Tech Support banner

Status
Not open for further replies.
1 - 18 of 18 Posts

·
Registered
Joined
·
42 Posts
Hi there,
A threat was detected rather randomly on my CPU last night found by AVG. It was moved to vault and restarted to say it had been removed, but then tonight I recieved the same error again. Now i'm starting to get a bit worried that there is something more serious at hand.

Any help would be appreciated. (error message also attached.)

Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Username at 19:34:10 on 2012-07-17
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.3071.2455 [GMT 12:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ProjectsWithLove\ServeToMe\ServeToMe-Service.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch_1.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [EPSON Stylus C67 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\username\startm~1\programs\startup\jdownl~1.lnk - c:\program files\jdownloader\JDownloaderD3D.exe
StartupFolder: c:\docume~1\username\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: kuaiche.com\software
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228727383812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EF14CD9B-2D02-475A-9F5E-9AC6FED1C396} : DhcpNameServer = 192.168.1.254
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\username\application data\mozilla\firefox\profiles\85jwgwcs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be62028cd-3393-463e-9603-fa9540bbc7b5%7D&mid=93fbf32734050d2ccfc88dbd32047e0f-4a261b1c3dd53850c741a587beafa58c2d6e7550&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-22%2016%3A35%3A08&sap=ku&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-22 366152]
R2 ServeToMe-Service;ServeToMe-Service;c:\program files\projectswithlove\servetome\ServeToMe-Service.exe [2012-5-5 10240]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-6-15 548264]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-4-20 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-4-20 416112]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-11 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-9-21 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-22 22216]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2009-9-21 11392]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-17 136176]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 611664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-25 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-13 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-17 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-16 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\drivers\procexp150.sys --> c:\windows\system32\drivers\PROCEXP150.SYS [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-4-20 16240]
.
=============== Created Last 30 ================
.
2012-07-15 04:29:28 -------- d-----w- c:\program files\iTunes
2012-06-28 10:10:46 -------- d-----w- c:\documents and settings\all users\application data\Splashtop
2012-06-28 10:10:00 -------- d-----w- c:\documents and settings\username\local settings\application data\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
2012-06-23 12:24:16 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-07-12 06:25:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 06:25:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 03:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 03:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 03:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 03:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 03:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:29:52 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-04-19 12:44:57 369664 ----a-w- c:\windows\system32\html.iec
2012-04-18 16:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 19:35:00.93 ===============
 

Attachments

·
Registered
Joined
·
729 Posts
Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



Please go to: VirusTotal

  • In the middle of the page you'll find a "Browse" button.


  • Click the Browse Button and Copy/Paste the following red text into the File name: field

    C:\Windows\System32\rundll32.exe

  • Click "Open".
  • Then click the "Send File" button at the bottom of the VirusTotal page.
  • This will scan the file. Please be patient.
    NOTE: If you get a message saying File already submitted: click Reanalyze
  • Once scanned, copy and paste the results in your next reply.
Do not delete any files unless I told you to do so
 

·
Registered
Joined
·
42 Posts
Discussion Starter #3
Hi Larusso,
Thanks for the help, here is everything from the results page:





SHA256: dee53d6d332dadd40c0ce34a425a6c0781f611765dcd4299d869f2b1ee80ae66 SHA1: 303a90020bf3beaf9acd0ea86487c853636a99a3 MD5: 037b1e7798960e0420003d05bb577ee6 File size: 32.5 KB ( 33280 bytes ) File name: rundll32.exe File type: Win32 EXE Detection ratio: 0 / 42 Analysis date: 2012-07-20 11:31:34 UTC ( 0 minutes ago )

3

0





More details

Antivirus Result Update AhnLab-V3 - 20120720 AntiVir - 20120720 Antiy-AVL - 20120717 Avast - 20120720 AVG - 20120720 BitDefender - 20120720 ByteHero - 20120719 CAT-QuickHeal - 20120720 ClamAV - 20120720 Commtouch - 20120720 Comodo - 20120720 DrWeb - 20120720 Emsisoft - 20120720 eSafe - 20120719 ESET-NOD32 - 20120720 F-Prot - 20120720 F-Secure - 20120720 Fortinet - 20120720 GData - 20120720 Ikarus - 20120720 Jiangmin - 20120720 K7AntiVirus - 20120719 Kaspersky - 20120720 McAfee - 20120720 McAfee-GW-Edition - 20120720 Microsoft - 20120720 Norman - 20120720 nProtect - 20120720 Panda - 20120720 PCTools - 20120720 Rising - 20120720 Sophos - 20120720 SUPERAntiSpyware - 20120720 Symantec - 20120720 TheHacker - 20120719 TotalDefense - 20120718 TrendMicro - 20120720 TrendMicro-HouseCall - 20120720 VBA32 - 20120719 VIPRE - 20120720 ViRobot - 20120720 VirusBuster - 20120720


Can i detete this?

Posted 7 months, 3 weeks ago by anonymous

#goodware
Posted 1 year, 1 month ago by anonymous

rundll32.exe is developed by Microsoft Corporation and is part of Microsoft Windows. It is usually located at \Windows\System32\rundll32.exe .
#goodware
Posted 1 year, 8 months ago by virusdefence.org

SystemRoot%\system32\rundll32.exe url.dll,FileProtocolHandler DrivesGuideInfo\autorun.exe
how to do my computer pen drive open show shotcut folder 2kb

Posted 1 year, 10 months ago by anonymous

%SystemRoot%\system32\rundll32.exe url.dll,FileProtocolHandler DrivesGuideInfo\autorun.exe

Posted 1 year, 10 months ago by anonymous



You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community





Blog | Twitter | [email protected] | Google groups | TOS & Privacy Policy
 

·
Registered
Joined
·
729 Posts
Thanks. :smile:


Please download Gmer from here and save it to your Desktop.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 

·
Registered
Joined
·
729 Posts
Please do not attach the logfiles. Simply post them as a reply, otherwise it makes it harder for me to read.



Code:
[indent][b]Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde![/b][/indent]


Downloade dir bitte Combofix vom folgenden Downloadspiegel 

[url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b][color=blue]Link 1[/color][/b][/url]


[COLOR=purple][b]WICHTIG - Speichere Combofix auf deinem Desktop[/b][/COLOR]

[list][*] Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.[/list]

Starte die [B]Combofix.exe[/B] und folge den Anweisungen auf dem Bildschirm.[list][*] Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die End Nutzer Lizenz.
Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls was schief geht.
Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit [B]Ja[/B].[/list]
[B]Hinweis: [/B]Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.


Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die [color=darkorchid]C:\Combofix.txt[/color] in deiner nächsten Antwort.
 

·
Registered
Joined
·
42 Posts
Discussion Starter #7
Sorry about that.

Speaking of harder to read, would you please translate your last Instructions to english?

Thanks.
 

·
Registered
Joined
·
729 Posts
Awww, I am so sorry. Used the wrong one :banghead:



Download ComboFix from this location:

Link 1


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
 

·
Registered
Joined
·
42 Posts
Discussion Starter #9
thanks for that, here is the log:

