0xSysProt.exe0.

    Error: (08/29/2011 04:07:14 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
    Description: 0x80072af9

    Error: (08/29/2011 04:04:11 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
    Description: 0x80072af9

    Error: (08/29/2011 04:02:47 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/29/2011 04:02:18 AM) (Source: HPLaserJetService) (User: )
    Description: Service cannot be started. System.Net.Sockets.SocketException: No such host is known
       at System.Net.Dns.GetAddrInfo(String name)
       at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
       at System.Net.Dns.GetHostEntry(String hostNameOrAddress)
       at HPLaserJetService.HPLaserJetService.Set HostIPInformation()
       at HPLaserJetService.HPLaserJetService.OnS tart(String[] args)
       at System.ServiceProcess.ServiceBase.Servi ceQueuedMainCallback(Object state)

    Error: (08/29/2011 04:02:14 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
    Description: 0x80072af9

    Error: (08/29/2011 03:58:31 AM) (Source: Application Error) (User: )
    Description: Faulting application SysProt.exe, version 1.0.1.0, time stamp 0x49bd1541, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000005, fault offset 0x000663b8,
    process id 0x1a94, application start time 0xSysProt.exe0.

    Error: (08/29/2011 03:55:54 AM) (Source: Application Error) (User: )
    Description: Faulting application SysProt.exe, version 1.0.1.0, time stamp 0x49bd1541, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000005, fault offset 0x000663b8,
    process id 0x1f2c, application start time 0xSysProt.exe0.

    Error: (08/28/2011 01:08:03 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
    Description: 0x80072af9

    Error: (08/28/2011 01:06:33 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
    Description: 0x80072af9


    System errors:
    =============
    Error: (08/30/2011 04:53:58 AM) (Source: Service Control Manager) (User: )
    Description: UPnP Device HostSSDP Discovery%%0

    Error: (08/30/2011 04:53:58 AM) (Source: DCOM) (User: )
    Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

    Error: (08/30/2011 04:53:17 AM) (Source: Dhcp) (User: )
    Description: Your computer was unable to initialize a Network Interface attached to the system. The error code is: %%5.

    Error: (08/29/2011 04:21:08 AM) (Source: Service Control Manager) (User: )
    Description: UPnP Device HostSSDP Discovery%%0

    Error: (08/29/2011 04:07:14 AM) (Source: Service Control Manager) (User: )
    Description: Print Spooler3

    Error: (08/29/2011 04:04:34 AM) (Source: Service Control Manager) (User: )
    Description: UPnP Device HostSSDP Discovery%%0

    Error: (08/29/2011 04:04:34 AM) (Source: DCOM) (User: )
    Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

    Error: (08/29/2011 04:04:11 AM) (Source: Service Control Manager) (User: )
    Description: Print Spooler2600001Restart the service

    Error: (08/29/2011 04:02:47 AM) (Source: Service Control Manager) (User: )
    Description: Print Spooler1600001Restart the service

    Error: (08/29/2011 04:02:47 AM) (Source: Service Control Manager) (User: )
    Description: UPnP Device HostSSDP Discovery%%0


    Microsoft Office Sessions:
    =========================
    Error: (10/27/2010 01:25:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18213 seconds with 240 seconds of active time.  This session ended with a crash.

    Error: (01/19/2010 00:10:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.

    Error: (01/19/2010 00:10:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

    Error: (12/21/2009 10:52:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 30720 seconds with 3060 seconds of active time.  This session ended with a crash.

    Error: (12/21/2009 02:20:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 29516 seconds with 12240 seconds of active time.  This session ended with a crash.

    Error: (08/15/2009 01:05:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 98731 seconds with 22260 seconds of active time.  This session ended with a crash.

    Error: (08/08/2009 02:48:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 4633 seconds with 4020 seconds of active time.  This session ended with a crash.

    Error: (04/25/2009 00:56:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.


    ========================= Memory info: ===================================

    Percentage of memory in use: 46%
    Total physical RAM: 3065.96 MB
    Available physical RAM: 1651.69 MB
    Total Pagefile: 6334.93 MB
    Available Pagefile: 4849.65 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1957.55 MB

    ========================= Partitions: =====================================

    1 Drive c: (SQ004752V05) (Fixed) (Total:176.24 GB) (Free:15.39 GB) NTFS
    3 Drive e: (MALLAT TAHA) (Removable) (Total:0.24 GB) (Free:0 GB) FAT32

    ========================= Users: ========================================

    User accounts for \\FADI-PC

    Administrator            ASPNET                   Fadi                     
    Guest                    VUSR_FADI-PC             VUSR_FADI-PC1           
    VUSR_FADI-PC2            VUSR_FADI-PC3           


    **** End of log ****

    ###################

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 996
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Please help: malware infection and internet connection lost
    « Reply #9 on: August 30, 2011, 04:32:55 PM »
    I'd like to scan your machine with ESET OnlineScan

    •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
    •Click the button.
    •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
    •Check
    •Click the button.
    •Accept any security warnings from your browser.
    •Check
    •Push the Start button.
    •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    •When the scan completes, push
    •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    •Push the button.
    •Push
    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    chakik

      Topic Starter


      Greenhorn

      • Credit Consommation Sans Justificatif
    • Experience: Beginner
    • OS: Unknown
    Re: Please help: malware infection and internet connection lost
    « Reply #10 on: August 30, 2011, 05:21:07 PM »
    Hi,

    Just to remind you that I don't have internet access on the infected laptop. I'm now using my old laptop to communicate with you. So how to do? Do I download ESET and install it on the infected laptop? if so, how can I update it after installation without internet connection?

    Thank you and sorry for bothering you with my questions.
    -Fadi


    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 996
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Please help: malware infection and internet connection lost
    « Reply #11 on: August 31, 2011, 01:35:57 PM »
    Quote
    Ping statistics for 127.0.0.1:

        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Still no connection? The ping test shows that the signal is going through. What browser are you using? Did you try another browser such as FF? Do you get any errors when you try to connect? ESET will no run with no connection so we'll have to get that fixed before we can run it.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    chakik

      Topic Starter


      Greenhorn

      • Credit Consommation Sans Justificatif
    • Experience: Beginner
    • OS: Unknown
    Re: Please help: malware infection and internet connection lost
    « Reply #12 on: August 31, 2011, 07:47:09 PM »
    YES still no connection.

    As stated above, I can see the wireless coneection in the list of networks but cannot connect to it. When trying to connect to it, it gives "connection unsuccessful".
    I don't know.. DNS problem? IP config problem?

    Yes, if I ping 127.0.0.1 I get reply.
    But if I ping localhost no reply.

    the hosts file is:
    127.0.0.1 localhost

    I tried with different browsers, IE, GC and FF and no connection .. but this is normal as my computer won't connect to my wireless network first.

    the network icon at the bottom right is red with X.
     
    I don't know what to do!

    Sorry for bothering you with my problems but really hope to find a cure for this..
    and thank you very much for your help.

    -Fadi

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 996
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Please help: malware infection and internet connection lost
    « Reply #13 on: September 01, 2011, 05:10:45 PM »
    Quote
    Yes, if I ping 127.0.0.1 I get reply.
    But if I ping localhost no reply.
    127.0.0.1 is your local host.
    Quote
    I don't know.. DNS problem? IP config problem?
    Mini-toolbox checked all those.
    Did you try resetting your router? Turn it off for one minute. Did you try hardwiring your computer to the modem?
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender