Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus Infection - pasted logs this time - sorry!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus Infection - pasted logs this time - sorry!

Unread postby zzdave » December 15th, 2011, 1:39 pm

Hi,
Avira Free version tells me I have the following viruii: TR/Spy.130560.48 in file advantage.exe in Documents and Settings and TR/Crypt.Xpack.Gen in files ARK18.tmp and dfrgcfg32.dll

I am running Windows XP SP3 fully updated.

I would appreciate some help on this - I have done quite a bit of research but with little luck so far.

I should add that my Firefox browser sometimes redirects me to sites other than the one I want.

Thanks

Dave

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17/03/2009 20:31:24
System Uptime: 15/12/2011 09:02:56 (3 hours ago)
.
Motherboard: http://www.abit.com.tw/ | | KV7(VIA KT600-8237)
Processor: AMD Athlon(tm) XP 3200+ | Socket A | 2230/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 13.87 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 15.762 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 75 GiB total, 15.164 GiB free.
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: 5800 XpressMusic
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: 5800 XpressMusic
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP6: 07/11/2011 17:32:00 - System Checkpoint
RP7: 08/11/2011 18:24:44 - System Checkpoint
RP8: 09/11/2011 18:20:57 - Software Distribution Service 3.0
RP9: 10/11/2011 22:36:21 - Software Distribution Service 3.0
RP10: 13/11/2011 18:42:27 - System Checkpoint
RP11: 14/11/2011 19:05:52 - System Checkpoint
RP12: 16/11/2011 19:53:20 - System Checkpoint
RP13: 17/11/2011 20:48:34 - System Checkpoint
RP14: 18/11/2011 21:06:44 - System Checkpoint
RP15: 19/11/2011 22:02:51 - System Checkpoint
RP16: 20/11/2011 22:07:10 - System Checkpoint
RP17: 22/11/2011 01:27:31 - Removed Outlook Shutdown Addin
RP18: 22/11/2011 01:31:40 - Removed Python 2.7.2
RP19: 24/11/2011 07:44:15 - System Checkpoint
RP20: 25/11/2011 12:49:50 - System Checkpoint
RP21: 26/11/2011 17:07:59 - System Checkpoint
RP22: 27/11/2011 19:46:18 - System Checkpoint
RP23: 29/11/2011 20:13:38 - System Checkpoint
RP24: 01/12/2011 19:38:33 - System Checkpoint
RP25: 03/12/2011 16:26:03 - System Checkpoint
RP26: 04/12/2011 16:40:29 - System Checkpoint
RP27: 05/12/2011 17:13:52 - System Checkpoint
RP28: 06/12/2011 19:48:33 - System Checkpoint
RP29: 07/12/2011 20:31:14 - System Checkpoint
RP30: 08/12/2011 21:18:50 - System Checkpoint
RP31: 09/12/2011 21:21:52 - System Checkpoint
RP32: 10/12/2011 21:43:46 - System Checkpoint
RP33: 12/12/2011 03:22:49 - System Checkpoint
RP34: 13/12/2011 18:42:23 - System Checkpoint
RP35: 14/12/2011 19:09:23 - System Checkpoint
RP36: 14/12/2011 22:55:58 - Removed AVG 2011
RP37: 14/12/2011 22:57:16 - Removed AVG 2011
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AI RoboForm (All Users)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Avira Free Antivirus
Buzzsaw-S
CCleaner
ClipboardPath
ClipMagic 3.2.5
Connect
DirMS-S
doPDF 7.1 printer
Dup Detector
EPSON Printer Software
EPSON Scan
eReg
Fast Font Set 1.02
FastStone Capture 6.5
FileZilla Client 3.5.2
Foxit Reader
GoodSync
Google Chrome
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
IIS 7.5 Express
IrfanView (remove only)
iTunes
Java Auto Updater
Java DB 10.4.2.1
Java(TM) 6 Update 21
K-Lite Mega Codec Pack 5.7.0
kuler
Lebeca PC Camera(Built in microphone) Driver
Logitech SetPoint 6.30
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET Web Pages
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft IntelliType Pro 5.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox (3.6.24)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 6 Ultra Edition
NETGEAR WG111v3 wireless USB 2.0 adapter
Nokia Connectivity Cable Driver
Nokia Multimedia Common Components 2.4
Nokia Music
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia Software Updater
NVIDIA Drivers
NVIDIA nView Desktop Manager
Ovi Desktop Sync Engine
OviMPlatform
palmOne
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serif WebPlus X2
Serif WebPlus X2 Resources
Serif WebPlus X4
Serif WebPlus X4 Bonus Content Pack
Serif WebPlus X4 Resources
SimpleOCR 3.1
Skype™ 5.3
Spybot - Search & Destroy
Suite Shared Configuration CS4
SyncBack
System Requirements Lab
TreeSize Professional 5.3.4
TypingMaster Pro
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB971029)
VC 9.0 Runtime
VIA Audio Driver Setup Program
VIA Integrated Setup Wizard
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Wise Registry Cleaner 5.9.4
xplorer² lite 32 bit
.
==== Event Viewer Messages From Past Week ========
.
14/12/2011 12:06:39, error: MRxSmb [8003] - The master browser has received a server announcement from the computer 2249F6C07845433 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{68284262-FE5. The master browser is stopping or an election is being forced.
