EN

The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

FORUMS

SEARCH FORUM

Several things going wrong... IE running without add-ons and can't enable, etc

Posted 4/16/2010 3:29 AM
#85028
User avatar

JJONES Valued member

Date Joined Nov 2016
Total Posts: 12
I have several things going on. I noticed that Antivirus7 shortcut popped up on the computer desktop several days ago and a popup window kept coming up trying to get me to purchase, etc.. My Internet Explorer will not allow me to download anything and keeps prompting me that it is currently running with add-ons disabled. This is probably due to part of the Antivirus7 related virus. Can someone please tell me what scan I need to do and post to see what may be going on. Thanks in advance for the help.
Posted 4/16/2010 3:49 AM
#85031
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello






Please run [color=#222222>https://www.superantispyware.com/onlinescan.html[/url]

Follow the instructions on the site. When downloaded, click on – Check for updates – Button.

Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Ignore System Restore/Volume Information on ME and XP
Please leave the others unchecked.

On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click
NO.



When the scan have finished ->

Click Preferences . Click the Statistics/Logs tab .
Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
It will open in your default text editor (such as Notepad/Wordpad).


  • Save the logfile to desktop

  • Click close and close again to exit the program.

Reboot, if needed.

Post Superantispyware log, along with an ESET log ->



Please go to [/color][color=#0000ff>https://www.eset.com/onlinescan/[/url]

to perform an online scan. Please use Internet Explorer as it uses ActiveX.[/color]

[color=#000000>Check][/color]

[color=#000000>Click][/color]

[color=#000000>When][/color]

[color=#000000>You][/color]

[color=#000000>Once][/color]

[color=#000000>After][/color]

[color=#000000>[b]Check][/b][/color]

[color=#000000>[b]Check][/b][/color]

[color=#000000>Click][/color]

[color=#000000>It][/color]

[color=#000000>Once][/color]

[color=#000000>

Please post this log in your next reply.[/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/17/2010 2:00 AM
#85076
User avatar

JJONES Valued member

Date Joined Nov 2016
Total Posts: 12
Below is the Malwarebytes' log data (found 2 infected files). I ran the other online superantispyware (found 16 infected files) but it was accidentally rebooted before I could capture the log file... I was unable to run ESET... it never would give me the opportunity to download the ActiveX (prolly something to do with the "Internet Explorer is currently running with add-ons disabled..."). Sorry for not capturing the log file for the superantispyware scan.




Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3995

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/16/2010 4:29:56 PM
mbam-log-2010-04-16 (16-29-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 148597
Time elapsed: 37 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{6C321D5A-6AA9-4D16-BD14-40164D03C2D9}\RP91\A0032792.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C321D5A-6AA9-4D16-BD14-40164D03C2D9}\RP92\A0032823.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Posted 4/17/2010 2:56 AM
#85078
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
No problem :smile:







See if you can download and run DDS ->






Please download DDS: Here



to your Desktop and doubleclick on DDs.scr to run it.

If your security software includes script blocking features, please disable these before you run this utility.




When the scan has finished, two logs will open.

Copy and paste both reports in this topic.


The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.



[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/17/2010 1:34 PM
#85101
User avatar

JJONES Valued member

Date Joined Nov 2016
Total Posts: 12
Below is the dds file log result....


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 8:32:12.91 on Sat 04/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.314 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-12 207792]
R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]
R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [2010-1-6 386688]
R3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2010-1-5 222336]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?]
S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]
S3 SASENUM;SASENUM;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASENUM.SYS [?]

=============== Created Last 30 ================

2010-04-16 21:44:09 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-04-16 21:44:09 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-16 21:40:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-16 21:40:09 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 12:20:46 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-04-16 12:20:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 12:20:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-16 12:20:34 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-16 12:20:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 23:48:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-04-15 22:49:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Fashion Solitaire 1.2
2010-04-10 13:30:41 0 d-----w- c:\program files\AV7

==================== Find3M ====================

2010-04-16 21:40:20 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-15 22:50:01 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-01-22 13:16:45 163126 ----a-w- c:\windows\hphins25.dat

============= FINISH: 8:32:33.90 ===============
Posted 4/17/2010 1:35 PM
#85102
User avatar

JJONES Valued member

Date Joined Nov 2016
Total Posts: 12
Below is the attach file log result...


