BUMP, please
Trojan Horse Clicker.AJRO
Hello, i have some problems, exactly the same as this guy. I also get unfocus from textboxes, browser, etc...
I read the instructions topic and downloaded the DDS and GMER, and started to run them. the first one went all fine but with the second i've experienced some problems, i explain.
Once i start it with the "normal" configuration suggested in the instruction post i always get blocked at the end when it comes to save the file and the program goes into (not responding) status and then i can't do anything but to restart my computer.Then i tried to do the second confuration, the one to do if the "normal" doesnt go, and at the end of the scan the computer restarts.
well, there i give you what i've been able to do (DDS):
DDS (Ver_10-03-17.01) - NTFSx86
Run by Eric at 23:16:23.42 on 13.07.2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1040.18.2047.1321 [GMT 2:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
svchost.exe 4
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe 4
svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\AVG\AVG9\avgfws9.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Programmi\Logitech\G-series Software\LGDCore.exe
D:\Programmi\Logitech\G-series Software\LCDMon.exe
D:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
D:\Programmi\Logitech\G-series Software\Applets\LCDClock.exe
D:\Programmi\Logitech\G-series Software\Applets\LCDMedia.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Logitech\Logitech Vid\vid.exe
C:\Programmi\Messenger\msmsgs.exe
D:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
D:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Documents and Settings\Eric\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1605787
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmi\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
uRun: [msnmsgr] "c:\programmi\windows live\messenger\msnmsgr.exe" /background
uRun: [PlayNC Launcher]
uRun: [Logitech Vid] "c:\programmi\logitech\logitech vid\vid.exe" -bootmode
uRun: [MSMSGS] "c:\programmi\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Turbine Download Manager Tray Icon] "d:\programmi\turbine\turbine download manager\TurbineDownloadManagerIcon.exe"
mRun: [StartCCC] "c:\programmi\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LogitechQuickCamRibbon] "c:\programmi\logitech\logitech webcam software\LWS.exe" /hide
mRun: [<NO NAME>]
mRun: [Launch LGDCore] "d:\programmi\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "d:\programmi\logitech\g-series software\LCDMon.exe"
mRun: [HP Software Update] "d:\programmi\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\programmi\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [AppleSyncNotifier] c:\programmi\file comuni\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\programmi\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "d:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "d:\programmi\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\programmi\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\hpdigi~1.lnk - d:\programmi\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\logite~1.lnk - d:\programmi\logitech\setpoint\KEM.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\mcafee~1.lnk - c:\programmi\mcafee security scan\2.0.181\SSScheduler.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmi\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programmi\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmi\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\eric\datiap~1\mozilla\firefox\profiles\afvxihvp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1605787&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ig?hl=it&source=iglk
FF - prefs.js: keyword.URL - hxxp://ch.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ch&p=
FF - component: c:\documents and settings\eric\dati applicazioni\mozilla\firefox\profiles\afvxihvp.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\eric\dati applicazioni\mozilla\firefox\profiles\afvxihvp.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}\components\RadioWMPCore.dll
FF - component: c:\programmi\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - component: c:\programmi\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\eric\dati applicazioni\facebook\npfbplugin_1_0_3.dll
FF - plugin: d:\programmi\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\programmi\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-4-11 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-11 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-15 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-15 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-15 242896]
R2 avg9emc;AVG E-mail Scanner;c:\programmi\avg\avg9\avgemc.exe [2010-4-11 916760]
R2 avg9wd;AVG WatchDog;c:\programmi\avg\avg9\avgwdsvc.exe [2010-4-11 308064]
R2 avgfws9;AVG Firewall;c:\programmi\avg\avg9\avgfws9.exe [2010-6-2 2331544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-4-11 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\programmi\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-4-11 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\programmi\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-4-11 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\programmi\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-4-11 26120]
S2 AVGIDSAgent;AVG9IDSAgent;c:\programmi\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-4-11 5888008]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-26 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programmi\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-11 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-4-11 30104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\programmi\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-20 25832]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programmi\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
=============== Created Last 30 ================
2010-06-26 16:11:55 0 d-----w- c:\docume~1\eric\datiap~1\Facebook
2010-06-20 11:40:38 0 d-----w- c:\programmi\iPod
2010-06-20 11:38:19 0 d-----w- c:\programmi\Bonjour
==================== Find3M ====================
2010-06-23 22:36:54 71514 ----a-w- c:\windows\system32\perfc010.dat
2010-06-23 22:36:54 442918 ----a-w- c:\windows\system32\perfh010.dat
2010-06-02 18:07:13 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-24 16:55:28 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-24 16:55:25 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-18 14:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-02 08:06:54 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:21 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 18:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 16:06:43 669696 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:06:35 81920 ----a-w- c:\windows\system32\ieencode.dll
2006-06-23 12:48:54 32768 -c--a-w- c:\windows\inf\UpdateUSB.exe
============= FINISH: 23:16:38.42 ===============
Thank you in advance
I read the instructions topic and downloaded the DDS and GMER, and started to run them. the first one went all fine but with the second i've experienced some problems, i explain.
Once i start it with the "normal" configuration suggested in the instruction post i always get blocked at the end when it comes to save the file and the program goes into (not responding) status and then i can't do anything but to restart my computer.Then i tried to do the second confuration, the one to do if the "normal" doesnt go, and at the end of the scan the computer restarts.
well, there i give you what i've been able to do (DDS):
DDS (Ver_10-03-17.01) - NTFSx86
Run by Eric at 23:16:23.42 on 13.07.2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1040.18.2047.1321 [GMT 2:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
svchost.exe 4
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe 4
svchost.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\AVG\AVG9\avgfws9.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Programmi\Logitech\G-series Software\LGDCore.exe
D:\Programmi\Logitech\G-series Software\LCDMon.exe
D:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
D:\Programmi\Logitech\G-series Software\Applets\LCDClock.exe
D:\Programmi\Logitech\G-series Software\Applets\LCDMedia.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Logitech\Logitech Vid\vid.exe
C:\Programmi\Messenger\msmsgs.exe
D:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
D:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Documents and Settings\Eric\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1605787
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmi\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
uRun: [msnmsgr] "c:\programmi\windows live\messenger\msnmsgr.exe" /background
uRun: [PlayNC Launcher]
uRun: [Logitech Vid] "c:\programmi\logitech\logitech vid\vid.exe" -bootmode
uRun: [MSMSGS] "c:\programmi\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Turbine Download Manager Tray Icon] "d:\programmi\turbine\turbine download manager\TurbineDownloadManagerIcon.exe"
mRun: [StartCCC] "c:\programmi\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LogitechQuickCamRibbon] "c:\programmi\logitech\logitech webcam software\LWS.exe" /hide
mRun: [<NO NAME>]
mRun: [Launch LGDCore] "d:\programmi\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "d:\programmi\logitech\g-series software\LCDMon.exe"
mRun: [HP Software Update] "d:\programmi\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\programmi\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [AppleSyncNotifier] c:\programmi\file comuni\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\programmi\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "d:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "d:\programmi\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\programmi\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\hpdigi~1.lnk - d:\programmi\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\logite~1.lnk - d:\programmi\logitech\setpoint\KEM.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\mcafee~1.lnk - c:\programmi\mcafee security scan\2.0.181\SSScheduler.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmi\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programmi\avg\avg9\toolbar\IEToolbar.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programmi\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmi\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fileco~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\eric\datiap~1\mozilla\firefox\profiles\afvxihvp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1605787&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ig?hl=it&source=iglk
FF - prefs.js: keyword.URL - hxxp://ch.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ch&p=
FF - component: c:\documents and settings\eric\dati applicazioni\mozilla\firefox\profiles\afvxihvp.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\eric\dati applicazioni\mozilla\firefox\profiles\afvxihvp.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}\components\RadioWMPCore.dll
FF - component: c:\programmi\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - component: c:\programmi\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\eric\dati applicazioni\facebook\npfbplugin_1_0_3.dll
FF - plugin: d:\programmi\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\programmi\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\programmi\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-4-11 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-11 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-15 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-15 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-15 242896]
R2 avg9emc;AVG E-mail Scanner;c:\programmi\avg\avg9\avgemc.exe [2010-4-11 916760]
R2 avg9wd;AVG WatchDog;c:\programmi\avg\avg9\avgwdsvc.exe [2010-4-11 308064]
R2 avgfws9;AVG Firewall;c:\programmi\avg\avg9\avgfws9.exe [2010-6-2 2331544]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-4-11 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\programmi\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-4-11 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\programmi\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-4-11 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\programmi\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-4-11 26120]
S2 AVGIDSAgent;AVG9IDSAgent;c:\programmi\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-4-11 5888008]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-26 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programmi\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-11 430152]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-4-11 30104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\programmi\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-20 25832]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programmi\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
=============== Created Last 30 ================
2010-06-26 16:11:55 0 d-----w- c:\docume~1\eric\datiap~1\Facebook
2010-06-20 11:40:38 0 d-----w- c:\programmi\iPod
2010-06-20 11:38:19 0 d-----w- c:\programmi\Bonjour
==================== Find3M ====================
2010-06-23 22:36:54 71514 ----a-w- c:\windows\system32\perfc010.dat
2010-06-23 22:36:54 442918 ----a-w- c:\windows\system32\perfh010.dat
2010-06-02 18:07:13 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-24 16:55:28 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-24 16:55:25 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-18 14:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-02 08:06:54 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:21 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 18:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 16:06:43 669696 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:06:35 81920 ----a-w- c:\windows\system32\ieencode.dll
2006-06-23 12:48:54 32768 -c--a-w- c:\windows\inf\UpdateUSB.exe
============= FINISH: 23:16:38.42 ===============
Thank you in advance
Attachments
-
11.4 KB Views: 58
- Status
- Not open for further replies.
1 - 15 of 15 Posts
Sorry for the delay
Welcome to TSF
Please download MBRCheck.exe to your desktop.
Welcome to TSF
Please download MBRCheck.exe to your desktop.
- Be sure to disable your security programs.
- Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
- A window will open on your desktop.
- if an unknown bootcode is found you will have further options available to you, at this time press N the press Enter twice.
- If nothing unusual is found just press Enter
- A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
- In your next reply, please include the log from MBRChecker.
thanks for the reply, but the link gives me a " 403 Forbidden Access to this resource on the server is denied!" errorSorry for the delay
Welcome to TSF
Please download MBRCheck.exe to your desktop.Thanks
- Be sure to disable your security programs.
- Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
- A window will open on your desktop.
- if an unknown bootcode is found you will have further options available to you, at this time press N the press Enter twice.
- If nothing unusual is found just press Enter
- A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
- In your next reply, please include the log from MBRChecker.
hmm. It worked for me. Can you try downloading it to another computer?
Thanks, now that i'm back it works.hmm. It worked for me. Can you try downloading it to another computer?
The help you're giving is really appreciated.
So there is the file attached
Attachments
-
438 bytes Views: 63
- Double-Click on MBRCheck.exe
- Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:.
- Please press 'Y' key and press Enter.
- When program ask you Enter your Choice: Press '2' (to fix mbr) and press Enter.
- Next prompt "Enter the physical disk number to fix (0-99, -1 to cancel):"
- Press 0 and press Enter
- MBRCheck will show Availiable MBR Codes; followed by a list of operating systems. Please press 1 for Windows XP, then Enter.
- MBRCheck will prompt for confirmation, press Enter.
- Left Click on the Title bar (where program name and path is written).'
- From Menu choose Edit---> Select All.
- Hit the Enter key on your keyboard to copy selected text.
- Paste the text into Notepad, Save it to your Desktop as "MBRCheck results.txt".
- Important!!!! Restart your PC for the fix to take effect.
[*]In your next reply, please include the MBRCheckresults log.
==========================================
Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" .
Do not mouseclick combofix's window while it's running. That may cause it to stall
ok there we go with the logs
Attachments
-
24 KB Views: 79
-
1 KB Views: 75
How is everything running??
![]()
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
Hey, didnt had time yesterday to check, now i tried a few hours, and its all going fine, no more volume drop, no more spam advertising webpages running nor annoying sounds of the browser clicks.
now im going to do the scan!
now im going to do the scan!
ok there is the log.
Thanks again for all the help, i really appreciate the work you do to help us! Thanks!
Thanks again for all the help, i really appreciate the work you do to help us! Thanks!
Attachments
-
1,018 bytes Views: 47
Okay good the mbam scan came back clean. Everything still running okay?
Yes, everything is still running fine.
Thank you!
Thank you!
Go to Start ---> Run ---> Type ComboFix /uninstall and press Enter.
Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.
To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.
======================================
Here is some useful information on keeping your computer clean:
Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.
To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.
======================================
Here is some useful information on keeping your computer clean:
- Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update
- How to update Adobe Acrobat Reader
- On your desktop, double-click on your Adobe icon.
- Click on Help.
- Click on Check for Updates.
- Visit my blog Here to view the video.
- How to update Jave SE Runtime
- Go to Start.
- Click on Control Panel
- Double-Click on the Java icon.
- Click on Update tab
- Click on Update Now.
- Visit my blog Here to view the video.
- Check out Tony Klein's "So how did i get infected in the first place" here
1 - 15 of 15 Posts
- Status
- Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Top Contributors this Month
View All
spunk.funk
137 Replies
wolfen1086
50 Replies
SpywareDr
50 Replies
Recommended Communities
