TechSpot

Generic5 virus

Inactive
By SolSlayer
Jul 11, 2012
  1. Hi, first-time user of this site. Quick background before my logs. I'm helping my mother fix her computer. It's a low-end computer running Windows XP Professional with service pack 3. Recently her virus protection (AVG Free) started catching and quarantining a virus called "Adware Generic5.FXV" and "Adware Generic5.GHC" found in various folders of the hard drive. A full virus didn't stop the attacks, so I found this site and followed the steps.

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.10.14

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Administrator :: KAZE3 [administrator]

    Protection: Enabled

    7/10/2012 11:08:32 PM
    mbam-log-2012-07-10 (23-08-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218906
    Time elapsed: 7 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 19
    HKCR\CLSID\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044464439} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055465539} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0004639.BHO.1 (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCR\CLSID\{22222222-2222-2222-2222-220022462239} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0004639.Sandbox.1 (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0004639.Sandbox (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCR\CLSID\{33333333-3333-3333-3333-330033463339} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0004639.FBApi.1 (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0004639.FBApi (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0004639.BHO (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsApp (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCU\Software\Cr_Installer\4639 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\SAVINGSAPP (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

    Registry Values Detected: 4
    HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 93bbba37b0427d753becabe2d7a6e41b -> Quarantined and deleted successfully.
    HKCU\Software\InstalledBrowserExtensions\215 Apps|4639 (PUP.CrossFire.SA) -> Data: SavingsApp -> Quarantined and deleted successfully.
    HKCU\Software\SavingsApp|ActiveAppId (PUP.CrossFire.SA) -> Data: 4639 -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsApp|Publisher (PUP.CrossFire.SA) -> Data: 215 Apps -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Program Files\SavingsApp (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

    Files Detected: 9
    C:\Program Files\SavingsApp\SavingsApp.dll (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\My Documents\Downloads\jenkatarcade_231.exe (PUP.BundleInstaller.IQ) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsApp\SavingsAppInstaller.log (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsApp\SavingsApp.exe (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsApp\SavingsApp.ico (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsApp\SavingsApp.ini (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsApp\SavingsAppGui.exe (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    C:\Program Files\SavingsApp\Uninstall.exe (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\SavingsApp\Chrome\SavingsApp.crx (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

    (end)
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-11 00:26:26
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD5000AAKB-00H8A0 rev.05.04E05
    Running: 4t8bxcp9.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xB3E2B004]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xB3E2B0D4]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB3E2AD76]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB3E2AE1E]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB3E2AEBA]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB3E2AF56]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? aqwstvc.sys The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7442380, 0x8D6CD5, 0xE8000020]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device B1D55D20

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
    Run by Administrator at 0:28:28 on 2012-07-11
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1508 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    D:\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [PlayNC Launcher]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [GrooveMonitor] "d:\office12\GrooveMonitor.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    IE: E&xport to Microsoft Excel - d:\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\office12\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\office12\REFIEBAR.DLL
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298342794488
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\q3y4tkgx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 301248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-10 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-29 2253120]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-10 22344]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-07-11 03:05:03 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
    2012-07-11 03:04:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-07-11 03:04:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-11 03:04:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-01 03:07:24 -------- d-----w- c:\documents and settings\all users\application data\PC Optimizer Pro
    2012-07-01 02:57:47 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google
    2012-07-01 02:57:32 -------- d-----w- c:\documents and settings\administrator\local settings\application data\SavingsApp
    2012-07-01 02:57:24 -------- d-----w- c:\documents and settings\all users\application data\WeCareReminder
    2012-07-01 02:56:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\RivalGaming
    2012-06-22 19:14:23 -------- d-----w- c:\documents and settings\administrator\application data\NVIDIA
    2012-06-22 19:10:49 -------- d-----w- c:\documents and settings\administrator\application data\.minecraft
    .
    ==================== Find3M ====================
    .
    2012-06-22 02:05:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-22 02:05:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
    2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-20 19:29:52 81920 ----a-w- c:\windows\system32\ieencode.dll
    2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx
    2012-04-19 12:44:57 369664 ----a-w- c:\windows\system32\html.iec
    2012-04-19 08:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    .
    ============= FINISH: 0:29:04.26 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/21/2011 7:50:45 PM
    System Uptime: 7/10/2012 11:20:45 PM (1 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 02X378
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2391/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 54 GiB total, 33.973 GiB free.
    D: is FIXED (NTFS) - 412 GiB total, 383.646 GiB free.
    E: is CDROM (CDFS)
    F: is FIXED (NTFS) - 37 GiB total, 21.994 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP428: 5/5/2012 2:27:48 AM - System Checkpoint
    RP429: 5/6/2012 3:14:13 AM - System Checkpoint
    RP430: 5/7/2012 4:14:13 AM - System Checkpoint
    RP431: 5/8/2012 5:15:19 AM - System Checkpoint
    RP432: 5/9/2012 6:14:14 AM - System Checkpoint
    RP433: 5/10/2012 6:39:15 AM - System Checkpoint
    RP434: 5/11/2012 6:46:38 AM - System Checkpoint
    RP435: 5/12/2012 3:00:39 AM - Software Distribution Service 3.0
    RP436: 5/13/2012 3:47:42 AM - System Checkpoint
    RP437: 5/13/2012 9:17:52 PM - Software Distribution Service 3.0
    RP438: 5/14/2012 9:51:19 PM - System Checkpoint
    RP439: 5/16/2012 12:29:00 AM - System Checkpoint
    RP440: 5/17/2012 12:59:17 AM - System Checkpoint
    RP441: 5/18/2012 1:10:43 AM - System Checkpoint
    RP442: 5/19/2012 2:22:55 AM - System Checkpoint
    RP443: 5/20/2012 3:12:31 AM - System Checkpoint
    RP444: 5/21/2012 4:10:25 AM - System Checkpoint
    RP445: 5/22/2012 5:59:21 PM - System Checkpoint
    RP446: 5/23/2012 6:17:56 PM - System Checkpoint
    RP447: 5/24/2012 6:29:04 PM - System Checkpoint
    RP448: 5/25/2012 7:49:03 PM - System Checkpoint
    RP449: 5/26/2012 9:02:45 PM - System Checkpoint
    RP450: 5/27/2012 9:20:54 PM - System Checkpoint
    RP451: 5/28/2012 10:22:51 PM - System Checkpoint
    RP452: 5/30/2012 12:00:44 AM - System Checkpoint
    RP453: 5/30/2012 6:37:25 PM - Installed AVG 2012
    RP454: 5/30/2012 6:37:35 PM - Removed AVG 2011
    RP455: 5/30/2012 6:38:03 PM - Installed AVG 2012
    RP456: 5/30/2012 6:41:28 PM - Removed AVG 2011
    RP457: 5/31/2012 7:31:40 PM - System Checkpoint
    RP458: 6/1/2012 8:16:31 PM - System Checkpoint
    RP459: 6/2/2012 8:27:56 PM - System Checkpoint
    RP460: 6/4/2012 3:00:16 AM - Software Distribution Service 3.0
    RP461: 6/5/2012 5:04:32 PM - System Checkpoint
    RP462: 6/6/2012 6:11:54 PM - System Checkpoint
    RP463: 6/7/2012 6:38:35 PM - System Checkpoint
    RP464: 6/8/2012 7:45:01 PM - System Checkpoint
    RP465: 6/9/2012 9:25:50 PM - System Checkpoint
    RP466: 6/11/2012 12:40:24 AM - System Checkpoint
    RP467: 6/12/2012 1:06:53 AM - System Checkpoint
    RP468: 6/13/2012 2:05:48 AM - System Checkpoint
    RP469: 6/13/2012 8:53:50 AM - Software Distribution Service 3.0
    RP470: 6/14/2012 9:53:52 AM - System Checkpoint
    RP471: 6/15/2012 9:58:22 AM - System Checkpoint
    RP472: 6/16/2012 10:58:06 AM - System Checkpoint
    RP473: 6/17/2012 11:58:06 AM - System Checkpoint
    RP474: 6/18/2012 6:18:10 PM - System Checkpoint
    RP475: 6/19/2012 10:33:28 PM - System Checkpoint
    RP476: 6/22/2012 7:19:47 AM - System Checkpoint
    RP477: 6/23/2012 8:08:04 AM - System Checkpoint
    RP478: 6/24/2012 8:53:33 AM - System Checkpoint
    RP479: 6/25/2012 6:02:34 PM - System Checkpoint
    RP480: 6/26/2012 10:24:48 PM - System Checkpoint
    RP481: 6/27/2012 10:53:35 PM - System Checkpoint
    RP482: 6/28/2012 11:29:36 PM - System Checkpoint
    RP483: 6/30/2012 2:22:47 AM - System Checkpoint
    RP484: 7/1/2012 3:04:05 AM - System Checkpoint
    RP485: 7/2/2012 3:53:17 AM - System Checkpoint
    RP486: 7/3/2012 5:40:42 AM - System Checkpoint
    RP487: 7/4/2012 12:37:41 PM - System Checkpoint
    RP488: 7/5/2012 3:25:05 PM - System Checkpoint
    RP489: 7/6/2012 6:14:36 PM - System Checkpoint
    RP490: 7/7/2012 7:21:58 PM - System Checkpoint
    RP491: 7/8/2012 7:47:09 PM - System Checkpoint
    RP492: 7/9/2012 10:29:44 PM - System Checkpoint
    RP493: 7/10/2012 7:06:22 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    AiO_Scan
    AVG 2012
    City of Villains/City of Heroes (remove only)
    Combined Community Codec Pack 2010-10-10
    Curse Client
    CWA Reminder by We-Care.com v4.0.19.3
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP PSC & OfficeJet 5.3.B
    Intel(R) PRO Ethernet Adapter and Software
    Java Auto Updater
    Java(TM) 6 Update 31
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft XNA Framework Redistributable 4.0
    Mids' Hero/Villain Designer
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    NCsoft Launcher
    NVIDIA Control Panel 285.58
    NVIDIA Graphics Driver 285.58
    NVIDIA Install Application
    NVIDIA nView 135.95
    NVIDIA nView Desktop Manager
    NVIDIA Update 1.5.20
    NVIDIA Update Components
    OpenOffice.org 3.1
    QFolder
    RivalGaming
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2559049)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2586448)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618444)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647516)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2675157)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2699988)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Skype Click to Call
    Skype™ 5.5
    SoundMAX
    Steam
    swMSM
    Terraria
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Ventrilo Client
    V*****Maps Map Overlay
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    World of Logs Client (4.2)
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/7/2012 5:43:13 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    7/10/2012 6:29:47 PM, error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
    7/10/2012 11:21:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    .
    ==== End Of File ===========================
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  3. SolSlayer

    SolSlayer TS Rookie Topic Starter

    Hi, DMJ, I've followed these next set of instructions but now I need advice. After running ComboFix my computer immediately restarted (and rather quickly too). Upon the restart, no report popped up, and I noticed ComboFix, which I had named "svchost.exe" had been renamed on the desktop to "ComboFix". I went to windows explorer to find the document "C:\Combo-Fix.txt" but it did not exist. Additionally, in my C drive is a symbol of a computer (like My Computer) named ComboFix. Expanding this "folder" shows a mirror of the folders in "My Computer", which I can expand, seemingly infinitely, to reveal the next mirror.
    Basically, I wasn't sure if I should attempt to run ComboFix again in safemode, or re-download/rename it. If you want me to re-download it, should I first delete the existing installer? Or is there something I need to uninstall? Thank you for your time concerning this matter.
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Can you post a screenshot of the "mirroring" that you're seeing, please? This may be a sign of a serious issue within ComboFix, and I can report to the developer, if so...
  5. SolSlayer

    SolSlayer TS Rookie Topic Starter

    Sorry for the delayed reply. Here is a screenshot of what it looks like. Obviously I can expand it further, but this should be sufficient.

    [​IMG]
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I'm reporting this to the developer. Give me at least a couple of days.
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi. I have not worked this out with the developer it seems. :(

    Is the same issue still appearing?
  8. SolSlayer

    SolSlayer TS Rookie Topic Starter

    Hi, yes the "mirroring" issue (is there something better to call this error?) still exists. Sorry for this very delayed response, as I said, it's my mother's computer and I don't live with her. Also, thank you for your efforts with the developer. My theory is that even though AVG was temporarily disabled, upon the automatic restart AVG also restarted and interfered, possibly causing a complication with ComboFix to cause the error.
    At this time all remnants of the virus appear to have gone after a few deep scans, nor is the computer slowed or acting unusual in any way. Because of the error I had to break the standard protocol with cleaning the computer. Therefor, to get an accurate read on the logs I could start from the beginning and post a new set of logs. However, I think that will ultimately lead to the same problem with ComboFix unless you would like to try something else. I'll leave it up to you, as I said, the computer is working just fine, but I can't say with 100% certainty that it's clean. Thanks again.
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okie dokie. Let's see what this finds:

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.