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/5/2010 11:09:46 PM
System Uptime: 4/17/2010 8:30:02 AM (0 hours ago)

Motherboard: | | 8361-686A
Processor: AMD Athlon(tm) XP 1800+ | Socket A | 1533/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 29 GiB total, 19.23 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&60
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&60
Service: rtl8139

==== System Restore Points ===================

RP24: 1/17/2010 12:00:49 AM - Microsoft Backup Utility Recovery
RP25: 1/17/2010 12:51:52 AM - Unsigned driver install
RP26: 1/17/2010 12:57:39 AM - Spyware Doctor: Cleaning Threats
RP27: 1/17/2010 1:26:00 AM - Update to an unsigned driver
RP28: 1/17/2010 1:49:05 AM - Unsigned driver install
RP29: 1/17/2010 1:55:41 AM - Unsigned driver install
RP30: 1/17/2010 2:05:28 AM - Unsigned driver install
RP31: 1/17/2010 2:06:06 AM - Unsigned driver install
RP32: 1/17/2010 2:15:42 AM - Unsigned driver install
RP33: 1/17/2010 12:32:30 PM - Installed Kid Pix Deluxe 4
RP34: 1/17/2010 12:48:58 PM - Installed QuickTime
RP35: 1/19/2010 9:14:16 PM - Software Distribution Service 3.0
RP36: 1/20/2010 6:01:33 PM - Unsigned driver install
RP37: 1/20/2010 7:09:52 PM - Unsigned driver install
RP38: 1/20/2010 7:11:34 PM - Update to an unsigned driver
RP39: 1/20/2010 7:27:54 PM - Spyware Doctor: Cleaning Threats
RP40: 1/21/2010 9:01:01 PM - Spyware Doctor: Cleaning Threats
RP41: 1/21/2010 9:07:46 PM - Spyware Doctor: Cleaning Threats
RP42: 1/22/2010 9:38:22 PM - System Checkpoint
RP43: 1/23/2010 11:23:06 AM - Software Distribution Service 3.0
RP44: 1/24/2010 11:55:39 AM - System Checkpoint
RP45: 1/25/2010 9:57:47 PM - Spyware Doctor: Cleaning Threats
RP46: 1/27/2010 9:26:40 PM - System Checkpoint
RP47: 1/30/2010 6:58:05 PM - Spyware Doctor: Cleaning Threats
RP48: 1/31/2010 7:18:24 PM - System Checkpoint
RP49: 1/31/2010 9:01:09 PM - Spyware Doctor: Cleaning Threats
RP50: 2/1/2010 9:14:10 PM - System Checkpoint
RP51: 2/2/2010 8:33:39 PM - Removed Easy CD & DVD Creator 6
RP52: 2/4/2010 10:14:15 PM - System Checkpoint
RP53: 2/6/2010 7:16:34 PM - System Checkpoint
RP54: 2/9/2010 7:53:51 PM - System Checkpoint
RP55: 2/10/2010 8:42:00 PM - System Checkpoint
RP56: 2/11/2010 5:19:53 PM - Software Distribution Service 3.0
RP57: 2/15/2010 7:18:25 PM - System Checkpoint
RP58: 2/16/2010 7:19:47 PM - System Checkpoint
RP59: 2/18/2010 3:29:55 PM - System Checkpoint
RP60: 2/21/2010 7:32:49 PM - System Checkpoint
RP61: 2/22/2010 9:02:00 PM - Spyware Doctor: Cleaning Threats
RP62: 2/23/2010 9:44:34 PM - System Checkpoint
RP63: 2/23/2010 11:14:32 PM - Software Distribution Service 3.0
RP64: 2/25/2010 12:04:32 AM - System Checkpoint
RP65: 2/26/2010 1:04:20 AM - System Checkpoint
RP66: 2/27/2010 12:53:42 PM - System Checkpoint
RP67: 2/28/2010 12:57:52 PM - System Checkpoint
RP68: 3/1/2010 1:57:52 PM - System Checkpoint
RP69: 3/2/2010 7:02:34 PM - System Checkpoint
RP70: 3/6/2010 4:07:18 PM - System Checkpoint
RP71: 3/7/2010 6:50:00 PM - System Checkpoint
RP72: 3/11/2010 6:47:03 PM - System Checkpoint
RP73: 3/12/2010 4:14:23 PM - Software Distribution Service 3.0
RP74: 3/13/2010 4:21:15 PM - System Checkpoint
RP75: 3/14/2010 6:21:18 PM - System Checkpoint
RP76: 3/14/2010 10:43:31 PM - Spyware Doctor: Cleaning Threats
RP77: 3/15/2010 9:26:46 PM - Spyware Doctor: Cleaning Threats
RP78: 3/16/2010 10:17:53 PM - System Checkpoint
RP79: 3/17/2010 11:17:46 PM - System Checkpoint
RP80: 3/18/2010 8:39:22 AM - Spyware Doctor: Cleaning Threats
RP81: 3/21/2010 3:23:13 PM - System Checkpoint
RP82: 3/23/2010 7:48:55 AM - System Checkpoint
RP83: 3/27/2010 10:24:59 AM - System Checkpoint
RP84: 3/28/2010 9:04:10 PM - Spyware Doctor: Cleaning Threats
RP85: 3/29/2010 9:50:12 PM - System Checkpoint
RP86: 4/1/2010 5:13:23 PM - System Checkpoint
RP87: 4/1/2010 11:14:25 PM - Software Distribution Service 3.0
RP88: 4/3/2010 12:44:25 PM - System Checkpoint
RP89: 4/4/2010 1:16:20 PM - System Checkpoint
RP90: 4/7/2010 9:17:01 PM - System Checkpoint
RP91: 4/10/2010 8:56:38 AM - Spyware Doctor: Cleaning Threats
RP92: 4/10/2010 10:04:53 AM - Spyware Doctor: Cleaning Threats
RP93: 4/11/2010 8:39:42 AM - Spyware Doctor: Cleaning Threats
RP94: 4/12/2010 9:35:14 AM - System Checkpoint
RP95: 4/13/2010 10:35:13 AM - System Checkpoint
RP96: 4/14/2010 11:35:13 AM - System Checkpoint
RP97: 4/15/2010 12:07:51 AM - Software Distribution Service 3.0
RP98: 4/15/2010 6:48:41 PM - avast! Free Antivirus Setup
RP99: 4/16/2010 4:39:25 PM - Installed Java(TM) 6 Update 20

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
Barnes & Noble Desktop Reader
CCleaner
Cute CD DVD Burner V6.1.5
DJ_SF_03_D2500_Software_Min
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
InterVideo WinDVD
InterVideo WinDVD Creator 2
InterVideo WinRip
Java Auto Updater
Java(TM) 6 Update 20
Kid Pix Deluxe 4
L&H TTS3000 Español
Lernout & Hauspie TruVoice American English TTS Engine
Lifetime Fashion Solitaire
Mahjongg - Ancient Mayas
Mahjongg Ancient Mayas
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
PowerDVD
QuickTime
Roxio PhotoSuite 5
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Sudoku, Kakuro + Friends 1.00
Toolbox
Top Chef
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIAhm
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
World's Best Board Games 2009

==== Event Viewer Messages From Past Week ========

4/16/2010 4:44:12 PM, error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: The system cannot find the file specified.
4/16/2010 4:31:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: viaagp
4/16/2010 4:31:22 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/15/2010 6:26:48 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The system cannot find the file specified.
4/15/2010 6:26:48 PM, error: Service Control Manager [7000] - The PC Tools Auxiliary Service service failed to start due to the following error: The system cannot find the file specified.
4/10/2010 8:52:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
4/10/2010 8:51:52 AM, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
4/10/2010 8:51:52 AM, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
4/10/2010 8:26:14 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00E098FC929A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================
Posted 4/18/2010 3:08 AM
#85104
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974

Please download combofix: Here

Before Saving it to Desktop, please rename it to alg.exe to stop malware from disabling it.





Now, please make sure no other programs are running, close all other windows.


Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.

Usually located in c:\combofix.txt, please post it to your next reply


The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/18/2010 8:03 PM
#85114
User avatar

JJONES Valued member

Date Joined Nov 2016
Total Posts: 12
Combofix log file results....

ComboFix 10-04-17.07 - Owner 04/18/2010 14:54:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.279 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-796845957-1606980848-1801674531-1003

.
((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-17 13:37 . 2010-04-17 13:37 -------- d-----w- c:\windows\LastGood
2010-04-17 13:37 . 2010-04-17 13:37 -------- d-----w- c:\program files\Secunia
2010-04-16 21:44 . 2010-04-16 21:44 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-04-16 21:44 . 2010-04-16 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-16 21:40 . 2010-04-16 21:40 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43017301-n\msvcp71.dll
2010-04-16 21:40 . 2010-04-16 21:40 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43017301-n\jmc.dll
2010-04-16 21:40 . 2010-04-16 21:40 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43017301-n\msvcr71.dll
2010-04-16 21:40 . 2010-04-16 21:40 -------- d-----w- c:\program files\Common Files\Java
2010-04-16 21:40 . 2010-04-16 21:40 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7997b7cc-n\decora-sse.dll
2010-04-16 21:40 . 2010-04-16 21:40 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7997b7cc-n\decora-d3d.dll
2010-04-16 21:40 . 2010-04-16 21:39 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 21:39 . 2010-04-16 21:39 -------- d-----w- c:\program files\Java
2010-04-16 12:20 . 2010-04-16 12:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-16 12:20 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 12:20 . 2010-04-16 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-16 12:20 . 2010-04-16 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-16 12:20 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 23:48 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-15 23:48 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-15 23:48 . 2010-04-15 23:48 -------- d-----w- c:\program files\Alwil Software
2010-04-15 23:48 . 2010-04-15 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-15 22:49 . 2010-04-15 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Fashion Solitaire 1.2
2010-04-15 02:21 . 2010-04-15 02:22 -------- d-----w- c:\program files\QuickTime
2010-04-15 02:21 . 2010-04-15 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-10 13:30 . 2010-04-10 13:56 -------- d-----w- c:\program files\AV7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 19:02 . 2010-01-20 01:50 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-16 12:16 . 2010-01-21 01:33 -------- d-----w- c:\program files\CCleaner
2010-04-15 23:26 . 2010-01-13 02:59 -------- d-----w- c:\program files\Spyware Doctor
2010-04-15 23:25 . 2010-01-13 02:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-15 23:25 . 2010-01-13 02:59 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-15 22:50 . 2010-01-06 05:15 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-12 00:11 . 2010-01-17 07:09 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2010-04-10 13:55 . 2010-01-06 22:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 06:15 . 2010-01-06 23:23 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 02:44 . 2010-01-17 18:15 -------- d-----w- c:\program files\World's Best Board Games 2009
2010-02-25 06:24 . 2010-01-06 23:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-08-23 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 02:59 . 2010-01-07 00:00 25272 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 14:10 . 2001-08-23 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2001-08-17 13:48 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2010-01-06 23:24 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-08-23 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-22 13:16 . 2010-01-22 13:06 163126 ----a-w- c:\windows\hphins25.dat
.
Posted 4/18/2010 8:04 PM
#85115
User avatar

JJONES Valued member

Date Joined Nov 2016
Total Posts: 12
Combofix log file results (continued)....


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-13 39408]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-01-26 1724728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2010-1-7 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/12/2010 10:00 PM 207792]
R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [1/6/2010 5:58 PM 386688]
R3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [1/5/2010 5:52 PM 222336]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S3 SASENUM;SASENUM;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PSI
*Deregistered* - Hmnt

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-13 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
- c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2010-02-02 21:52]

2010-04-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-13 02:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride =
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Sudoku, Kakuro + Friends - c:\windows\uninstall\Sudoku
AddRemove-Mahjongg Ancient Mayas - c:\docume~1\Owner\LOCALS~1\Temp\Mahjongg Ancient Mayas\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-04-18 14:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(468)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-18 15:01:33
ComboFix-quarantined-files.txt 2010-04-18 20:01

Pre-Run: 21,139,820,544 bytes free
Post-Run: 21,161,730,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - E9B521B2B71F482B56A3F4447BFCD055
Posted 4/19/2010 2:21 AM
#85125
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974


Download: Ccleaner: [color=#0000ff sab="323">Here[/url]





Once installed, run CCleaner click the Windows tab

Select the following:

Internet Explorer:

Temp Internet

History

Recently Typed URLs

Delete Index.dat files



System:

Empty Recycle Bin

Temporary Files

Memory Dumps

Chkdsk File Fragments

Old Prefetch Data



Then click Run Cleaner (bottom right) then Exit





Please download Malwarebytes' Anti-Malware:

[color=#0000ff]Here[/color]


to your desktop.

Double-click [color=red]NB.[/color] If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.





Click here: [color=#0000ff]Here[/color]

to download HJTinstall.exe

Save HJTinstall.exe to your desktop.

Double click on the HJTinstall.exe icon on your desktop.

By default it will install to C:\Program Files\Trend Micro\Hijack This.

Click I accept

Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.

Click Save to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.



Post hijackthis log along with Malwarebytes' Anti-Malware log, and tell how things are running ?




[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/20/2010 3:29 AM
#85160
User avatar

JJONES Valued member

Date Joined Nov 2016
Total Posts: 12
CCleaner performed...


**************************************************

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4010

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/19/2010 10:16:44 PM
mbam-log-2010-04-19 (22-16-44).txt

Scan type: Full scan (C:\|)
Objects scanned: 147050
Time elapsed: 43 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\sed.exe (Trojan.Agent) -> Quarantined and deleted successfully.



**************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:26 PM, on 4/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

--
End of file - 4258 bytes


**************************************************

Computer seems to be running a lot better. The internet explorer runs without the add-ons disabled message like it did before.



I still can't download the avast antivirus you recommended. When trying to install, it keeps showing up an error and asks me if I want to send error report to Microsoft, etc. I see that Malwarebytes' found a Trojan.Agent.. could this have been causing the Avast installation error? Do I need to try installing Avast again? What do you recommend for free virus realtime protection?


Thanks for all your help so far...
Posted 4/20/2010 11:43 AM
#85167
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
[code]
I still can't download the avast antivirus you recommended. When trying to install
[/code]
I´m not sure about the above. Can you download it ?


IF you can download it, please post new combofix log, then we´ll manually remove remnants from previous Avast installation.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/20/2010 12:30 PM
#85173
User avatar

JJONES Valued member

Date Joined Nov 2016
Total Posts: 12
Avast installation file downloaded but gives same error when executed.




ComboFix 10-04-19.05 - Owner 04/20/2010 7:20.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.281 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Misc Virus Files\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-20 03:20 . 2010-04-20 03:20 -------- d-----w- c:\program files\Trend Micro
2010-04-20 02:29 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 02:29 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 13:37 . 2010-04-17 13:37 -------- d-----w- c:\program files\Secunia
2010-04-16 21:44 . 2010-04-16 21:44 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-04-16 21:44 . 2010-04-16 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-16 21:40 . 2010-04-16 21:40 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43017301-n\msvcp71.dll
2010-04-16 21:40 . 2010-04-16 21:40 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43017301-n\jmc.dll
2010-04-16 21:40 . 2010-04-16 21:40 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43017301-n\msvcr71.dll
2010-04-16 21:40 . 2010-04-16 21:40 -------- d-----w- c:\program files\Common Files\Java
2010-04-16 21:40 . 2010-04-16 21:40 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7997b7cc-n\decora-sse.dll
2010-04-16 21:40 . 2010-04-16 21:40 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7997b7cc-n\decora-d3d.dll
2010-04-16 21:40 . 2010-04-16 21:39 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 21:39 . 2010-04-16 21:39 -------- d-----w- c:\program files\Java
2010-04-16 12:20 . 2010-04-16 12:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-16 12:20 . 2010-04-16 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-16 12:20 . 2010-04-20 02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 23:48 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-15 23:48 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-15 23:48 . 2010-04-15 23:48 -------- d-----w- c:\program files\Alwil Software
2010-04-15 23:48 . 2010-04-15 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-15 22:49 . 2010-04-15 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Fashion Solitaire 1.2
2010-04-15 02:21 . 2010-04-15 02:22 -------- d-----w- c:\program files\QuickTime
2010-04-15 02:21 . 2010-04-15 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-10 13:30 . 2010-04-10 13:56 -------- d-----w- c:\program files\AV7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 12:12 . 2010-01-17 07:09 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2010-04-17 19:02 . 2010-01-20 01:50 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-16 12:16 . 2010-01-21 01:33 -------- d-----w- c:\program files\CCleaner
2010-04-15 23:26 . 2010-01-13 02:59 -------- d-----w- c:\program files\Spyware Doctor
2010-04-15 23:25 . 2010-01-13 02:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-15 23:25 . 2010-01-13 02:59 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-15 22:50 . 2010-01-06 05:15 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-10 13:55 . 2010-01-06 22:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 06:15 . 2010-01-06 23:23 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 02:44 . 2010-01-17 18:15 -------- d-----w- c:\program files\World's Best Board Games 2009
2010-02-25 06:24 . 2010-01-06 23:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-08-23 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 02:59 . 2010-01-07 00:00 25272 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 14:10 . 2001-08-23 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2001-08-17 13:48 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2010-01-06 23:24 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-08-23 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-22 13:16 . 2010-01-22 13:06 163126 ----a-w- c:\windows\hphins25.dat
.

((((((((((((((((((((((((((((( [url=SnapShot@2010-04-18_19.59.11]SnapShot@2010-04-18_19.59.11[/url] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-20 12:10 . 2010-04-20 12:10 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat
+ 2010-01-07 01:47 . 2010-04-19 02:23 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2010-01-07 01:47 . 2010-01-07 04:17 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-13 39408]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-01-26 1724728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2010-1-7 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/12/2010 10:00 PM 207792]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [1/6/2010 5:58 PM 386688]
R3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [1/5/2010 5:52 PM 222336]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S3 SASENUM;SASENUM;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - Hmnt

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-20 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
- c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2010-02-02 21:52]

2010-04-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-13 02:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-04-20 07:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2588)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-20 07:28:45
ComboFix-quarantined-files.txt 2010-04-20 12:28
ComboFix2.txt 2010-04-18 20:01

Pre-Run: 20,861,616,128 bytes free
Post-Run: 20,830,334,976 bytes free

- - End Of File - - FCF71A0927722021A1B369A5F5938F67
Posted 4/21/2010 2:09 AM
#85187
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Open notepad and copy/paste the text in the codebox below into it:

Name the file as CFScript
and Save it on the desktop









Killall::
Snapshot::
File::
c:\windows\system32\avastSS.scr
c:\windows\system32\aswBoot.exe
Folder::
c:\program files\Alwil Software
c:\documents and settings\All Users\Application Data\Alwil Software
Driver::
SASDIFSV
SASKUTIl
SASENUM
Hosts::












User image



Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.



Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply, and tell if you can install Avast now ?


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/22/2010 12:07 PM
#85216
User avatar

JJONES Valued member

Date Joined Nov 2016
Total Posts: 12
Performed Combofix... it deleted several files per the script..


Tried to install Avast again and it gave the same error message halfway through the installation..



**************************************************************



ComboFix 10-04-20.02 - Owner 04/21/2010 7:24.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.297 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Misc Virus Files\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\aswBoot.exe"
"c:\windows\system32\avastSS.scr"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Alwil Software
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\avast5.ini
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\HtmlData\Blocked.htm
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\HtmlData\image001.png
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\scan_completed.wav
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\threat_detected.wav
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\virus_db_updated.wav
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\sounds\1033\welcome.wav
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\sounds\scan_completed.wav
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\sounds\threat_detected.wav
c:\documents and settings\All Users\Application Data\Alwil Software\Avast5\sounds\virus_db_updated.wav
c:\program files\Alwil Software
c:\program files\Alwil Software\Avast5\1033\aswClnTg.htm
c:\program files\Alwil Software\Avast5\1033\aswClnTg.txt
c:\program files\Alwil Software\Avast5\1033\aswInfTg.htm
c:\program files\Alwil Software\Avast5\1033\aswInfTg.txt
c:\program files\Alwil Software\Avast5\1033\Avast5_1033.chm
c:\program files\Alwil Software\Avast5\1033\Base.dll
c:\program files\Alwil Software\Avast5\1033\Boot.dll
c:\program files\Alwil Software\Avast5\1033\uiLangRes.dll
c:\program files\Alwil Software\Avast5\Aavm4h.dll
c:\program files\Alwil Software\Avast5\AavmRpch.dll
c:\program files\Alwil Software\Avast5\AhResBhv.dll
c:\program files\Alwil Software\Avast5\AhResMai.dll
c:\program files\Alwil Software\Avast5\ahResMes.dll
c:\program files\Alwil Software\Avast5\AhResNS.dll
c:\program files\Alwil Software\Avast5\ahResP2P.dll
c:\program files\Alwil Software\Avast5\AhResStd.dll
c:\program files\Alwil Software\Avast5\AhResWS.dll
c:\program files\Alwil Software\Avast5\ashBase.dll
c:\program files\Alwil Software\Avast5\ashMaiSv.dll
c:\program files\Alwil Software\Avast5\ashOutXt.dll
c:\program files\Alwil Software\Avast5\ashQuick.exe
c:\program files\Alwil Software\Avast5\ashServ.dll
c:\program files\Alwil Software\Avast5\ashShell.dll
c:\program files\Alwil Software\Avast5\ashTask.dll
c:\program files\Alwil Software\Avast5\ashTaskEx.dll
c:\program files\Alwil Software\Avast5\ashUpd.exe
c:\program files\Alwil Software\Avast5\ashWebSv.dll
c:\program files\Alwil Software\Avast5\ashWsFtr.dll
c:\program files\Alwil Software\Avast5\aswAux.dll
c:\program files\Alwil Software\Avast5\aswCmnBS.dll
c:\program files\Alwil Software\Avast5\aswCmnIS.dll
c:\program files\Alwil Software\Avast5\aswCmnOS.dll
c:\program files\Alwil Software\Avast5\aswData.dll
c:\program files\Alwil Software\Avast5\aswDld.dll
c:\program files\Alwil Software\Avast5\aswEngLdr.dll
c:\program files\Alwil Software\Avast5\aswIdle.dll
c:\program files\Alwil Software\Avast5\aswLog.dll
c:\program files\Alwil Software\Avast5\aswMonDS.sys
c:\program files\Alwil Software\Avast5\aswMonVD.dll
c:\program files\Alwil Software\Avast5\aswProperty.dll
c:\program files\Alwil Software\Avast5\aswRegSvr.exe
c:\program files\Alwil Software\Avast5\aswRegSvr64.exe
c:\program files\Alwil Software\Avast5\aswRunDll.exe
c:\program files\Alwil Software\Avast5\aswSqLt.dll
c:\program files\Alwil Software\Avast5\aswUtil.dll
c:\program files\Alwil Software\Avast5\avastSS.dll
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Alwil Software\Avast5\AvSSHook.dll
c:\program files\Alwil Software\Avast5\CommonRes.dll
c:\program files\Alwil Software\Avast5\defs\10041401\algo.dll
c:\program files\Alwil Software\Avast5\defs\10041401\ArPot.dll
c:\program files\Alwil Software\Avast5\defs\10041401\aswAR.dll
c:\program files\Alwil Software\Avast5\defs\10041401\aswBoot.dll
c:\program files\Alwil Software\Avast5\defs\10041401\aswCleanerDLL.dll
c:\program files\Alwil Software\Avast5\defs\10041401\aswCmnBS.dll
c:\program files\Alwil Software\Avast5\defs\10041401\aswCmnIS.dll
c:\program files\Alwil Software\Avast5\defs\10041401\aswCmnOS.dll
c:\program files\Alwil Software\Avast5\defs\10041401\aswEngin.dll
c:\program files\Alwil Software\Avast5\defs\10041401\aswRawFS.dll
c:\program files\Alwil Software\Avast5\defs\10041401\aswScan.dll
c:\program files\Alwil Software\Avast5\defs\10041401\db_el.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_js.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_js.map