12/12/2011 02:50:06, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Buzzsaw_Defragmentation service.
10/12/2011 17:40:13, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}
10/12/2011 17:40:11, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
10/12/2011 17:40:11, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/12/2011 17:40:11, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
09/12/2011 16:00:00, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
09/12/2011 16:00:00, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by David Williams at 12:07:57 on 2011-12-15
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1534.778 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\MATCO\BuzzSawService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\David Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\David Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David Williams\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Dfrgcfg32] rundll32.exe ",appWICres isaapisvc
mRun: [BigDogPath] c:\windows\VM_STI.EXE Lebeca PC Camera(Microphone)
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{68284262-FE54-40E6-8EE4-89BBE5A23244} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david williams\application data\mozilla\firefox\profiles\lchtgi1t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\david williams\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: f:\program files\itunes\mozilla plugins\npitunes.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2009-12-26 77312]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-14 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-14 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-14 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-14 74640]
R2 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;c:\program files\matco\BuzzSawService.exe [2006-11-26 327680]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-7-7 12184]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-12 47640]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 dsnpfd;Dsnpfd Service;c:\windows\system32\drivers\dsnpfd.sys --> c:\windows\system32\drivers\dsnpfd.sys [?]
S3 dsnpfdMP;dsnpfdMP;c:\windows\system32\drivers\dsnpfd.sys --> c:\windows\system32\drivers\dsnpfd.sys [?]
S3 hcdriver;EHCI;c:\windows\system32\drivers\hcdriver.sys [2009-11-22 50688]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\52.tmp --> c:\windows\system32\52.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-7-9 65856]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-6-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-6-26 8320]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-3-20 1452032]
S3 PORTMON;PORTMON;\??\f:\sysinternals\portmsys.sys --> f:\sysinternals\PORTMSYS.SYS [?]
S3 S12345;S12345;\??\e:\s12345.sys --> e:\S12345.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZSMC302;Lebeca PC Camera(Microphone);c:\windows\system32\drivers\usbvm302.sys [2009-12-3 91271]
S4 BWMeterConSvc;BWMeter Connections Service;"c:\program files\bwmeter\bwmeterconsvc.exe" --> c:\program files\bwmeter\BWMeterConSvc.exe [?]
S4 gupdate1ca0975e7f7ff76;Google Update Service (gupdate1ca0975e7f7ff76);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-12-14 23:09:08 -------- d-----w- c:\documents and settings\david williams\application data\Avira
2011-12-14 23:08:17 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-14 23:08:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-14 23:08:16 -------- d-----w- c:\program files\Avira
2011-12-07 23:12:41 -------- d-----w- c:\documents and settings\david williams\local settings\application data\tcpCommsplugin
2011-11-26 16:38:53 -------- d-----w- c:\program files\ElcomSoft
.
==================== Find3M ====================
.
2011-10-21 23:36:55 615936 ----a-w- c:\windows\AutoKMS.exe
2011-10-21 23:36:51 77824 ----a-w- c:\windows\KMSEmulator.exe
2011-10-19 17:20:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 11:46:23 3296 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-10-03 11:46:09 88 --sh--r- c:\documents and settings\all users\application data\694C8B8C0B.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-16 19:10:37 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
============= FINISH: 12:08:38.87 ===============
zzdave
Active Member
 
Posts: 5
Joined: August 17th, 2006, 6:56 pm
Advertisement
Register to Remove

Re: Virus Infection - pasted logs this time - sorry!

Unread postby deltalima » December 15th, 2011, 4:05 pm

Microsoft Office Professional Plus 2010 is not available to home users and so this computer must be considered as business use, we do not work on business computers.

We can offer no further help.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware