Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

IDP.Generic / RunDLL.exe threat detected

This is a discussion on IDP.Generic / RunDLL.exe threat detected within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi there, A threat was detected rather randomly on my CPU last night found by AVG. It was moved to


 
 
Thread Tools Search this Thread
Old 07-17-2012, 12:44 AM   #1
Registered Member
 
Join Date: Oct 2011
Posts: 42
OS: Windows 8



Hi there,
A threat was detected rather randomly on my CPU last night found by AVG. It was moved to vault and restarted to say it had been removed, but then tonight I recieved the same error again. Now i'm starting to get a bit worried that there is something more serious at hand.

Any help would be appreciated. (error message also attached.)

Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Username at 19:34:10 on 2012-07-17
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.3071.2455 [GMT 12:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ProjectsWithLove\ServeToMe\ServeToMe-Service.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch_1.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [EPSON Stylus C67 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\username\startm~1\programs\startup\jdownl~1.lnk - c:\program files\jdownloader\JDownloaderD3D.exe
StartupFolder: c:\docume~1\username\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: kuaiche.com\software
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228727383812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EF14CD9B-2D02-475A-9F5E-9AC6FED1C396} : DhcpNameServer = 192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\username\application data\mozilla\firefox\profiles\85jwgwcs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be62028cd-3393-463e-9603-fa9540bbc7b5%7D&mid=93fbf32734050d2ccfc88dbd32047e0f-4a261b1c3dd53850c741a587beafa58c2d6e7550&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-22%2016%3A35%3A08&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-22 366152]
R2 ServeToMe-Service;ServeToMe-Service;c:\program files\projectswithlove\servetome\ServeToMe-Service.exe [2012-5-5 10240]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-6-15 548264]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-4-20 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-4-20 416112]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-11 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-9-21 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-22 22216]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2009-9-21 11392]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-17 136176]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 611664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-25 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-13 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-17 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-16 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\drivers\procexp150.sys --> c:\windows\system32\drivers\PROCEXP150.SYS [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-4-20 16240]
.
=============== Created Last 30 ================
.
2012-07-15 04:29:28 -------- d-----w- c:\program files\iTunes
2012-06-28 10:10:46 -------- d-----w- c:\documents and settings\all users\application data\Splashtop
2012-06-28 10:10:00 -------- d-----w- c:\documents and settings\username\local settings\application data\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
2012-06-23 12:24:16 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-07-12 06:25:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 06:25:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 03:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 03:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 03:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 03:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 03:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:29:52 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-04-19 12:44:57 369664 ----a-w- c:\windows\system32\html.iec
2012-04-18 16:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 19:35:00.93 ===============
Attached Thumbnails
Click image for larger version

Name:	avg-screen.JPG
Views:	446
Size:	35.6 KB
ID:	112796  
Attached Files
File Type: txt attach.txt (16.3 KB, 68 views)
File Type: txt dds.txt (15.5 KB, 63 views)
Ralph123 is offline  
Sponsored Links
Advertisement
 
Old 07-19-2012, 04:02 AM   #2
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.




Please go to: VirusTotal
  • In the middle of the page you'll find a "Browse" button.


  • Click the Browse Button and Copy/Paste the following red text into the File name: field

    C:\Windows\System32\rundll32.exe

  • Click "Open".
  • Then click the "Send File" button at the bottom of the VirusTotal page.
  • This will scan the file. Please be patient.
    NOTE: If you get a message saying File already submitted: click Reanalyze
  • Once scanned, copy and paste the results in your next reply.

Do not delete any files unless I told you to do so
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 07-20-2012, 04:36 AM   #3
Registered Member
 
Join Date: Oct 2011
Posts: 42
OS: Windows 8



Hi Larusso,
Thanks for the help, here is everything from the results page:





SHA256: dee53d6d332dadd40c0ce34a425a6c0781f611765dcd4299d869f2b1ee80ae66 SHA1: 303a90020bf3beaf9acd0ea86487c853636a99a3 MD5: 037b1e7798960e0420003d05bb577ee6 File size: 32.5 KB ( 33280 bytes ) File name: rundll32.exe File type: Win32 EXE Detection ratio: 0 / 42 Analysis date: 2012-07-20 11:31:34 UTC ( 0 minutes ago )

3

0





More details

Antivirus Result Update AhnLab-V3 - 20120720 AntiVir - 20120720 Antiy-AVL - 20120717 Avast - 20120720 AVG - 20120720 BitDefender - 20120720 ByteHero - 20120719 CAT-QuickHeal - 20120720 ClamAV - 20120720 Commtouch - 20120720 Comodo - 20120720 DrWeb - 20120720 Emsisoft - 20120720 eSafe - 20120719 ESET-NOD32 - 20120720 F-Prot - 20120720 F-Secure - 20120720 Fortinet - 20120720 GData - 20120720 Ikarus - 20120720 Jiangmin - 20120720 K7AntiVirus - 20120719 Kaspersky - 20120720 McAfee - 20120720 McAfee-GW-Edition - 20120720 Microsoft - 20120720 Norman - 20120720 nProtect - 20120720 Panda - 20120720 PCTools - 20120720 Rising - 20120720 Sophos - 20120720 SUPERAntiSpyware - 20120720 Symantec - 20120720 TheHacker - 20120719 TotalDefense - 20120718 TrendMicro - 20120720 TrendMicro-HouseCall - 20120720 VBA32 - 20120719 VIPRE - 20120720 ViRobot - 20120720 VirusBuster - 20120720

Can i detete this?

Posted 7 months, 3 weeks ago by anonymous

#goodware
Posted 1 year, 1 month ago by anonymous

rundll32.exe is developed by Microsoft Corporation and is part of Microsoft Windows. It is usually located at \Windows\System32\rundll32.exe .
#goodware
Posted 1 year, 8 months ago by virusdefence.org

SystemRoot%\system32\rundll32.exe url.dll,FileProtocolHandler DrivesGuideInfo\autorun.exe
how to do my computer pen drive open show shotcut folder 2kb

Posted 1 year, 10 months ago by anonymous

%SystemRoot%\system32\rundll32.exe url.dll,FileProtocolHandler DrivesGuideInfo\autorun.exe

Posted 1 year, 10 months ago by anonymous



You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community





Blog | Twitter | [email protected] | Google groups | TOS & Privacy Policy
Ralph123 is offline  
Sponsored Links
Advertisement
 
Old 07-21-2012, 06:43 AM   #4
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Thanks.


Please download Gmer from here and save it to your Desktop.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 07-21-2012, 03:20 PM   #5
Registered Member
 
Join Date: Oct 2011
Posts: 42
OS: Windows 8



thanks, here is the log.
Attached Files
File Type: txt ark.txt (4.6 KB, 51 views)
Ralph123 is offline  
Old 07-22-2012, 05:00 AM   #6
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Please do not attach the logfiles. Simply post them as a reply, otherwise it makes it harder for me to read.



[code]
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die End Nutzer Lizenz.
    Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls was schief geht.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.


Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 07-22-2012, 12:09 PM   #7
Registered Member
 
Join Date: Oct 2011
Posts: 42
OS: Windows 8


Sorry about that.

Speaking of harder to read, would you please translate your last Instructions to english?

Thanks.
Ralph123 is offline  
Old 07-22-2012, 01:03 PM   #8
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Awww, I am so sorry. Used the wrong one



Download ComboFix from this location:

Link 1


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 07-23-2012, 02:14 AM   #9
Registered Member
 
Join Date: Oct 2011
Posts: 42
OS: Windows 8



thanks for that, here is the log:

ComboFix 12-07-21.01 - Username 23/07/2012 21:00:38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.3071.2295 [GMT 12:00]
Running from: c:\documents and settings\Username\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Username\Application Data\inst.exe
c:\documents and settings\Username\WINDOWS
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\1d8cdf34889b7fe0.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\45e8813e38cbe14e.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\781582e3fb306aca.fb
c:\windows\system32\Cache\9207ef83cecea2e1.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e919e281403c6965.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1DD.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-15 04:29 . 2012-07-15 04:30 -------- d-----w- c:\program files\iTunes
2012-07-15 04:25 . 2012-07-15 04:25 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-06-28 10:10 . 2012-06-28 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Splashtop
2012-06-28 10:10 . 2012-06-28 10:10 -------- d-----w- c:\documents and settings\Username\Local Settings\Application Data\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
2012-06-23 12:24 . 2012-07-12 06:24 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 06:25 . 2012-04-24 23:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 06:25 . 2011-05-24 06:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-12-08 10:05 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 03:19 . 2008-10-16 01:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 03:19 . 2008-10-16 01:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 03:19 . 2008-09-04 21:43 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 03:19 . 2008-09-04 21:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 03:19 . 2008-09-04 21:43 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 03:19 . 2008-10-16 01:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 03:19 . 2008-10-16 01:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 03:19 . 2008-09-04 21:43 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 03:19 . 2008-09-04 21:43 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 03:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 03:19 . 2008-10-16 01:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 03:19 . 2008-09-04 21:43 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 03:19 . 2008-09-04 21:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16 . 2004-08-04 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-09-04 21:42 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-03 09:34 . 2011-04-30 01:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-11 10:33 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-11 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"nwiz"="nwiz.exe" [2008-07-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 86016]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
"EPSON Stylus C67 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE" [2005-01-24 98304]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-05-11 629848]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-11 1107552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-24 928096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Username\Start Menu\Programs\Startup\
JDownloader.lnk - c:\program files\JDownloader\JDownloaderD3D.exe [2011-10-26 218816]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2010-8-22 1531904]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-06-15 08:45 1826816 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 04:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Remote Mouse\\server\\server.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\ProjectsWithLove\\ServeToMe\\ServeToMe-Service.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\SRServer.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\SRFeature.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\DataProxy.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 4:50 a.m. 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 5:30 a.m. 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/07/2011 12:13 a.m. 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/09/2010 2:49 a.m. 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/12/2008 12:50 p.m. 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/12/2008 12:50 p.m. 55024]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 4:53 a.m. 193288]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/10/2011 11:11 p.m. 366152]
R2 ServeToMe-Service;ServeToMe-Service;c:\program files\ProjectsWithLove\ServeToMe\ServeToMe-Service.exe [5/05/2012 11:49 p.m. 10240]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [15/06/2012 3:44 p.m. 548264]
R2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [15/03/2012 5:20 p.m. 370504]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [20/04/2011 2:59 p.m. 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [20/04/2011 3:10 p.m. 416112]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [11/07/2012 10:33 p.m. 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 1:32 p.m. 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 1:32 p.m. 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 1:32 p.m. 17232]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [21/09/2009 9:15 p.m. 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/10/2011 11:11 p.m. 22216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30/04/2012 9:44 a.m. 5106744]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [21/09/2009 9:35 p.m. 11392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2010 12:01 p.m. 136176]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25/04/2012 11:35 a.m. 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [13/05/2011 8:37 a.m. 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2010 12:01 p.m. 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [16/01/2010 12:49 a.m. 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3/05/2012 9:34 p.m. 129976]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/01/2011 2:23 p.m. 47360]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/12/2008 12:50 p.m. 7408]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [20/04/2011 3:00 p.m. 16240]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:25]
.
2012-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 05:57]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 06:08]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 06:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Username\Application Data\Mozilla\Firefox\Profiles\85jwgwcs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be62028cd-3393-463e-9603-fa9540bbc7b5%7D&mid=93fbf32734050d2ccfc88dbd32047e0f-4a261b1c3dd53850c741a587beafa58c2d6e7550&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-22%2016%3A35%3A08&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-23 21:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-07-23 21:11:09
ComboFix-quarantined-files.txt 2012-07-23 09:10
ComboFix2.txt 2011-10-22 03:08
.
Pre-Run: 196,299,489,280 bytes free
Post-Run: 196,817,838,080 bytes free
.
- - End Of File - - 4B39AD707C23036E34BB99681D864BA2


Cheers.
Ralph123 is offline  
Old 07-23-2012, 06:19 AM   #10
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Hy there. Looks good for me.
Is AVG still detecting the file ?
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 07-23-2012, 12:07 PM   #11
Registered Member
 
Join Date: Oct 2011
Posts: 42
OS: Windows 8


No, avg had not said anything since I first reported the issue. My desktop icons were behaving strangely though, but after running combo fix they seem to have returned to normal. Did anything actually get fixed?

Thanks again.
Ralph123 is offline  
Old 07-23-2012, 12:37 PM   #12
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Not really


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 07-24-2012, 01:12 AM   #13
Registered Member
 
Join Date: Oct 2011
Posts: 42
OS: Windows 8



No threats found. I guess thats a good thing?
Ralph123 is offline  
Old 07-24-2012, 05:04 AM   #14
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Yes, it is


Unless you have any open issues, you are good to go. Please follow these last few steps.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Enviroment 7 Update 5 and save it to your desktop.
  • Scroll down to where it says Java SE 7 Update 5
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586 to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



Please press the + R Key and Copy/Paste the following single-line command into the Run box and click OK

combofix /uninstall


This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.


  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date
  • Please enable Automatic Updates to keep your system up to date.
  • Windows Updates
    • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates
  • Software Updates
    Your installed Software also can have vulnerabilities that malware can use to infect your system.
    To keep your installed Software up to date I recommend File Hippo.


Anti Virus Software
  • Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.


Additional Protection
  • Malwarebytes Anti Malware
    The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  • WinPatrol
    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.


Safer Browsing

Use an alternate browser
Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.Note: If you use Firefox you may want to have a look on this Add Ons.

Computer Maintenance
Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).



Thinking while surfing
There is no software which will protect your system from yourself.
I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.


If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 07-24-2012, 11:29 PM   #15
Registered Member
 
Join Date: Oct 2011
Posts: 42
OS: Windows 8


Thanks heaps.

Windows asked if I wanted to unblock java after restarting, I assume that's normal?
Ralph123 is offline  
Old 07-25-2012, 04:47 AM   #16
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



I think it asked to unblock Java Script, which is blocked by NoScript- Add On by default, so you need to unblock it on each site manually. On sites you know and trust, not a problem but be carefull on unknown sites
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 07-25-2012, 12:30 PM   #17
Registered Member
 
Join Date: Oct 2011
Posts: 42
OS: Windows 8


It was more like after windows first booted up, but everything seems ok, thank you very much for your help.
Ralph123 is offline  
Old 07-26-2012, 04:57 AM   #18
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Glad we could help
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Google nginx + Redirect + DDS stuck
Need help -- CANNOT get rid of redirect virus & cant run DDS Hello, everyone. Thank you for reading my post. A) My PC runs: - Windows XP Home Edition Version 5.1 (Build 2600.xpsp_sp3_gdr.111025- 1629: Service Pack 3. - IE – Internet Explorer 8 – Version: 8.0.6001.18702 – Update Version:...
Learn-always Resolved HJT Threads 48 05-10-2012 06:04 PM
Help with blue screen and bug check
My machine bug checked tonight, it has been freezing for a long time but finally generated a dmp file tonight, so I am happy about that. Windbg says the following, can anyone help me determine what is causing this, or translate the windbg file? System specs are at the bottom, thank you.
gte BSOD, App Crashes And Hangs 27 04-18-2012 10:19 PM
Rootkit TR/Sirefef.BP.1 and Rootkit.Gen2
Hi Everybody, I have this issue with my computer: Rootkit TR/Sirefef.BP.1 and Rootkit.Gen2 have been detected by Antivir and, though removed, reappear at the PC reboot. Avira RealTime Protection keeps sending alerts, detecting unspecified viruses with access denied. Several of the directories...
beppe1968 Resolved HJT Threads 81 03-15-2012 11:19 AM
Windows 7 BSOD - Memory management
Been getting BSOD. Sometimes twice a night, sometimes none. This hass been for weeks. Sometimes I get stuck in a reboot loop, sometimes it wants to run Repair, sometimes it wants me to choose safe mode/no safe mode. Pulled out two 1GB sticks of old dell memory yesterday when it was stuck in a...
dj-anakin BSOD, App Crashes And Hangs 7 02-21-2011 03:27 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 05:23 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts