Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware attack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware attack

Unread postby Barry07601 » December 23rd, 2011, 6:06 pm

I'm using Windows XP Pro Service pack 3 and I contracted the XP 2012 virus

Googled a fix on the Microsoft website:

----------
ollow below procedure to remove the annoying Spyware.

Start system in Safe Mode.
Change the windows settings to enable -
Show Hidden Files & Folders.
Hide Extensions For Known File Types.
Hide Protected Operating Systems.
Click OK to save the changes.

Go into C:\Documents and Settings\[UserName]\Local Settings\Application Data\ folder.
Find hidden executable file in this folder.
Name may vary e.g. wmi.exe. Rename wmi.exe to wmi.exe1 and click Yes to confirm file rename.
It will solve your problem partially.Now open Notepad & copy the below contents to it :

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

Now save file as Solution.reg to your Desktop.

Double clicking on it will ask you for the confirmation to merge it or not.
Click YES.

Restart the system in normal mode.Thats it.
-----------------
Installed Malawarebytes and Avast, ran this fix and now:

1. EVerytime I start a program I get a popup that says:
"Which user account do you want to use to run this program"

2. Keyboard is real sluggish and I no it's not the keyword because it works fine on my 2nd computer connected to my a/b switch.

3. Certain programs such as Nero won't boot up and my computer is running much slower.

============================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Run by Barry at 16:47:01 on 2011-12-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2321 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
svchost.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Barry\Application Data\Spotify\Spotify.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://secure.ingdirect.com/myaccount/ ... t/login.vm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
mURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: WormRadar.com IESiteBlocker.NavFilter - No File
BHO: SkypeIEPluginBHO - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
uRun: [1&1 EasyLogin] c:\program files\1&1\1&1 easylogin\EasyLogin.exe
uRun: [swg (1)] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spotify] "c:\documents and settings\barry\application data\spotify\Spotify.exe" /uri spotify:autostart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Habu] c:\program files\razer\habu\razerhid.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\MAFWTray.exe
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1
TCP: Interfaces\{01E4914B-7C86-4F83-A0CF-F2FBB1C4004A} : DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\barry\application data\mozilla\firefox\profiles\s88ako4g.default\
FF - prefs.js: browser.startup.homepage - hxxp://bossip.com/|http://mediatakeout.com/index.html
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\barry\application data\mozilla\firefox\profiles\s88ako4g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\barry\application data\mozilla\firefox\profiles\s88ako4g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\barry\application data\mozilla\firefox\profiles\s88ako4g.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\barry\application data\mozilla\firefox\profiles\s88ako4g.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pace anti-piracy\ilok\NPPaceILok.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2010-6-20 16384]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-12-14 56208]
R0 SC247XU;SC247XU;c:\windows\system32\drivers\SC247XU.sys [2010-6-6 14925]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-19 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-19 314456]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-12-18 76696]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-12-14 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-12-14 164112]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-19 44768]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-7-21 16400]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-17 366152]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-6-6 632792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-12-14 931640]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-10 855904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-17 22216]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2010-2-21 23600]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2011-12-14 21520]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S2 AVGIDSAgent;AVGIDSAgent; [x]
S2 avgwd;AVG WatchDog; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-6 136176]
S3 akS56USB;AKAI S5000/S6000 Driver;c:\windows\system32\drivers\akS56USB.sys [2004-10-28 11392]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x]
S3 Avgfwdx;Avgfwdx; [x]
S3 Avgfwfd;AVG network filter service; [x]
S3 CEUSBAUD;Lexicon USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [2010-6-20 17920]
S3 DVC150B;Dazzle DVC 150B;c:\windows\system32\drivers\dvc150b.sys [2010-8-5 30976]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-6 136176]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [2009-12-23 54328]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\drivers\mafw.sys [2010-7-20 192392]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MotuMidi;MOTU MIDI Device;c:\windows\system32\drivers\motumidi.sys [2010-4-23 36912]
S3 MotuUsb;MotuUsb;c:\windows\system32\drivers\MotuUsb.sys [2010-4-23 49712]
S3 MotuUsbIoDriver;MotuUsbIoDriver;c:\windows\system32\drivers\MotUsbIo.sys [2010-6-20 110592]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.exe=H6U
.
=============== Created Last 30 ================
.
2011-12-19 05:09:37 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-19 05:08:31 41184 ----a-w- c:\windows\avastSS.scr
2011-12-19 05:07:49 -------- d-----w- c:\program files\AVAST Software
2011-12-19 05:07:49 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-12-18 05:10:53 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-12-18 05:04:07 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
2011-12-18 02:51:22 -------- d-----w- c:\documents and settings\barry\application data\Malwarebytes
2011-12-18 02:50:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-18 02:50:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 02:50:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-16 04:05:56 -------- d-----w- c:\program files\iTunes
2011-12-14 17:23:32 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-12-13 21:08:44 -------- d-----w- c:\documents and settings\barry\local settings\application data\PCHealth
2011-12-13 20:20:50 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-13 20:20:50 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-12 18:50:18 -------- d-----w- c:\documents and settings\barry\local settings\application data\Spotify
2011-12-12 18:50:01 -------- d-----w- c:\documents and settings\barry\application data\Spotify
2011-12-11 02:07:49 -------- d-----w- c:\documents and settings\barry\application data\AVG Secure Search
2011-12-10 13:26:10 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2011-12-10 13:25:56 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-12-10 13:25:52 -------- d-----w- c:\program files\AVG Secure Search
.
==================== Find3M ====================
.
2011-12-18 05:47:26 146432 ----a-w- c:\windows\regedit.exe
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 05:50:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43:21 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43:20 17408 ------w- c:\windows\system32\corpol.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-02 17:03:28 730192 ----a-w- c:\program files\common files\ZugoInstaller.exe
.
============= FINISH: 16:51:10.01 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/5/2010 4:22:02 PM
System Uptime: 12/21/2011 1:27:44 AM (39 hours ago)
.
Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 82.924 GiB free.
E: is FIXED (NTFS) - 699 GiB total, 468.186 GiB free.
G: is Removable
H: is FIXED (NTFS) - 932 GiB total, 793.911 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMPHILIPS_DVD+-RW_DVD8701_________________5D24____\594D4D3037393335303735313639513131303939
Manufacturer: (Standard CD-ROM drives)
Name: PHILIPS DVD+-RW DVD8701
PNP Device ID: IDE\CDROMPHILIPS_DVD+-RW_DVD8701_________________5D24____\594D4D3037393335303735313639513131303939
Service: cdrom
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0000
Manufacturer: AVG Technologies
Name: Microsoft TV/Video Connection - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0000
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0001
Manufacturer: AVG Technologies
Name: Intel(R) PRO/100 VE Network Connection - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0001
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0002
Manufacturer: AVG Technologies
Name: WAN Miniport (IP) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0002
Service: Avgfwdx
.
==== System Restore Points ===================
.
RP695: 11/28/2011 4:48:00 PM - System Checkpoint
RP696: 12/6/2011 10:16:01 PM - System Checkpoint
RP697: 12/6/2011 10:16:02 PM - System Checkpoint
RP698: 12/6/2011 10:16:02 PM - System Checkpoint
RP699: 12/6/2011 10:16:02 PM - System Checkpoint
RP700: 12/4/2011 1:26:10 AM - System Checkpoint
RP701: 12/5/2011 2:20:52 AM - System Checkpoint
RP702: 12/6/2011 3:11:03 AM - System Checkpoint
RP703: 12/6/2011 10:17:13 PM - AVG Regisry Defrag - before defragmentation
RP704: 12/7/2011 11:41:00 PM - System Checkpoint
RP705: 12/9/2011 4:52:48 PM - System Checkpoint
RP706: 12/10/2011 5:32:15 PM - System Checkpoint
RP707: 12/11/2011 5:45:48 PM - System Checkpoint
RP708: 12/12/2011 6:02:05 PM - System Checkpoint
RP709: 12/13/2011 2:58:44 PM - Restore Operation
RP710: 12/13/2011 4:06:02 PM - Software Distribution Service 3.0
RP711: 12/14/2011 5:29:36 PM - Restore Operation
RP712: 12/15/2011 6:32:13 PM - System Checkpoint
RP713: 12/16/2011 7:29:59 PM - System Checkpoint