ComboFix 12-07-21.01 - Username 23/07/2012 21:00:38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.3071.2295 [GMT 12:00]
Running from: c:\documents and settings\Username\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Username\Application Data\inst.exe
c:\documents and settings\Username\WINDOWS
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\1d8cdf34889b7fe0.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\45e8813e38cbe14e.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\781582e3fb306aca.fb
c:\windows\system32\Cache\9207ef83cecea2e1.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e919e281403c6965.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1DD.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-15 04:29 . 2012-07-15 04:30 -------- d-----w- c:\program files\iTunes
2012-07-15 04:25 . 2012-07-15 04:25 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-06-28 10:10 . 2012-06-28 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Splashtop
2012-06-28 10:10 . 2012-06-28 10:10 -------- d-----w- c:\documents and settings\Username\Local Settings\Application Data\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
2012-06-23 12:24 . 2012-07-12 06:24 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 06:25 . 2012-04-24 23:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 06:25 . 2011-05-24 06:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-12-08 10:05 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 03:19 . 2008-10-16 01:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 03:19 . 2008-10-16 01:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 03:19 . 2008-09-04 21:43 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 03:19 . 2008-09-04 21:43 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 03:19 . 2008-09-04 21:43 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 03:19 . 2008-10-16 01:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 03:19 . 2008-10-16 01:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 03:19 . 2008-09-04 21:43 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 03:19 . 2008-09-04 21:43 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 03:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 03:19 . 2008-10-16 01:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 03:19 . 2008-09-04 21:43 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 03:19 . 2008-09-04 21:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16 . 2004-08-04 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-09-04 21:42 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-03 09:34 . 2011-04-30 01:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-11 10:33 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-11 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"nwiz"="nwiz.exe" [2008-07-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 86016]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-08 155648]
"EPSON Stylus C67 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE" [2005-01-24 98304]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-05-11 629848]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-11 1107552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-24 928096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Username\Start Menu\Programs\Startup\
JDownloader.lnk - c:\program files\JDownloader\JDownloaderD3D.exe [2011-10-26 218816]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2010-8-22 1531904]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-06-15 08:45 1826816 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 04:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Remote Mouse\\server\\server.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\ProjectsWithLove\\ServeToMe\\ServeToMe-Service.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\SRServer.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\SRFeature.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\DataProxy.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 4:50 a.m. 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 5:30 a.m. 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/07/2011 12:13 a.m. 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/09/2010 2:49 a.m. 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/12/2008 12:50 p.m. 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/12/2008 12:50 p.m. 55024]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 4:53 a.m. 193288]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22/10/2011 11:11 p.m. 366152]
R2 ServeToMe-Service;ServeToMe-Service;c:\program files\ProjectsWithLove\ServeToMe\ServeToMe-Service.exe [5/05/2012 11:49 p.m. 10240]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [15/06/2012 3:44 p.m. 548264]
R2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [15/03/2012 5:20 p.m. 370504]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [20/04/2011 2:59 p.m. 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [20/04/2011 3:10 p.m. 416112]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [11/07/2012 10:33 p.m. 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 1:32 p.m. 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 1:32 p.m. 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 1:32 p.m. 17232]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [21/09/2009 9:15 p.m. 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/10/2011 11:11 p.m. 22216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30/04/2012 9:44 a.m. 5106744]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [21/09/2009 9:35 p.m. 11392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2010 12:01 p.m. 136176]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25/04/2012 11:35 a.m. 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [13/05/2011 8:37 a.m. 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2010 12:01 p.m. 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [16/01/2010 12:49 a.m. 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3/05/2012 9:34 p.m. 129976]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/01/2011 2:23 p.m. 47360]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/12/2008 12:50 p.m. 7408]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [20/04/2011 3:00 p.m. 16240]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:25]
.
2012-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 05:57]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 06:08]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 06:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Username\Application Data\Mozilla\Firefox\Profiles\85jwgwcs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Be62028cd-3393-463e-9603-fa9540bbc7b5%7D&mid=93fbf32734050d2ccfc88dbd32047e0f-4a261b1c3dd53850c741a587beafa58c2d6e7550&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-22%2016%3A35%3A08&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-23 21:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-07-23 21:11:09
ComboFix-quarantined-files.txt 2012-07-23 09:10
ComboFix2.txt 2011-10-22 03:08
.
Pre-Run: 196,299,489,280 bytes free
Post-Run: 196,817,838,080 bytes free
.
- - End Of File - - 4B39AD707C23036E34BB99681D864BA2


Cheers.
 

·
Registered
Joined
·
729 Posts
Hy there. Looks good for me.
Is AVG still detecting the file ?
 

·
Registered
Joined
·
42 Posts
Discussion Starter #11
No, avg had not said anything since I first reported the issue. My desktop icons were behaving strangely though, but after running combo fix they seem to have returned to normal. Did anything actually get fixed?

Thanks again.
 

·
Registered
Joined
·
729 Posts
Not really :smile:


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push
  • Push
    , and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish
Please post this logfile in your next reply
 

·
Registered
Joined
·
729 Posts
Yes, it is :smile:


Unless you have any open issues, you are good to go. Please follow these last few steps.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Enviroment 7 Update 5 and save it to your desktop.
  • Scroll down to where it says Java SE 7 Update 5
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586 to install the newest version.
After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


Please press the
+ R Key and Copy/Paste the following single-line command into the Run box and click OK

combofix /uninstall


This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.



  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date
  • Please enable Automatic Updates to keep your system up to date.
  • Windows Updates
    • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates
  • Software Updates
    Your installed Software also can have vulnerabilities that malware can use to infect your system.
    To keep your installed Software up to date I recommend File Hippo.

Anti Virus Software
  • Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

Additional Protection
  • Malwarebytes Anti Malware
    The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  • WinPatrol
    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Safer Browsing

Use an alternate browser
Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.
Note: If you use Firefox you may want to have a look on this Add Ons.
Computer Maintenance
Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).



Thinking while surfing
There is no software which will protect your system from yourself.
I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.
 

·
Registered
Joined
·
729 Posts
I think it asked to unblock Java Script, which is blocked by NoScript- Add On by default, so you need to unblock it on each site manually. On sites you know and trust, not a problem but be carefull on unknown sites :smile:
 

·
Registered
Joined
·
42 Posts
Discussion Starter #17
It was more like after windows first booted up, but everything seems ok, thank you very much for your help.
 

·
Registered
Joined
·
729 Posts
Glad we could help :smile:
 
1 - 18 of 18 Posts
Status
Not open for further replies.
Top