c:\program files\Alwil Software\Avast5\defs\10041401\db_mx4.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_mx4.map
c:\program files\Alwil Software\Avast5\defs\10041401\db_mx95.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_mx95.map
c:\program files\Alwil Software\Avast5\defs\10041401\db_o7.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_o7.map
c:\program files\Alwil Software\Avast5\defs\10041401\db_ob.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_pe2.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_swf.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_swf.map
c:\program files\Alwil Software\Avast5\defs\10041401\db_tx.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_u.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_w6.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_w6.map
c:\program files\Alwil Software\Avast5\defs\10041401\db_wh.dat
c:\program files\Alwil Software\Avast5\defs\10041401\db_xtn.map
c:\program files\Alwil Software\Avast5\defs\10041401\def.ini
c:\program files\Alwil Software\Avast5\defs\10041401\dllcc.dat
c:\program files\Alwil Software\Avast5\defs\10041401\exts.dll
c:\program files\Alwil Software\Avast5\defs\10041401\fwAux.dll
c:\program files\Alwil Software\Avast5\defs\10041401\l_idx.map
c:\program files\Alwil Software\Avast5\defs\10041401\l_nmp.map
c:\program files\Alwil Software\Avast5\defs\10041401\list_d.txt
c:\program files\Alwil Software\Avast5\defs\10041401\list_i.txt
c:\program files\Alwil Software\Avast5\defs\10041401\lshe3.map
c:\program files\Alwil Software\Avast5\defs\10041401\s_idx.map
c:\program files\Alwil Software\Avast5\defs\10041401\s_nmp.map
c:\program files\Alwil Software\Avast5\defs\10041401\Sf.bin
c:\program files\Alwil Software\Avast5\defs\10041401\sl_idx.map
c:\program files\Alwil Software\Avast5\defs\10041401\sl_nmp.map
c:\program files\Alwil Software\Avast5\defs\10041401\whitelist.db
c:\program files\Alwil Software\Avast5\flash\amline.swf
c:\program files\Alwil Software\Avast5\flash\ammap\ammap.swf
c:\program files\Alwil Software\Avast5\flash\ammap\ammap_key.txt
c:\program files\Alwil Software\Avast5\flash\ammap\ammap_settings_summary.xml
c:\program files\Alwil Software\Avast5\flash\ammap\ammap_settings_tracert.xml
c:\program files\Alwil Software\Avast5\flash\ammap\empty_map.xml
c:\program files\Alwil Software\Avast5\flash\ammap\icons\arrow.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\bubble.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\cross.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\flag.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\pin.swf
c:\program files\Alwil Software\Avast5\flash\ammap\icons\zoom_out.swf
c:\program files\Alwil Software\Avast5\flash\ammap\maps\world.swf
c:\program files\Alwil Software\Avast5\sched.exe
c:\program files\Alwil Software\Avast5\Setup\ais_core-19f.vpx
c:\program files\Alwil Software\Avast5\Setup\ais_dll_eng-17d.vpx
c:\program files\Alwil Software\Avast5\Setup\ais_res-113.vpx
c:\program files\Alwil Software\Avast5\Setup\avast.setup
c:\program files\Alwil Software\Avast5\Setup\INF\Aavmker4.sys
c:\program files\Alwil Software\Avast5\Setup\INF\aswFsBlk.sys
c:\program files\Alwil Software\Avast5\Setup\INF\aswMon.sys
c:\program files\Alwil Software\Avast5\Setup\INF\aswMon2.sys
c:\program files\Alwil Software\Avast5\Setup\INF\aswMonFlt.sys
c:\program files\Alwil Software\Avast5\Setup\INF\AswRdr.sys
c:\program files\Alwil Software\Avast5\Setup\INF\aswSP.sys
c:\program files\Alwil Software\Avast5\Setup\INF\AswTdi.sys
c:\program files\Alwil Software\Avast5\Setup\jrog-9b.vpx
c:\program files\Alwil Software\Avast5\Setup\part-jrog-9b.vpx
c:\program files\Alwil Software\Avast5\Setup\part-prg_ais-1fb.vpx
c:\program files\Alwil Software\Avast5\Setup\part-setup_ais-1fb.vpx
c:\program files\Alwil Software\Avast5\Setup\part-vps_win32-10041401.vpx
c:\program files\Alwil Software\Avast5\Setup\prod-ais.vpx
c:\program files\Alwil Software\Avast5\Setup\servers.def
c:\program files\Alwil Software\Avast5\Setup\setif_ais-1fb.vpx
c:\program files\Alwil Software\Avast5\Setup\setiface.dll
c:\program files\Alwil Software\Avast5\Setup\setiface.ovr
c:\program files\Alwil Software\Avast5\Setup\setup.ini
c:\program files\Alwil Software\Avast5\Setup\setup.ovr
c:\program files\Alwil Software\Avast5\Setup\setup_ais-1fb.vpx
c:\program files\Alwil Software\Avast5\Setup\vps_32-186.vpx
c:\program files\Alwil Software\Avast5\Setup\vps_win32-19b.vpx
c:\program files\Alwil Software\Avast5\Setup\winsys-3.vpx
c:\program files\Alwil Software\Avast5\VisthAux.exe
c:\windows\system32\aswBoot.exe
c:\windows\system32\avastSS.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SASDIFSV
-------\Legacy_SASKUTIL
-------\Service_SASDIFSV
-------\Service_SASENUM
-------\Service_SASKUTIL