RP714: 12/17/2011 8:27:29 PM - System Checkpoint
RP715: 12/18/2011 12:55:43 AM - Restore Operation
RP716: 12/19/2011 12:07:49 AM - avast! Free Antivirus Setup
RP717: 12/19/2011 1:09:55 AM - Restore Operation
RP718: 12/19/2011 3:48:50 AM - Installed Microsoft Fix it 50202
RP719: 12/20/2011 4:33:38 AM - System Checkpoint
RP720: 12/20/2011 11:57:38 PM - Installed Rapport
RP721: 12/22/2011 12:00:19 AM - System Checkpoint
.
==== Installed Programs ======================
.
1&1 EasyLogin
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Audition 1.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Advertising Center
aksys
Aksys S56 Theme Pack
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AstroViewer 3.1.1
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
Avery Wizard 3.1
AVG PC Tuneup 2011
Bonjour
Broadcom 440x 10/100 Integrated Controller
Canon Camera Access Library
Canon Camera Support Core Library
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco Connect
Corel Paint Shop Pro X
Dell Driver Download Manager
Dell Photo AIO Printer 964
Dell Support Center
DesignPro 5
Digidesign Audio Drivers 8.0.1
Digidesign Pro Tools Creative Collection 8.0.1
Digidesign Pro Tools M-Powered 8.0.1
Download Updater (AOL LLC)
Emagic Logic Audio Platinum 5.5
Finale PrintMusic 2009
Finale PrintMusic 2011
Firebird SQL Server - MAGIX Edition
Free DigiRack Plug-Ins 8.0.1
Free YouTube Downloader 3.3.115
GOM Player
GoodSync
Google Chrome
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
Hieroglyphic Font
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ieSpell
iLok Client Helper x32x64
Intel(R) PRO Network Connections Drivers
Interlok driver setup x32
iTunes
Jasc Animation Shop 3
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1
LastPass (uninstall only)
Lexicon MX-Edit 1.0
Logitech Audio Echo Cancellation Component
Logitech Harmony Remote Software 7
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
M-Audio FireWire Driver 6.0.1 (x86)
MAGIX Music Maker 16 Premium Download Version
MAGIX Screenshare
MAGIX Speed 2 (MSI)
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaMonkey 3.2
MelodyneEssential 1.8
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MOTU USB MIDI Installer
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MVision
Nero ControlCenter
Nero Installer
Nero MediaHome 4
Nero MediaHome 4 Essentials
Nero MediaHome 4 Help
Nero Online Upgrade
Octoshape add-in for Adobe Flash Player
Paltalk Messenger
Paltalk Messenger Interop
Picasa 3
Pinnacle Instant DVD Recorder
Print to Fax
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
PureVoice 1.3.2
QuickTime
Rapport
Razer Habu Config
RealPlayer
RealUpgrade 1.0
Reason 4.0
Registry Mechanic 10.0
Remote Control USB Driver
Rhapsody
Rhapsody Cloud Sync
RTLSetup
Safari
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB923789)
SigmaTel Audio
Skins
Skype Toolbars
Skype™ 5.0
Spotify
Stellarium 0.10.5
Studio 11
Studio 11 Bonus DVD
Text-To-Speech-Runtime
Torq LE 1.0.7 (Build 017 - 03 Oct 2008)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Vuze
WAV MP3 Converter v4.1 build 1218
WebFldrs XP
Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
Windows Driver Package - Razer (HidUsb) HIDClass (01/10/2007 1.00)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Desktop Login
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yamassic - Hieroglyphic Font
.
==== Event Viewer Messages From Past Week ========
.
12/21/2011 12:19:55 AM, error: NetBT [4321] - The name "EXCLUSIVE :0" could not be registered on the Interface with IP address 192.168.1.142. The machine with the IP address 192.168.1.1 did not allow the name to be claimed by this machine.
12/20/2011 11:52:27 PM, error: Service Control Manager [7000] - The Logitech LVPr2Mon Driver service failed to start due to the following error: The parameter is incorrect.
12/20/2011 11:52:20 PM, error: Service Control Manager [7000] - The Nero MediaHome 4 Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 11:52:20 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The system cannot find the path specified.
12/20/2011 11:52:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Nero MediaHome 4 Service service to connect.
12/20/2011 11:52:19 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
12/20/2011 11:52:19 PM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the path specified.
12/20/2011 11:52:19 PM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.
12/20/2011 11:49:10 PM, error: Dhcp [1002] - The IP address lease 192.168.1.138 for the Network Card with network address 001372BF7091 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/20/2011 11:37:05 PM, error: NetBT [4321] - The name "EXCLUSIVE :0" could not be registered on the Interface with IP address 192.168.1.138. The machine with the IP address 192.168.1.1 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm
Advertisement
Register to Remove

Re: Malware attack

Unread postby deltalima » December 23rd, 2011, 6:19 pm

User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware