hi all

david_cougar · 12 August 2011 at 7:41PM

thanks will try now....

waddler_8 · 12 August 2011 at 8:01PM

What OS is this (XP, Vista, Win7. 32bit or 64bit)? Can you connect to Bleeping Computer? Do you have access to another PC?

david_cougar · 12 August 2011 at 8:19PM

hisorry took ages no proxy servers, running windows xp not sure 32/64 no other computer avg still running but flagged up.ozpmpa.exe is tring to open a connection to internet can access bleeping computer thanks hi 32 just found on prccesor x866

waddler_8 · 12 August 2011 at 8:25PM

See if you can do this.

Download DDS from the link below and save it to your desktop:

Link

After you've downloaded it and saved it to your desktop:

Double click DDS to run it.
When it's finished, DDS will open two logs:

DDS.txt
Attach.txt

Save both reports to your desktop.
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)

dogmaryxx · 12 August 2011 at 8:38PM

Try running HitmanPro (32-bit) or HitmanPro (64-bit) depending on what system you have.

Should only take 5 minutes max.

Windows XP

If you have Windows XP, there are two methods to determine whether you are running a 32-bit or a 64-bit version. If one does not work, try the other.

Method 1: View System Properties in Control Panel

Click Start, and then click Run.
Type sysdm.cpl, and then click OK.
Click the General tab. The operating system is displayed as follows:
- For a 64-bit version operating system: Windows XP Professional x64 Edition Version < Year> appears under System.
- For a 32-bit version operating system: Windows XP Professional Version <Year> appears under System.
Note <Year> is a placeholder for a year.

Method 2: View System Information window

Click Start, and then click Run.
Type winmsd.exe, and then click OK.
When System Summary is selected in the navigation pane, locate Processor under Item in the details pane. Note the value.
- If the value that corresponds to Processor starts with x86, the computer is running a 32-bit version of Windows.
- If the value that corresponds to Processor starts with ia64 or AMD64, the computer is running a 64-bit version of Windows.

david_cougar · 12 August 2011 at 8:47PM

.
uStart Page = hxxp://uk.my.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=262916f0000000000000000d87938986&tlver=1.4.19.19&ss=1&affID=17978
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\bh\BabylonToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\BabylonToolbarTlbr.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ccleaner] "f:\computer logistics\computer logistics\CCleaner.exe" /AUTO
uRun: [Ozpmpa] c:\documents and settings\temp\application data\Ozpmpa.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.0\SetHook.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NPSStartup]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~2\op_mon.exe" /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost security suite free\feedback.exe" /dump:os_startup
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} - hxxp://www.couponreport.net/ftp/v3123/csauie1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{F2E788EB-EE22-40ED-9322-6B0A4E80B9EE} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: TPSvc - TPSvc.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~2\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============

david_cougar · 12 August 2011 at 8:47PM

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2011-8-11 708760]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~2\acs.exe [2011-8-11 2072592]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2011-8-11 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2011-8-11 267624]
R3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2011-8-11 70160]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\C4C_BSC2.sys [1980-1-1 84788]
R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2011-8-11 242040]
R3 VBFilt;VBFilt;c:\windows\system32\filt\VBFilt.dll [2011-8-11 34096]
S1 MpKsl2d260350;MpKsl2d260350;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90a5751d-76a4-4a24-9a25-f744d3c05245}\mpksl2d260350.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90a5751d-76a4-4a24-9a25-f744d3c05245}\MpKsl2d260350.sys [?]
S1 MpKsl3664569e;MpKsl3664569e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b36cce7-657e-4f60-947a-08d11aeefa62}\mpksl3664569e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b36cce7-657e-4f60-947a-08d11aeefa62}\MpKsl3664569e.sys [?]
S1 MpKsl7025e9c8;MpKsl7025e9c8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{acd4e887-cdd0-4bf0-9877-0b300649265c}\mpksl7025e9c8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{acd4e887-cdd0-4bf0-9877-0b300649265c}\MpKsl7025e9c8.sys [?]
S1 MpKsl8d3e6026;MpKsl8d3e6026;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b36cce7-657e-4f60-947a-08d11aeefa62}\mpksl8d3e6026.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b36cce7-657e-4f60-947a-08d11aeefa62}\MpKsl8d3e6026.sys [?]
S1 MpKsl98909962;MpKsl98909962;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f9cbda15-a78e-43d3-89c8-4379a29f6292}\mpksl98909962.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f9cbda15-a78e-43d3-89c8-4379a29f6292}\MpKsl98909962.sys [?]
S1 MpKslec26c289;MpKslec26c289;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90a5751d-76a4-4a24-9a25-f744d3c05245}\mpkslec26c289.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90a5751d-76a4-4a24-9a25-f744d3c05245}\MpKslec26c289.sys [?]
S1 MpKslf660246c;MpKslf660246c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{acd4e887-cdd0-4bf0-9877-0b300649265c}\mpkslf660246c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{acd4e887-cdd0-4bf0-9877-0b300649265c}\MpKslf660246c.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-8-12 1025352]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\blkwgu.sys --> c:\windows\system32\drivers\BLKWGU.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-3 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\\\\program files\\\\norton internet security\\\\norton antivirus\\\\navapsvc.exe" --> c:\\\\program files\\\\norton internet security\\\\norton antivirus\\\\navapsvc.exe [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2004-6-11 176640]
S3 VM30xx86;Vimicro USB PC Camera (ZC030x);c:\windows\system32\drivers\vm30xx86.sys [2008-11-26 1294336]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-08-12 20:01:12 233472 ----a-w- c:\documents and settings\temp\application data\Ozpmpa.exe
2011-07-15 13:29:32 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440

w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:14 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-12 20:01:16 2404 ----a-w- c:\windows\system32\ASOROSet.bin
2011-06-07 12:03:12 17280 ----a-w- c:\windows\system32\roboot.exe
2011-06-02 14:02:06 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 18:14:10 222080

w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:41:37.39 ===============

david_cougar · 12 August 2011 at 8:49PM

thanks hope this makes sense

waddler_8 · 12 August 2011 at 8:49PM

There's some missing fro the top of the log before this bit:

uStart Page = hxxp://uk.my.yahoo.com/

david_cougar · 12 August 2011 at 8:53PM

this is it sorry.
uStart Page = hxxp://uk.my.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=262916f0000000000000000d87938986&tlver=1.4.19.19&ss=1&affID=17978
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\bh\BabylonToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\BabylonToolbarTlbr.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ccleaner] "f:\computer logistics\computer logistics\CCleaner.exe" /AUTO
uRun: [Ozpmpa] c:\documents and settings\temp\application data\Ozpmpa.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.0\SetHook.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NPSStartup]
mRun: [Adobe ARM] "c:\program files\common files\

hi all

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free