Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Network Worm or virus

Started by Skidroc , Jun 15 2011 11:02 AM

  • Please log in to reply

#1
Skidroc
Posted 15 June 2011 - 11:02 AM

Skidroc

    Member

  • Member
  • PipPip
  • 63 posts
Hi,
I do some contract work for a company and I have to log into thier VPN from time to time. Today I was told by their Network guy to get off the VPN because I had a worm or virus. I have not noticed anything weird with my laptop other than it does seem just a slight bit slower. I have AVG and it found no issues.

Also, please note I am aware of your policy of not working on company computers, but I am the owner of this laptop and it is used primarily as my personal PC that I login occasionally for work.

Here is my OTL and thanks in advance:

OTL logfile created on: 6/15/2011 11:38:17 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Josh\Desktop\Geeks to Go
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 49.80% Memory free
6.19 Gb Paging File | 4.65 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.18 Gb Total Space | 24.41 Gb Free Space | 11.04% Space Free | Partition Type: NTFS
Drive D: | 11.71 Gb Total Space | 2.02 Gb Free Space | 17.22% Space Free | Partition Type: NTFS

Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 11:37:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\Geeks to Go\OTL.exe
PRC - [2011/03/15 10:02:44 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/24 09:19:48 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/19 07:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/09/23 09:14:13 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 10:00:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 10:00:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:59:35 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/15 16:37:36 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/12 10:04:47 | 000,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/02/22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/07/23 09:33:58 | 005,803,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/03/23 06:00:00 | 000,182,272 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICFA.EXE
PRC - [2007/03/09 17:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/17 08:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/15 11:37:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\Geeks to Go\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2010/07/15 10:00:14 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/19 07:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/07/15 10:00:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/05/05 08:45:27 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:59:36 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_000.sys -- (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/06/02 08:40:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/04 10:51:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/04 10:50:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/03/11 17:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/03/11 17:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/03/11 17:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/03/11 17:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2007/09/17 18:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/17 08:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll (NetZero, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 10:49:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 10:49:31 | 000,000,000 | ---D | M]

[2010/04/21 09:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2011/05/09 10:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\m64jh1oi.default\extensions
[2010/04/27 08:30:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\m64jh1oi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/21 09:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/09 10:49:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 10:49:29 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] File not found
O4 - HKLM..\Run: [ATT-SST_UninstallTracking] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus CX9400Fax Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICFA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Local intranet)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} http://172.25.0.10/s...ientInstall.ocx (Shoretel SClientInstall)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {720A3751-EB23-45E7-B5DB-68BA712A38AB} http://172.25.0.10/S...e/SoftPhone.cab (EMMgcp Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://trans-i.webe...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.disneypho...geUploader4.cab (Image Uploader Control)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://mobilecountym...s/acgm/acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/18 01:28:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{63da06a8-3bc8-11de-843d-cf55c7ea1016}\Shell - "" = AutoRun
O33 - MountPoints2\{63da06a8-3bc8-11de-843d-cf55c7ea1016}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 11:37:04 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Geeks to Go
[2011/06/15 10:18:48 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\TextFiles10B
[2011/06/13 08:01:47 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Infinity Global
[2011/06/06 20:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Xpress Software
[2010/04/30 08:56:56 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Josh\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 11:38:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2046036255-1327027182-2430204958-1000UA.job
[2011/06/15 10:55:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 10:55:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 10:23:55 | 001,718,674 | ---- | M] () -- C:\Users\Josh\Desktop\d10A.zip
[2011/06/15 09:42:38 | 077,960,557 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/06/15 00:41:11 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32CCA2BB-868D-44D1-8F15-7266DB26B269}.job
[2011/06/14 20:38:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2046036255-1327027182-2430204958-1000Core.job
[2011/06/14 13:02:28 | 000,645,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/14 13:02:28 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/14 12:58:55 | 000,002,505 | ---- | M] () -- C:\Users\Josh\Desktop\VPN Client.lnk
[2011/06/14 12:57:47 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/06/14 12:55:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/14 12:55:25 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/14 12:30:54 | 000,001,860 | -H-- | M] () -- C:\Users\Josh\Documents\Default.rdp
[2011/06/06 20:04:28 | 000,000,926 | ---- | M] () -- C:\Users\Josh\Desktop\Advanced Log Monitor.lnk
[2011/06/03 21:20:20 | 000,000,680 | ---- | M] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 10:23:55 | 001,718,674 | ---- | C] () -- C:\Users\Josh\Desktop\d10A.zip
[2011/06/06 20:04:28 | 000,000,926 | ---- | C] () -- C:\Users\Josh\Desktop\Advanced Log Monitor.lnk
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/06/30 13:39:24 | 000,114,688 | ---- | C] () -- C:\Windows\System32\XFormRes.dll
[2010/06/30 13:39:23 | 000,421,888 | ---- | C] () -- C:\Windows\System32\secocom.dll
[2010/04/30 08:56:56 | 000,087,608 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\inst.exe
[2010/04/30 08:56:56 | 000,007,887 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\pcouffin.cat
[2010/04/30 08:56:56 | 000,001,144 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\pcouffin.inf
[2010/04/19 14:32:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/27 20:41:09 | 000,000,108 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\default.pls
[2008/12/26 14:34:56 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/08/09 16:59:54 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/09 16:59:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/24 07:30:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/06/05 09:48:23 | 000,000,224 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\APUSet.xml
[2008/06/05 09:48:22 | 000,006,014 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\PrimoPDFSet.xml
[2008/06/05 09:47:19 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/06/02 13:57:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/06/02 13:57:55 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/06/02 13:57:55 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/06/02 13:57:55 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/06/02 13:57:55 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/06/02 13:57:55 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/06/02 13:57:55 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/06/02 13:57:55 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/06/02 13:57:55 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/06/02 13:57:55 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/06/02 13:57:55 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/06/02 13:57:55 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/06/02 13:57:55 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/06/02 13:57:54 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/06/02 13:57:54 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/06/02 13:57:54 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/06/02 13:53:30 | 000,000,044 | ---- | C] () -- C:\Windows\EPSCX9400Fax.ini
[2008/05/27 13:04:20 | 000,000,092 | ---- | C] () -- C:\Users\Josh\AppData\Local\fusioncache.dat
[2008/05/27 09:17:07 | 000,017,089 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\UserTile.png
[2008/05/16 16:33:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/05/01 12:10:03 | 000,000,680 | ---- | C] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat
[2008/04/28 10:55:57 | 000,137,216 | ---- | C] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/09 06:48:06 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/03/09 06:48:06 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/03/09 06:47:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/18 01:42:51 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/02/10 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/10 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/10 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/10 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/09/13 10:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 10:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 10:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,361,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,645,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,120,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/12 13:49:28 | 000,050,272 | ---- | C] () -- C:\Windows\System32\drivers\atnt40k.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/02/11 09:19:00 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\CoffeeCup Software
[2011/05/02 10:50:58 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\DVDVideoSoft
[2011/04/26 13:55:06 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\EditPlus 3
[2008/08/12 10:41:19 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\EPSON
[2011/01/27 10:17:34 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Etasoft Inc
[2011/06/09 11:49:12 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\FileZilla
[2008/10/17 16:03:32 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Helios
[2009/06/02 14:24:42 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ICQ
[2008/04/29 15:56:48 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ImgBurn
[2008/06/02 14:06:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Leadertech
[2009/01/21 09:56:19 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\muvee Technologies
[2010/10/18 09:44:06 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\PeerNetworking
[2011/03/24 10:50:08 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\PrimoPDF
[2009/11/16 13:46:09 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ShoreWare Client
[2011/05/07 12:16:07 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Smith Micro
[2010/11/04 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\TeamViewer
[2010/04/30 08:57:27 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Vso
[2010/02/26 11:03:10 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\webex
[2008/04/23 14:18:12 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\WildTangent
[2009/10/13 09:37:31 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\{32533336-DF3B-43AD-9202-09E4144AD051}
[2011/06/14 12:54:25 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/15 00:41:11 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32CCA2BB-868D-44D1-8F15-7266DB26B269}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 15 June 2011 - 06:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,483 posts
  • MVP
I don't see anything except that your AVG is out of date.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

Download and Save the free Avast but do not install:
http://www.avast.com...ivirus-download

Download and save the AVG removal tool.
http://download.avg....6_2011_1322.exe

Disconnect from the internet.

You must first uninstall AVG before running Combofix then right click on the AVG removal tool and Run As Administrator. (I don't need the log)

Now install the free Avast by right clicking and Run As Administrator.
Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Reconnect to the Internet.


:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. Did it find anything?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP