Inactive Trojan horse BackDoor.Generic14.ANNA effecting a system file

[Johnh92]

Hey
I have a Trojan horse BackDoor.Generic14.ANNA on my netbt.sys file and not too sure how to remove

I've gone through the 5 step thread at https://www.techspot.com/community/topics/updated-4-step-viruses-spyware-malware-removal-preliminary-instructions.58138/ and ive got 3 logs from different malware programs it got me to download, but the thread was closed so I couldn't post there.

Hopefully someone can help me

View attachment protection-log-2011-11-29.txt (Malwarebytes' Anti-Malware)
View attachment gmer.log (gmer.exe)
View attachment dds.txt (DDS)

 

[Bobbye]

Welcome to TechSpot! I'll be glad to help you.

The Preliminary Virus and Malware Removal thread HERE. is not for posts. It is the TechSpot Directions only.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

I will review the logs after you have pasted them into your next reply.
Note: There is a second log for the DDS scan. It is named Attach.txt
You do not have to attach it, or zip it- that is only the name of the log. Please include it when the paste the other logs..

You can search the system for it if needed.
========================================
You cn also go ahead and run the following:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[Johnh92]

I'll start by saying THANKYOU for your quick responce

Sorry i didnt see the DO NOT ATTACH LOGS my bad

ok just adding a bit more info to my problems,

I can access my network but i am unable to browse or connect to my internet (wireless or LAN) i have tried different connections as well so its not just my inernet.
so this makes online scans difficult.

ok i shall enter the logs below in order of

1. Malwarebytes' Anti-Malware
2. gmer.exe
3. DDS


Malwarebytes' Anti-Malware
16:36:42 Hunter family MESSAGE Protection started successfully
16:36:47 Hunter family MESSAGE IP Protection started successfully
16:37:37 Hunter family ERROR Scheduled update failed: No address found failed with error code 11004

gmer.exe
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-29 17:04:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBCO
Running: jjgh40tf.exe; Driver: C:\DOCUME~1\HUNTER~1\LOCALS~1\Temp\uwryypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


DDS
DDS.txt
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Hunter family at 17:10:43 on 2011-11-29
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3070.1861 [GMT 11:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ESDUSBMon.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
svchost.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\EpStsSrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uWinlogon: Shell=c:\documents and settings\hunter family\local settings\application data\10808bc6\X
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Megakey] c:\documents and settings\hunter family\local settings\application data\megamedia\megakey\Megakey.exe /Tray
uRun: [MegakeyUpdater] c:\documents and settings\hunter family\local settings\application data\megamedia\megakey\MegakeyUpdater.exe
uRun: [SyncMyCal]
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPSMain] TPSMain.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [FingerPrintNotifer] "c:\program files\truesuite access manager\FpNotifier.exe"
mRun: [UsbMonitor] "c:\program files\truesuite access manager\usbnotify.exe"
mRun: [PwdBank] "c:\program files\truesuite access manager\PwdBank.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [ESDUSBMon.exe] c:\windows\system32\ESDUSBMon.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Toshiba Controls Utility] "c:\program files\toshiba\controls\VolumeIndicator.exe"
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266683505640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{C1574F6E-AD9E-483E-A24C-E0C7761A651A} : NameServer = 192.168.5.100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 192.168.100.254 abpt-serv
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hunter family\application data\mozilla\firefox\profiles\uv8leebd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?q=
FF - component: c:\documents and settings\hunter family\application data\mozilla\firefox\profiles\uv8leebd.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\hunter family\application data\mozilla\firefox\profiles\uv8leebd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\hunter family\application data\mozilla\firefox\profiles\uv8leebd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\hunter family\application data\mozilla\firefox\profiles\uv8leebd.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2009-9-23 42608]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-10-13 232512]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-1-7 18816]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-2-20 14336]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2009-9-23 46084]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 261036]
R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
R2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [2006-5-11 95485]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-4 1352728]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-29 366152]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 497600]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80532]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-2-20 14336]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-27 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-20 134016]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-9 810940]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-2-1 732160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-29 22216]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-12-31 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-12-31 43608]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-5-29 6912]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-25 127032]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-14 1025352]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-9-23 106496]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-25 127032]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-6-15 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\30.tmp --> c:\windows\system32\30.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-11-29 05:36:03 -------- d-----w- c:\documents and settings\hunter family\application data\Malwarebytes
2011-11-29 05:35:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-29 05:35:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 05:35:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 07:11:54 48016 --sha-w- c:\windows\system32\c_91531.nl_
2011-11-02 22:34:59 -------- d-sh--w- c:\documents and settings\hunter family\local settings\application data\10808bc6
.
==================== Find3M ====================
.
2011-11-11 07:23:31 1004 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-11-09 01:48:10 120280 ----a-w- c:\windows\system32\TODDSrv.exe
2011-11-09 01:48:09 169288 ----a-w- c:\windows\system32\PSIService.exe
2011-11-09 01:47:59 74768 ----a-w- c:\windows\system32\EpStsSrv.exe
2011-11-09 01:47:59 509496 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-09 01:47:59 46084 ----a-w- c:\windows\system32\TAMSvr.exe
2011-11-09 01:47:43 185608 ----a-w- c:\windows\system32\ESDUSBMon.exe
2011-11-08 11:14:03 162816 ----a-w- c:\windows\system32\drivers\`
2011-10-13 06:59:43 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-26 00:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 00:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 00:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-18 08:49:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-17 04:36:44 24048 ----a-w- c:\windows\system32\AlfaFF.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 17:11:39.42 ===============


Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 23/09/2009 1:25:39 PM
System Uptime: 30/11/2011 4:49:59 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Satellite Pro P300
Processor: Intel Pentium III processor | U2E1 | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 10.9 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP455: 31/08/2011 8:26:30 PM - System Checkpoint
RP456: 1/09/2011 2:04:17 PM - Removed Adobe Reader 9.4.5.
RP457: 1/09/2011 2:08:17 PM - Installed Adobe Reader X (10.1.0).
RP458: 4/09/2011 5:12:43 PM - System Checkpoint
RP459: 5/09/2011 5:14:17 PM - System Checkpoint
RP460: 6/09/2011 4:04:02 PM - Installed DirectX
RP461: 8/09/2011 9:16:42 AM - Software Distribution Service 3.0
RP462: 9/09/2011 10:56:43 AM - System Checkpoint
RP463: 10/09/2011 1:16:26 PM - System Checkpoint
RP464: 11/09/2011 2:32:55 PM - System Checkpoint
RP465: 12/09/2011 9:20:26 PM - System Checkpoint
RP466: 14/09/2011 10:08:44 AM - System Checkpoint
RP467: 14/09/2011 4:04:25 PM - Installed Steam
RP468: 15/09/2011 10:43:52 AM - Software Distribution Service 3.0
RP469: 17/09/2011 12:04:15 PM - System Checkpoint
RP470: 18/09/2011 7:16:30 PM - Removed WinZip 14.5
RP471: 20/09/2011 10:17:51 PM - System Checkpoint
RP472: 26/09/2011 7:48:41 PM - System Checkpoint
RP473: 26/09/2011 10:17:20 PM - Configured Far Cry
RP474: 26/09/2011 10:35:45 PM - Installed League of Legends
RP475: 28/09/2011 8:02:52 PM - System Checkpoint
RP476: 30/09/2011 11:49:11 AM - Software Distribution Service 3.0
RP477: 1/10/2011 12:38:58 PM - Removed Hexen II
RP478: 1/10/2011 12:40:06 PM - Removed RuneScape
RP479: 1/10/2011 12:40:24 PM - Removed RS2Bot
RP480: 2/10/2011 8:19:37 PM - System Checkpoint
RP481: 6/10/2011 12:23:47 PM - System Checkpoint
RP482: 7/10/2011 12:42:42 PM - System Checkpoint
RP483: 12/10/2011 1:24:53 PM - System Checkpoint
RP484: 13/10/2011 4:45:14 PM - System Checkpoint
RP485: 13/10/2011 6:38:57 PM - Installed Neverwinter Nights
RP486: 13/10/2011 7:55:27 PM - Installed Neverwinter Nights: Shadows of Undrentide
RP487: 13/10/2011 8:08:47 PM - Installed Neverwinter Nights: Hordes of the Underdark
RP488: 13/10/2011 8:22:33 PM - Software Distribution Service 3.0
RP489: 13/10/2011 11:01:44 PM - Installed DirectX
RP490: 15/10/2011 12:21:53 PM - System Checkpoint
RP491: 22/10/2011 8:28:02 PM - System Checkpoint
RP492: 24/10/2011 10:57:13 AM - System Checkpoint
RP493: 28/10/2011 10:05:23 PM - System Checkpoint
RP494: 30/10/2011 5:01:03 PM - System Checkpoint
RP495: 6/11/2011 9:23:28 PM - System Checkpoint
RP496: 8/11/2011 5:23:24 PM - Software Distribution Service 3.0
RP497: 11/11/2011 10:51:49 PM - System Checkpoint
RP498: 13/11/2011 8:31:51 PM - System Checkpoint
RP499: 25/11/2011 12:57:47 PM - System Checkpoint
RP500: 25/11/2011 3:18:15 PM - Removed League of Legends
RP501: 27/11/2011 7:49:39 PM - System Checkpoint
RP502: 28/11/2011 10:14:37 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.10 beta
A Game of Thrones - Genesis
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.3.0 - CPSID_52073
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Premium
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader X (10.1.1)
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Display Driver
µTorrent
AVG 2011
Bluetooth Stack for Windows by Toshiba
Bonjour
Boris Graffiti
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Conduit Engine
Conexant HD Audio
Corel Paint Shop Pro Photo X2
Corel Painter Photo Essentials 4
DAEMON Tools Lite
DVD Decrypter (Remove Only)
EPSON Advanced Printer Driver 3
Free PDF to Word Doc Converter v1.1
Freecorder
Freecorder Toolbar
FreeUndelete
Garmin MapSource
GO Contact Sync
Google Earth
Google Update Helper
Half-Life: Opposing Force Demo
HDAUDIO Soft Data Fax Modem with SmartCP
High-Definition Video Playback
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Install Network Printer Wizard
HP USB Disk Storage Format Tool
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
ImgBurn
Intel PROSet Wireless
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless WiFi Software
InterVideo WinDVD for TOSHIBA
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 3
LibreOffice 3.4
Little Fighter 2 version 2.0a
LogMeIn Hamachi
Magic Bullet Looks Studio
Malwarebytes' Anti-Malware version 1.51.2.1300
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MouseWare 9.76
Mozilla Firefox 6.0.2 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6 Service Pack 2 (KB954459)
Nero
Nero 10 ClipartPack
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack 1
Nero 10 Movie ThemePack 2
Nero 10 Movie ThemePack 3
Nero 10 Movie ThemePack 4
Nero 10 Movie ThemePack Basic
Nero 10 PiP EffectPack 1
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero 10 Video TransitionPack 1
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10 Platinum HD
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Neverwinter Nights
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
Pando Media Booster
PC Wizard 2010.1.93
PDF Settings CS5
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Video Driver
PL-2303 USB-to-Serial
Presto! BizCard 5 SE (English Version)
Presto! BizCard Component for Windows CE
Presto! BizCard5 SE
PrimoPDF -- brought to you by Nitro PDF Software
proDAD Vitascene 1.0
QuickPar 0.9
QuickTime
Realtek High Definition Audio Driver
Rise of Immortals
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SES Driver
shonkymaps
Skins
Skype Click to Call
Skype™ 5.5
Softalk Share Server Client
Sophos Anti-Rootkit 1.5.0
Spelling Dictionaries Support For Adobe Reader 9
Steam
SUPER © Version 2009.bld.36 (June 10, 2009)
Synaptics Pointing Device Driver
SyncMyCal
theWord
TightVNC 2.0.2
TOSHIBA Assist
Toshiba Controls Utility
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
Toshiba Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Touchpad Utility
Toshiba Utility
TOSHIBA Zooming Utility
Tracks4Australia 1.20
TrueSuite Access Manager
TuneUp Companion 2.2.4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
VNC Free Edition 4.1.3
Warcraft III Reign of Chaos & The Frozen Throne
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
27/11/2011 8:49:56 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
27/11/2011 7:49:56 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
27/11/2011 7:19:56 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
25/11/2011 3:18:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
25/11/2011 3:17:03 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
25/11/2011 3:15:12 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.
25/11/2011 3:15:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TOSHIBA Bluetooth Service service to connect.
25/11/2011 3:15:08 PM, error: Service Control Manager [7000] - The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/11/2011 3:14:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
25/11/2011 3:14:18 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25/11/2011 3:13:10 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
.
==== End Of File ===========================

 

[Bobbye]

You're welcome- sometimes I see new thread as I come on TechSpot and get it started. Keep in mind that checking the logs does not go as quickly.

This is puzzling:

I can access my network but i am unable to browse or connect to my internet (wireless or LAN)

Please explain> my network
=======================================
I am uncertain as to what you mean for the Mbam.
Malwarebytes' Anti-Malware> Please download this to a flash drive, then connect and run on the problem computer.[/b]

This will work for any other program I give you- we will hold off on the Eset Online Virus scan for now as that does require a connection.
------------------------------------------------
AVG will have to be removed temporarily to run Combofix:
Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  You will not be able to load the Recovery Console when using the flash drive.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
================================
Depending on what I see in Mbam, I will give you specific information about a Backdoor malware.

 

[Johnh92]

ok firstly with the Malwarebytes' Anti-Malware log i gave (if thats what ur talking about) i am re running the scan and will repost the log just incase i didnt get the right thing :S

"Please explain> my network"

I have a network set up at home and work, like i can conncent to other computers through thsi network, and I can normally connect to the internet when im on my network but for some reason it wont connect to the internet through wireless or through a LAN cabel.

also my Malwarebytes program is not uptodate because im not connected to the internet, i downloaded it two days ago so it cant be to out of date... but im not sure if that will make a difference or not to the log.

 

[Johnh92]

not sure what i copies as the log but here is the real log


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/12/2011 2:18:14 PM
mbam-log-2011-12-01 (14-18-08).txt

Scan type: Quick scan
Objects scanned: 217747
Time elapsed: 28 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Johnh92]

damn, this sucks not having internet its making things much harder!

ok with combofix it works and scans and coming back witha messgae saying

"This machine does not have the 'Microsoft Windows recovery console' installed. alternately, an existing installation of the recovery console maybe be present but requires updating.

without it, Combofix shall not attempt the fixing of some serious infections.

Click "Yes" to have ComvoFix Download/Install it.

NOTE: this requires an active internet connection."

(wondering should i search for it on google? or can i download it from another computer and tansfer it? )

so no i click no (because no internt)

it scanned and then came up witha message saying something about a cirtical system file is infected and it didnt want to do anything about it...

THEN

for some reason i continued and exited it and reran the scan... it scanned for a lot longer and then proceeded to deleat 2 dozen files or more and then it found my netbt.sys and said it was infected with a serious virus and it said it fixed it.

now it rebooted the system and i shall post the log. and then scan the system again.

and here is the log

ComboFix 11-11-30.03 - Hunter family 01/12/2011 14:43:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3070.2207 [GMT 11:00]
Running from: c:\documents and settings\Hunter family\Desktop\Virus\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\~WRD3954.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Hunter family\Application Data\.#
c:\documents and settings\Hunter family\Application Data\PriceGong
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Hunter family\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6\U
c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6\U\80000000.@
c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6\U\800000cb.@
c:\documents and settings\Hunter family\Local Settings\Application Data\Megamedia\Megakey\Megakey.exe /Tray
c:\documents and settings\Hunter family\Local Settings\Application Data\Megamedia\Megakey\MegakeyUpdater.exe
c:\documents and settings\Hunter family\WINDOWS
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\CSC\d6
c:\windows\system32\
c:\windows\system32\c_91531.nl_
c:\windows\system32\drivers\`
c:\windows\system32\usmt\migwiz_a.exe
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\netbt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_10808bc6
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-11-29 05:36 . 2011-11-29 05:36 -------- d-----w- c:\documents and settings\Hunter family\Application Data\Malwarebytes
2011-11-29 05:35 . 2011-11-29 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-29 05:35 . 2011-08-31 06:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 05:35 . 2011-11-29 05:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 11:42 . 2011-11-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-11-08 11:42 . 2011-11-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-11-02 22:34 . 2011-12-01 03:52 -------- d-sh--w- c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 07:23 . 2009-09-24 13:09 1004 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-11-09 01:48 . 2008-02-20 01:25 120280 ----a-w- c:\windows\system32\TODDSrv.exe
2011-11-09 01:48 . 2007-06-05 03:20 169288 ----a-w- c:\windows\system32\PSIService.exe
2011-11-09 01:47 . 2009-11-16 00:07 74768 ----a-w- c:\windows\system32\EpStsSrv.exe
2011-11-09 01:47 . 2009-09-23 03:25 46084 ----a-w- c:\windows\system32\TAMSvr.exe
2011-11-09 01:47 . 2008-03-04 22:35 509496 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-09 01:47 . 2009-11-16 00:07 185608 ----a-w- c:\windows\system32\ESDUSBMon.exe
2011-10-13 06:59 . 2011-10-13 06:59 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-26 00:41 . 2008-07-29 09:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 00:41 . 2008-02-19 16:43 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 00:41 . 2008-02-19 16:43 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-18 08:49 . 2011-06-24 00:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-17 04:36 . 2011-09-17 04:36 24048 ----a-w- c:\windows\system32\AlfaFF.dll
2011-09-09 09:12 . 2008-02-19 16:43 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2008-02-19 16:43 1858944 ------w- c:\windows\system32\win32k.sys
2011-09-07 23:50 . 2011-03-22 11:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 01:40 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-14 3077528]
"Steam"="c:\program files\Steam\Steam.exe" [2011-09-14 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TPSMain"="TPSMain.exe" [2008-01-28 268152]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-02-29 671744]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-02-01 3150848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2011-11-09 185608]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-03 19968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1024000]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-01-31 77824]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-08 1773568]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-01-19 1392640]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1206544]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2011-11-09 810940]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-21 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-02-28 09:42 180224 ------w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Install Network Printer Wizard\\hpjsi.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\OUTLOOK.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Hunter family\\Desktop\\John\\GAMES\\aoe\\age2_x1.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Petroglyph\\Rise of Immortals\\RoIClientR.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\a game of thrones\\Agot.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:RPC
"59137:TCP"= 59137:TCPando Media Booster
"59137:UDP"= 59137:UDPando Media Booster
.
R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [23/09/2009 2:25 PM 42608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13/10/2011 5:59 PM 232512]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [7/01/2010 12:20 PM 18816]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [20/02/2008 3:43 AM 14336]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [23/09/2009 2:25 PM 46084]
R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
R2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [11/05/2006 10:51 AM 95485]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4/08/2011 3:34 PM 1352728]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29/11/2011 4:35 PM 366152]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4/05/2010 12:07 PM 497600]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16/09/2010 2:06 PM 80532]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [20/02/2008 3:43 AM 14336]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [27/03/2007 7:22 AM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [20/02/2007 7:15 AM 134016]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [9/07/2010 12:28 AM 810940]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [1/02/2008 7:18 AM 732160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/11/2011 4:35 PM 22216]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [31/12/2009 6:11 PM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [31/12/2009 6:11 PM 43608]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29/05/2007 5:01 AM 6912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25/10/2009 3:13 PM 127032]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [23/09/2009 2:25 PM 106496]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25/10/2009 3:13 PM 127032]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [15/06/2010 6:58 PM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 6:01 PM 21248]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\30.tmp --> c:\windows\system32\30.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 2:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 5:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RPCQT
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-BETH_LAPTOP-Hunter family.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-08-22 17:44]
.
2011-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 01:48]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 01:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: Interfaces\{C1574F6E-AD9E-483E-A24C-E0C7761A651A}: NameServer = 192.168.5.100
FF - ProfilePath - c:\documents and settings\Hunter family\Application Data\Mozilla\Firefox\Profiles\uv8leebd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Megakey - c:\documents and settings\Hunter family\Local Settings\Application Data\Megamedia\Megakey\Megakey.exe
HKCU-Run-MegakeyUpdater - c:\documents and settings\Hunter family\Local Settings\Application Data\Megamedia\Megakey\MegakeyUpdater.exe
HKCU-Run-SyncMyCal - (no file)
AddRemove-Little Fighter 2 - c:\documents and settings\Hunter family\Desktop\GAMES\LittleFighter2\uninst.exe
AddRemove-RiseOfImmortals - c:\program files\Petroglyph\Rise of Immortals\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-01 15:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\30.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\TrueSuite Access Manager\FpSuites.dll
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(5584)
c:\windows\system32\WININET.dll
c:\documents and settings\Hunter family\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\program files\TrueSuite Access Manager\CssSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\Logi_MwX.Exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\EpStsSrv.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\TODDSrv.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-01 15:07:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 04:07
.
Pre-Run: 12,638,085,120 bytes free
Post-Run: 21,625,573,376 bytes free
.
- - End Of File - - 63D579AEC36385CDF7A32D6FBDBB03BC

 

[Johnh92]

ok now ive done another scan with Malwarebytes and its come abck saying everything is clean


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/12/2011 3:15:02 PM
mbam-log-2011-12-01 (15-15-02).txt

Scan type: Quick scan
Objects scanned: 188662
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Bobbye]

Regarding this:

i have a Trojan horse BackDoor.Generic14.ANNA on my netbt.sys file and not too sure how to remove

It was replaced in Combofix:

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\netbt.sys

Regarding this:

"This machine does not have the 'Microsoft Windows recovery console' installed. alternately, an existing installation of the recovery console maybe be present but requires updating.

If you had read my directions carefully, you would have seen this in the Combofix instructions:

You will not be able to load the Recovery Console when using the flash drive.

Regarding this:

Mbam Database version: 7622

Two days ago the Mbam database was way over 8000, so it was longer that 2 days.
=====================================
It would be best if you follow my directions, including the order of the scans. Please slow down and read all of the directions carefully.
====================================
Please take a minute to read this:
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Many members who post here cannot access the internet. It's a common problem with malware, although sometimes it's caused by a system problem. While using a flash drive to download the scanning programs may be inconvenient, it will be the only way to try and clean the system.

Some functions can't be done without internet access> online virus scans & installing the Recovery Console, for example. We expect that and try to work around it. Sometimes we anticipate a problem such as the Recovery Console and try to warn the member. That's why it's very important that you read and follow all of the directions.

You are have way too many processes running- processes that only need to run when the program is actively being used. Burning software, camera software, media players, games> these don't need to start on boot and then run in the background using the system resources. That will slow you down and more connections will leave the system more vulnerable.
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
In the first Mbam scan, the results show No action taken. That means that although entries were found, you did not check this line:

[*] Be sure that everything is checked, and click Remove Selected.

Now you post another log that is clean, but not the most current database.
======================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

KillAll::
File::
c:\windows\system32\30.tmp
Folder::
c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6
DDS::
uWinlogon: Shell=c:\documents and settings\hunter family\local settings\application data\10808bc6\X
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Megakey] c:\documents and settings\hunter family\local settings\application data\megamedia\megakey\Megakey.exe /Tray
uRun: [MegakeyUpdater] c:\documents and settings\hunter family\local settings\application data\megamedia\megakey\MegakeyUpdater.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
ClearJavaCache::
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"135:TCP"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=-
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
Driver::
MEMSWEEP2
CreateSystemRestore::
Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.

 

[Johnh92]

ok sorry ive been crazy busy and havnt been able to reply.

i guess i just didnt have the settings right because ive had a mate play with my network settings and now my net is fine.

ok so heres the log from ComboFix that you asked for


ComboFix 11-12-04.04 - Hunter family 05/12/2011 11:53:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3070.2257 [GMT 11:00]
Running from: c:\documents and settings\Hunter family\Desktop\Virus\ComboFix.exe
Command switches used :: c:\documents and settings\Hunter family\Desktop\Virus\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\30.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6
c:\documents and settings\Hunter family\Local Settings\Application Data\10808bc6\@
c:\program files\conduitengine\prxConduitEngine.dll
c:\program files\freecorder\FLVSrvc.exe
c:\program files\freecorder\prxtbFre0.dll
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-01 10:58 . 2011-12-01 10:59 -------- d-----w- c:\documents and settings\Hunter family\Local Settings\Application Data\Akamai
2011-12-01 04:16 . 2011-12-01 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-29 05:36 . 2011-11-29 05:36 -------- d-----w- c:\documents and settings\Hunter family\Application Data\Malwarebytes
2011-11-29 05:35 . 2011-11-29 05:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-29 05:35 . 2011-08-31 06:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 05:35 . 2011-11-29 05:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 11:42 . 2011-11-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-11-08 11:42 . 2011-11-08 11:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 07:23 . 2009-09-24 13:09 1004 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-11-09 01:48 . 2008-02-20 01:25 120280 ----a-w- c:\windows\system32\TODDSrv.exe
2011-11-09 01:48 . 2007-06-05 03:20 169288 ----a-w- c:\windows\system32\PSIService.exe
2011-11-09 01:47 . 2009-11-16 00:07 74768 ----a-w- c:\windows\system32\EpStsSrv.exe
2011-11-09 01:47 . 2009-09-23 03:25 46084 ----a-w- c:\windows\system32\TAMSvr.exe
2011-11-09 01:47 . 2008-03-04 22:35 509496 ----a-w- c:\windows\system32\ati2evxx.exe
2011-11-09 01:47 . 2009-11-16 00:07 185608 ----a-w- c:\windows\system32\ESDUSBMon.exe
2011-10-13 06:59 . 2011-10-13 06:59 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-10 14:22 . 2008-02-20 00:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-02-19 16:43 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 00:41 . 2008-07-29 09:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 00:41 . 2008-02-19 16:43 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 00:41 . 2008-02-19 16:43 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-18 08:49 . 2011-06-24 00:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-17 04:36 . 2011-09-17 04:36 24048 ----a-w- c:\windows\system32\AlfaFF.dll
2011-09-06 13:20 . 2008-02-19 16:43 1858944 ------w- c:\windows\system32\win32k.sys
2011-09-07 23:50 . 2011-03-22 11:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-01_04.00.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-05 01:14 . 2011-12-05 01:14 16384 c:\windows\Temp\Perflib_Perfdata_cc0.dat
+ 2011-12-05 01:13 . 2011-12-05 01:13 16384 c:\windows\Temp\Perflib_Perfdata_818.dat
+ 2011-06-10 14:58 . 2011-06-10 14:58 51024 c:\windows\system32\vcomp100.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 81744 c:\windows\system32\mfcm100u.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 81744 c:\windows\system32\mfcm100.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 43344 c:\windows\system32\mfc100kor.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 64336 c:\windows\system32\mfc100fra.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 63824 c:\windows\system32\mfc100esn.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 64336 c:\windows\system32\mfc100deu.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 36176 c:\windows\system32\mfc100chs.dll
+ 2011-12-04 23:20 . 2011-11-28 17:52 52952 c:\windows\system32\drivers\aswTdi.sys
+ 2011-12-04 23:20 . 2011-11-28 17:52 34392 c:\windows\system32\drivers\aswRdr.sys
+ 2011-12-04 23:20 . 2011-11-28 17:51 20568 c:\windows\system32\drivers\aswFsBlk.sys
+ 2011-12-04 23:20 . 2011-11-28 17:48 30808 c:\windows\system32\drivers\aavmker4.sys
+ 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-12-01 11:06 . 2011-12-01 11:06 65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2011-12-04 23:20 . 2011-11-28 18:01 41184 c:\windows\avastSS.scr
+ 2011-06-10 14:58 . 2011-06-10 14:58 773968 c:\windows\system32\msvcr100.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 421200 c:\windows\system32\msvcp100.dll
+ 2011-12-04 23:20 . 2011-11-28 17:53 314456 c:\windows\system32\drivers\aswSP.sys
+ 2011-12-04 23:20 . 2011-11-28 17:53 435032 c:\windows\system32\drivers\aswSnx.sys
+ 2011-12-04 23:20 . 2011-11-28 17:52 111320 c:\windows\system32\drivers\aswmon2.sys
+ 2011-12-04 23:20 . 2011-11-28 17:51 105176 c:\windows\system32\drivers\aswmon.sys
+ 2009-09-23 22:56 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-09-23 22:56 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 138056 c:\windows\system32\atl100.dll
+ 2011-12-04 23:20 . 2011-11-28 18:01 199816 c:\windows\system32\aswBoot.exe
+ 2011-12-01 04:37 . 2011-12-01 04:37 160768 c:\windows\Installer\cb158.msi
+ 2011-12-04 23:20 . 2011-12-04 23:20 219648 c:\windows\Installer\11a03299.msi
+ 2011-06-10 14:58 . 2011-06-10 14:58 4422992 c:\windows\system32\mfc100u.dll
+ 2011-06-10 14:58 . 2011-06-10 14:58 4397384 c:\windows\system32\mfc100.dll
+ 2011-06-28 10:27 . 2011-06-28 10:27 4028928 c:\windows\Installer\7ebf98.msp
+ 2011-12-01 11:06 . 2011-12-01 11:06 1435136 c:\windows\Installer\641f3.msi
+ 2009-10-01 22:38 . 2011-12-01 13:07 50295240 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2007-04-20 01:40 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-14 3077528]
"Steam"="c:\program files\Steam\Steam.exe" [2011-09-14 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="c:\documents and settings\Hunter family\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-16 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TPSMain"="TPSMain.exe" [2008-01-28 268152]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-02-29 671744]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-02-01 3150848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"ESDUSBMon.exe"="c:\windows\system32\ESDUSBMon.exe" [2011-11-09 185608]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-03 19968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1024000]
"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-01-31 77824]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-08 1773568]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-01-19 1392640]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1206544]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2011-11-09 810940]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-21 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-02-28 09:42 180224 ------w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Install Network Printer Wizard\\hpjsi.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\OUTLOOK.EXE"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Hunter family\\Desktop\\John\\GAMES\\aoe\\age2_x1.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Petroglyph\\Rise of Immortals\\RoIClientR.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Hunter family\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\a game of thrones\\Agot.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:RPC
"59137:TCP"= 59137:TCPando Media Booster
"59137:UDP"= 59137:UDPando Media Booster
"1053:TCP"= 1053:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [23/09/2009 2:25 PM 42608]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/12/2011 10:20 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/12/2011 10:20 AM 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [13/10/2011 5:59 PM 232512]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [7/01/2010 12:20 PM 18816]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [20/02/2008 3:43 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/12/2011 10:20 AM 20568]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [23/09/2009 2:25 PM 46084]
R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service;EpStsSrv.exe --> EpStsSrv.exe [?]
R2 Esdpdx01;Esdpdx01;c:\windows\system32\drivers\ESDPDX01.SYS [11/05/2006 10:51 AM 95485]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [4/08/2011 3:34 PM 1352728]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29/11/2011 4:35 PM 366152]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4/05/2010 12:07 PM 497600]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16/09/2010 2:06 PM 80532]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [20/02/2008 3:43 AM 14336]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [27/03/2007 7:22 AM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [20/02/2007 7:15 AM 134016]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [9/07/2010 12:28 AM 810940]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [1/02/2008 7:18 AM 732160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/11/2011 4:35 PM 22216]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [31/12/2009 6:11 PM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [31/12/2009 6:11 PM 43608]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29/05/2007 5:01 AM 6912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25/10/2009 3:13 PM 127032]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [23/09/2009 2:25 PM 106496]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25/10/2009 3:13 PM 127032]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [15/06/2010 6:58 PM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 6:01 PM 21248]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 2:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 5:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RPCQT
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-BETH_LAPTOP-Hunter family.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-08-22 17:44]
.
2011-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 01:48]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 01:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: Interfaces\{9880B83F-3412-415B-B6DD-27CF4EC45AC5}: NameServer = 192.168.100.1
TCP: Interfaces\{C1574F6E-AD9E-483E-A24C-E0C7761A651A}: NameServer = 192.168.5.100
FF - ProfilePath - c:\documents and settings\Hunter family\Application Data\Mozilla\Firefox\Profiles\uv8leebd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com.au/search?q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-05 12:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\TrueSuite Access Manager\FpSuites.dll
c:\program files\TrueSuite Access Manager\SharedResources.dll
c:\program files\TrueSuite Access Manager\FPResource.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\program files\TrueSuite Access Manager\CssSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\Logi_MwX.Exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\EpStsSrv.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-12-05 12:22:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-05 01:22
ComboFix2.txt 2011-12-01 04:07
.
Pre-Run: 21,034,065,920 bytes free
Post-Run: 21,280,391,168 bytes free
.
- - End Of File - - 4A569AB0E615EE90DEEB9A26E627B4EE


im at work so i'll just start scanning my computer and then if u want it i can log that as well

 

[Bobbye]

Okay, since you can now access the internet, let's go with these:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================
Read this carefully please:
Update and rescan with Malwarebytes: The current database is above 8000. If Mbam does not update correctly, uninstall it, then reinstall from HERE. Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

When scan has finished, you will see this image:

• Click on OK to close box and continue.
• Click on the Show Results button.
• Click on the Remove Selected button to remove all the listed malware.
• At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.

=============================================
Please tell me what problems remain, if any.

 

[Johnh92]

ok

so the other day after i first used combofix it said my computer was clean,

and somehow i keep getting viruses, even before i was connected to the internet,

does that mean that i have a virus and its making more viruses?

alright now i have updated my Malwarebytes and scanned today and heres the log, it came back with 3 viruses

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8313

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/12/2011 8:30:30 AM
mbam-log-2011-12-06 (08-30-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 449393
Time elapsed: 5 hour(s), 28 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\qoobox\quarantine\c\documents and settings\hunter family\local settings\application data\10808bc6\u\80000000.@.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\documents and settings\hunter family\local settings\application data\10808bc6\u\800000cb.@.vir (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\windows\system32\c_91531.nl_.vir (Backdoor.0Access) -> Quarantined and deleted successfully.





next is the online scan, i started it yesterday and it had been running for 4 hours and had done 55% and i went away from my laptop and someone tok out the power, so ive re scanned today and heres the log for that.

umm nope, wow im sorry i really am hopeless, i was sure i saved the log but when i open the readme it just has:

C:\System Volume Information\_restore{233BEA63-C0D4-46EF-8798-50C0E8520D96}\RP482\A0134894.exe a variant of Win32/RegistryBooster application

i shall rescan using the online scan again and get back to you.

 

[Johnh92]

so that log i got from the online scan was the whole log? because thats what i got when i rescanned it aswell.

said i had a registery booster. well thats no fun

 

[Bobbye]

John, both of these logs show no new malware>>

Qoobox is where Combofix sends the quarantined files. That shows in Mbam. These are no longer active in the system and will be removed when I have you uninstall Combofix.

The one entry from the Eset scan is in the System Volume folder. That's where the restore points are kept. These are also no longer active in the system. At the end of cleaning, I have you drop the old restore points and set a new clean one. The only way this could affect the system is if you did a System Restore and 'happened' to choose that particular one. Since you are instructed not to do a System Restore during cleaning, this should not be an issue.

Unfortunately, these scans aren't written to not show entries in these locations. It can be confusing to the user, but is easily explained by your helper.
===============================
About this:

so the other day after i first used combofix it said my computer was clean,

Combofix does not show whether the system is clean> it will quarantine and delete some entries programed into the program itself, but it's my job to look over the other entries in the log and determine if any more need to be removed.

For that, I write script that you will run through Combofix. I have started writing your script but I don't have time this morning to finish. I will do that early this afternoon. Please hold off on doing downloads, installs or updates (Except the AV) until then.

The system is looking good, but I have some concern about the previously removed Backdoor entries. I will probably have you run another scan to help rule out any related processes. Keep in mind though, that a Backdoor is just what it says: a way into the system.

FYI:

A backdoor is a method of bypassing normal authentication procedures. Once a system has been compromised, one or more backdoors may be installed in order to allow easier access in the future. Backdoors may also be installed prior to malicious software, to allow attackers entry.

Active backdoors originate outbound connections to one or more hosts
Passive backdoors listen on one or more ports for incoming connections from one or more host

I need to know exactly what, if any problems you now notice.

 

[Johnh92]

i havnt noticed mant problems.

the only thing that comes to mind is when the computer starts up it sometimes freezes or just goes black (this is after the login page)

ive tried Ctrl+Alt+Del and Alt+TAB and Windows+D and others that might trigger soemthing but nothing happens. also the CPU isnt doing anything at this stage (or so the little light on the front of my laptop tells me

not sure if this is a virus or if my computer is being annoying.

i appreciate all teh work and effort you have put in for me and again with writing me a script. thankyou.

 

[Bobbye]

You're welcome. Glad to help.

So the network/internet access problem has been resolved? There were 2 errors from the Event Viewer indicating the router might have gone bad.
=========================================
About this:

when the computer starts up it sometimes freezes or just goes black (this is after the login page)

The next time this happens, look at the computer clock and note the time (write it down). Errors are time coded so let's look for a 'reason."

Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe to run.

• 
  Select log to query, select
• Application
• System
  
  Under Select type to list, select:
• Critical (Vista only)
• Error
  
  Click the radio button for Number of events
• Type 10 in the 1 to 20 box
• Then click the Run button.
• Notepad will open with the output log.
  
  Load the log
• In Notepad, click Edit> Select all
• Then press Edit > Copy
• Press Ctrl+V on your keyboard to paste the log to your next reply.

==================================
Did you let the Recovery Console install when you ran Combofix again> If not, we need to install it so let me know.
================================
I'd like you to verify this for me:
Your subject:
Trojan horse BackDoor.Generic14.ANNA... (effecting a system file>> was this netbt.sys file?)
Are you sure the name spelling wasn't this:
Trojan horse BackDoor.Generic14.ANAA

I'd like to be sure of exactly what you got after 'BackDoor.Generic14'
----------------------
About the Registry Booster: At some point, your either installed or scanned on the Uniblue Registry Booster. It generated an entry that refers to it being a PUP or Potentially Unwanted Programo. We don't recommend Registry cleaners to any one, s be sure to check Add/Remove Programs in the Control Panel and uninstall it if found. Also, use Windows Explorer> My Computer> Local Drive(C)> Programs> look for folder named Registry Booster or Uniblue. If found, do a right click> Delete to remove. was removed at some previous time.

 

[Johnh92]

ok heres the log for VEW but i have XP so i couldnt select "Critical"

Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/12/2011 1:04:44 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/12/2011 10:30:22 PM
Type: error Category: 0
Event: 1 Source: WinVNC4
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Log: 'Application' Date/Time: 10/12/2011 10:30:22 PM
Type: error Category: 0
Event: 1 Source: WinVNC4
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Log: 'Application' Date/Time: 10/12/2011 10:14:52 PM
Type: error Category: 0
Event: 1 Source: WinVNC4
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Log: 'Application' Date/Time: 10/12/2011 10:14:52 PM
Type: error Category: 0
Event: 1 Source: WinVNC4
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Log: 'Application' Date/Time: 10/12/2011 9:41:53 PM
Type: error Category: 0
Event: 1 Source: WinVNC4
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Log: 'Application' Date/Time: 10/12/2011 9:41:53 PM
Type: error Category: 0
Event: 1 Source: WinVNC4
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Log: 'Application' Date/Time: 10/12/2011 9:32:30 PM
Type: error Category: 0
Event: 1 Source: WinVNC4
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Log: 'Application' Date/Time: 10/12/2011 9:32:30 PM
Type: error Category: 0
Event: 1 Source: WinVNC4
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted. (10048)

Log: 'Application' Date/Time: 07/12/2011 6:44:19 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 3922

Log: 'Application' Date/Time: 07/12/2011 6:44:19 PM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 3922

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/12/2011 11:48:32 PM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The DHCP Client service depends on the following nonexistent service: NetBT

Log: 'System' Date/Time: 10/12/2011 11:48:24 PM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The DHCP Client service depends on the following nonexistent service: NetBT

Log: 'System' Date/Time: 10/12/2011 10:30:20 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 10/12/2011 10:30:20 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the TOSHIBA Bluetooth Service service to connect.

Log: 'System' Date/Time: 10/12/2011 10:30:16 PM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

Log: 'System' Date/Time: 10/12/2011 10:30:16 PM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The DHCP Client service depends on the following nonexistent service: NetBT

Log: 'System' Date/Time: 10/12/2011 10:14:49 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 10/12/2011 10:14:48 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the TOSHIBA Bluetooth Service service to connect.

Log: 'System' Date/Time: 10/12/2011 10:12:47 PM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

Log: 'System' Date/Time: 10/12/2011 10:12:47 PM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The DHCP Client service depends on the following nonexistent service: NetBT






------------------------------------------------------------------------------------------------

ok couldnt find Uniblue Registry Booster or anything like that in Add/Remove Programs, and also couldnt find anything like that in Program Files...


and about the virus name i dont have any clue... i didnt copy and paste it in so i could have gotten the spelling wrong. but it was effecting netbt.sys

 

[Bobbye]

Unless you give me the time on the computer clock when the system freezes after logon, I can't tell which, if ant of the errors given are causing the problem.

I think you need to re-configure the VNC software. This is not my forte, but you have assigned the RPC to TCP 135. The VNC default port is Port 5900. And you're using to see the desktop of a remote machine and control it with your local mouse and keyboard. You appear to indicate that this remote connection is between you home system and work system

 

[Johnh92]

yeah thats correct. i sometimes need to do things at work when im at home.

but about the Uniblue Registry Booster? i cant find it anywhere. i on add/remove programs or program files.

should i search my computer for files or folders with that name?

 

[Johnh92]

ok so i restarted my computer lat night and it froze around 12:38am it has a few logs on the scan around that time so hopefully you can see what the problem is.

but it froze while i was about to start a malware scan which it hasnt done before, not sure if that means anything.


Vino's Event Viewer v01c run on Windows XP in English
Report run at 12/12/2011 10:51:59 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/12/2011 8:40:42 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 7829

Log: 'Application' Date/Time: 12/12/2011 8:40:42 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 7829

Log: 'Application' Date/Time: 12/12/2011 8:40:42 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 12/12/2011 8:40:40 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 5875

Log: 'Application' Date/Time: 12/12/2011 8:40:40 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 5875

Log: 'Application' Date/Time: 12/12/2011 8:40:40 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 12/12/2011 8:40:38 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 3922

Log: 'Application' Date/Time: 12/12/2011 8:40:38 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 3922

Log: 'Application' Date/Time: 12/12/2011 8:40:38 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 12/12/2011 8:40:36 AM
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 1954

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/12/2011 12:40:00 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/12/2011 12:40:00 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the TOSHIBA Bluetooth Service service to connect.

Log: 'System' Date/Time: 12/12/2011 12:39:58 AM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

Log: 'System' Date/Time: 12/12/2011 12:39:58 AM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The DHCP Client service depends on the following nonexistent service: NetBT

Log: 'System' Date/Time: 12/12/2011 12:35:38 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/12/2011 12:35:38 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the TOSHIBA Bluetooth Service service to connect.

Log: 'System' Date/Time: 12/12/2011 12:35:17 AM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT

Log: 'System' Date/Time: 12/12/2011 12:35:17 AM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The DHCP Client service depends on the following nonexistent service: NetBT

Log: 'System' Date/Time: 11/12/2011 1:17:11 AM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The TightVNC Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 11/12/2011 1:17:10 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The iPod Service service terminated unexpectedly. It has done this 1 time(s).

 

[Johnh92]

ok after that i did a scam because my Malwarebytes will expire in 3 days so i did a scan just because. and it didnt find anything


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8313

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/12/2011 7:24:37 AM
mbam-log-2011-12-12 (07-24-37).txt

Scan type: Full scan (C:\|)
Objects scanned: 449082
Time elapsed: 6 hour(s), 40 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Johnh92]

back to my original problem,

netbt.sys

i thought i had fixed the problem with my internet browsing issues and then i found this website (below) and it had a paragraph which explained my problems perfectly

"Can ping and search a remote computer but not browse it

If you can see or search a remote computer in mixed OS (win98, ME, NT, W2K and XP) network, this is master browser issue. You may try to use browstat.exe from NT resource kit to check the master browser status. Or stop computer browser on w2k/xp.

For consultants, refer to case 100903RL."

and then down the very bottom of the page it has two paragraphs about netbt.sys and so i had a little play around and tried checking the status of my master browser how they said and so i did this in the command program and this is what happened

"C:\Documents and Settings\Hunter family>nbtstat -RR
Failed to access NetBT diver -- NetBT may not be loaded"

just wondering what happened to my netbt.sys file when i cleaned it?

http://http://www.chicagotech.net/browser.htm

 

[Bobbye]

This looks like the problem- but I m not sure of the cause:
Log: 'System' Date/Time: 12/12/2011 12:39:58 AM
Event: 7003 Source: Service Control Manager
1. The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
2. The DHCP Client service depends on the following nonexistent service: NetBT

Log: 'System' Date/Time: 12/12/2011 12:35:38 AM
Event: 7000 Source: Service Control Manager
The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. (Timed out)
------------------------------------------
There is some problem with the RealVNC settings:It is running: c:\program files\RealVNC\VNC4\WinVNC4.exe:
Event: 1 Source: WinVNC4
ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted.

I am not familiar with this program, but the 2 references below should help you work through the settings and possible upgrade:
http://www.realvnc.com/products/free/4.1/winvnc.html
http://www.realvnc.com/products/free/4.1/winvnc.html#Upgrade> v4.1
-
I do think that this>"135:TCP"= 135:TCP:RPC< has been set by or for VNC and I don't think it's correct.
------------------------------------
The 3 issues are all network related: WinVNC4, NetBT and BlueTooth. You said the network problem had been resolved.
But the date for these errors are after you said this. I suggest you read the VNC info I left
. Check the setting for that against what is on your system.
You will use the path Start> Settings> Control Panel> Network Connections> right click> Propertien> Advanced tab.
==================================
One other issue I saw in the Events:
Bonjour has been set for some kind of Scheduled Task- it's not working. Why do you have this set for task?
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 3922
Task Scheduling Error: m->NextScheduledEvent 5875
Task Scheduling Error: Continuously busy for more than a second
Whatever it is, it's not working. It also isn't needed. I don't know if it could cause interruption of the system, but I do recommend that you delete any Tasks you have scheduled for Bonjour:
Opening scheduled tasks to modify or delete them:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.

• 
  To change the settings for a task: right-click the Task> click Properties> do any of the following:
  1. To change the schedule for the task, click the Schedule tab.
     (Since these are new, make sure the settings are configured as you want. Both as MSE/MSAntimalware related)
     c:\windows\Tasks\MP Scheduled Scan.job
     c:\windows\Tasks\MpIdleTask.job
  2. To customize the settings for the task,such as run time,idle time, power management options, click the Settings tab.
  3. To delete a task> right-click the task> click Delete.
     c:\windows\Tasks\RealUpgradeLogonTask
     c:\windows\Tasks\RealUpgradeScheduledTasks
  4. To prevent task from running until you run again>
     [o] right-click the task> Properties> On the General tab>
     [o] clear the Enabled check box> Select the check box again when you are ready to run it again.
  =====================================
  Removing all of the tools we used and the files and folders they created
  
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    
    
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
  -----
  Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  ------------------------------------------
  
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
    
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.
  
  
  Empty the Recycle Bin
  =====================================
  About this:
  

  when the computer starts up it sometimes freezes or just goes black (this is after the login page)

  I am not seeing any related Error for this in the Event Viewer. If it continues to be a problem, please start a new thread in our Win BSOD/Freezes. etc. Forum. Mention we have cleaned the system.