((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-20 03:20 . 2010-04-20 03:20 -------- d-----w- c:\program files\Trend Micro
2010-04-20 02:29 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 02:29 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 13:37 . 2010-04-17 13:37 -------- d-----w- c:\program files\Secunia
2010-04-16 21:44 . 2010-04-16 21:44 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-04-16 21:44 . 2010-04-16 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-16 21:40 . 2010-04-16 21:40 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43017301-n\msvcp71.dll
2010-04-16 21:40 . 2010-04-16 21:40 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43017301-n\jmc.dll
2010-04-16 21:40 . 2010-04-16 21:40 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-43017301-n\msvcr71.dll
2010-04-16 21:40 . 2010-04-16 21:40 -------- d-----w- c:\program files\Common Files\Java
2010-04-16 21:40 . 2010-04-16 21:40 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7997b7cc-n\decora-sse.dll
2010-04-16 21:40 . 2010-04-16 21:40 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7997b7cc-n\decora-d3d.dll
2010-04-16 21:40 . 2010-04-16 21:39 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 21:39 . 2010-04-16 21:39 -------- d-----w- c:\program files\Java
2010-04-16 12:20 . 2010-04-16 12:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-16 12:20 . 2010-04-16 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-16 12:20 . 2010-04-20 02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 22:49 . 2010-04-15 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Fashion Solitaire 1.2
2010-04-15 02:21 . 2010-04-15 02:22 -------- d-----w- c:\program files\QuickTime
2010-04-15 02:21 . 2010-04-15 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-10 13:30 . 2010-04-10 13:56 -------- d-----w- c:\program files\AV7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 12:12 . 2010-01-17 07:09 -------- d-----w- c:\documents and settings\Owner\Application Data\MSN6
2010-04-17 19:02 . 2010-01-20 01:50 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-16 12:16 . 2010-01-21 01:33 -------- d-----w- c:\program files\CCleaner
2010-04-15 23:26 . 2010-01-13 02:59 -------- d-----w- c:\program files\Spyware Doctor
2010-04-15 23:25 . 2010-01-13 02:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-15 23:25 . 2010-01-13 02:59 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-15 22:50 . 2010-01-06 05:15 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-10 13:55 . 2010-01-06 22:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 06:15 . 2010-01-06 23:23 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 02:44 . 2010-01-17 18:15 -------- d-----w- c:\program files\World's Best Board Games 2009
2010-02-25 06:24 . 2010-01-06 23:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-08-23 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 02:59 . 2010-01-07 00:00 25272 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 14:10 . 2001-08-23 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2001-08-17 13:48 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2010-01-06 23:24 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-08-23 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-22 13:16 . 2010-01-22 13:06 163126 ----a-w- c:\windows\hphins25.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-13 39408]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-01-26 1724728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2010-1-7 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/12/2010 10:00 PM 207792]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [1/6/2010 5:58 PM 386688]
R3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [1/5/2010 5:52 PM 222336]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - Hmnt

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-20 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job
- c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2010-02-02 21:52]

2010-04-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-13 02:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-04-21 07:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\MsPMSPSv.exe
.
**************************************************************************
.
Completion time: 2010-04-21 07:36:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-21 12:36
ComboFix2.txt 2010-04-20 12:28
ComboFix3.txt 2010-04-18 20:01

Pre-Run: 20,828,270,592 bytes free
Post-Run: 20,664,307,712 bytes free

- - End Of File - - C6EEA1065577DD9F8A197B49FD84C988
Posted 4/22/2010 2:46 PM
#85219
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hmm, annoying :rolleyes:



See if you can install Avira:

https://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, July 7, 2022, 12:05 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
8 Guest(s), 0 Registered Member(s) are currently online.