Jump to content

Colin Klayer

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Colin Klayer
    Win32kdiag log: Running from: C:\Documents and Settings\Colin\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Colin\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Finished! Combofix log: ComboFix 09-09-16.05 - Colin 09/17/2009 17:26.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1347 [GMT -4:00] Running from: c:\documents and settings\Colin\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\13165254 c:\documents and settings\All Users\Application Data\13165254\13165254 c:\documents and settings\All Users\Application Data\13165254\13165254.exe c:\documents and settings\All Users\Application Data\13165254\pc13165254ins c:\documents and settings\Colin\Application Data\Microsoft\Installer\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}\NewShortcut3_2E7595EC4FB14E2993D49083C8A9B107.exe c:\documents and settings\Colin\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk c:\documents and settings\Colin\Desktop\Advanced Virus Remover.lnk c:\documents and settings\Colin\Start Menu\Advanced Virus Remover.lnk c:\documents and settings\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk c:\documents and settings\Sarah\Desktop\Advanced Virus Remover.lnk c:\documents and settings\Sarah\Start Menu\Advanced Virus Remover.lnk C:\kqbvc.exe C:\p2hhr.bat c:\program files\AdvancedVirusRemover c:\program files\AdvancedVirusRemover\PAVRM.exe c:\program files\AntivirusPro_2010 c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe c:\program files\AntivirusPro_2010\AVEngn.dll c:\program files\AntivirusPro_2010\data\daily.cvd c:\program files\AntivirusPro_2010\htmlayout.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll c:\program files\AntivirusPro_2010\pthreadVC2.dll c:\program files\AntivirusPro_2010\wscui.cpl c:\program files\Windows Police Pro c:\program files\Windows Police Pro\msvcm80.dll c:\program files\Windows Police Pro\msvcp80.dll c:\program files\Windows Police Pro\msvcr80.dll c:\program files\Windows Police Pro\tmp\dbsinit.exe c:\program files\Windows Police Pro\windows Police Pro.exe C:\smp.bat c:\windows\BM53d85d83.txt c:\windows\BM53d85d83.xml c:\windows\braviax.exe c:\windows\COUPON~1.OCX c:\windows\CouponPrinter.ocx c:\windows\cru629.dat c:\windows\Installer\3d28e.msi c:\windows\Installer\3d28f.msp c:\windows\Installer\3d290.msp c:\windows\Installer\3d291.msp c:\windows\Installer\3d292.msp c:\windows\Installer\3d293.msp c:\windows\Installer\3d294.msp c:\windows\Installer\3d295.msp c:\windows\Installer\3d296.msp c:\windows\Installer\3d297.msp c:\windows\Installer\cc6a3.msi c:\windows\msa.exe c:\windows\msb.exe c:\windows\msc.exe c:\windows\ppp3.dat c:\windows\ppp4.dat c:\windows\pskt.ini c:\windows\svchast.exe c:\windows\system32\~.exe c:\windows\system32\AVR09.exe c:\windows\system32\bennuar.old c:\windows\system32\bincd32.dat c:\windows\system32\braviax.exe c:\windows\system32\cru629.dat c:\windows\system32\ddDEsot.dll c:\windows\system32\depopuho.exe c:\windows\system32\desot.exe c:\windows\system32\ganotida.dll c:\windows\system32\getovojo.dll c:\windows\system32\horefupa.dll c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\jonotama.dll c:\windows\system32\msxml71.dll c:\windows\system32\nlyrcxud.ini c:\windows\system32\pimenuda.dll c:\windows\system32\sonhelp.htm c:\windows\system32\sysnet.dat c:\windows\system32\wbem\proquota.exe c:\windows\system32\wenijalu.exe c:\windows\system32\winhelper.dll c:\windows\system32\winupdate.exe c:\windows\system32\wisdstr.exe c:\windows\system32\wispex.html c:\windows\system32\xIOqWvut.ini c:\windows\system32\xIOqWvut.ini2 c:\windows\system32\ygsuhdf83id.dll c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete ----- BITS: Possible infected sites ----- hxxp://193.33.61.160 Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll -- Previous Run -- Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll -------- c:\windows\system32\drivers\beep.sys . . . is infected!! c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_AntipPolice_ -------\Service_AntipPolice_ ((((((((((((((((((((((((( Files Created from 2009-08-17 to 2009-09-17 ))))))))))))))))))))))))))))))) . 2009-09-17 21:46 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe 2009-09-16 20:20 . 2009-09-16 20:20 101376 ----a-w- c:\windows\system32\TJ8nVHyA8U.dll 2009-09-16 19:51 . 2009-09-16 19:51 -------- d-----w- c:\program files\Trend Micro 2009-09-16 19:06 . 2009-09-16 19:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-16 19:02 . 2009-09-17 21:25 0 ----a-w- c:\windows\win32k.sys 2009-09-16 16:57 . 2009-09-16 16:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-16 16:56 . 2009-09-16 16:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-09-16 05:50 . 2009-09-16 05:50 -------- d-----w- c:\documents and settings\Colin\Application Data\Malwarebytes 2009-09-16 05:50 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-16 05:50 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-16 05:50 . 2009-09-16 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-16 05:50 . 2009-09-17 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-16 04:45 . 2009-09-16 04:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2009-09-16 04:37 . 2009-09-16 04:37 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-09-16 04:26 . 2009-09-16 04:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-09-16 04:23 . 2009-09-16 04:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-09-16 01:14 . 2009-09-16 01:14 73728 ----a-w- C:\xjehx.exe 2009-09-16 01:14 . 2009-09-16 01:14 49152 ----a-w- C:\scmhux.exe 2009-09-16 01:14 . 2009-09-16 01:14 17920 ----a-w- C:\fjmpqp.exe 2009-09-16 01:14 . 2009-09-16 01:14 79360 ----a-w- C:\wpfpqa.exe 2009-09-16 01:14 . 2009-09-16 01:14 19968 ----a-w- C:\udtcnn.exe 2009-09-16 01:14 . 2009-09-16 01:14 155136 ----a-w- C:\pfhoc.exe 2009-09-16 01:14 . 2009-09-16 01:14 49066 ----a-w- C:\psiefutv.exe 2009-09-09 14:32 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-05 14:34 . 2009-09-05 14:34 -------- d-----w- c:\program files\Provericon Software Development 2009-09-03 21:38 . 2009-09-03 21:38 -------- d-sh--w- c:\documents and settings\Sarah\IETldCache 2009-08-21 20:53 . 2009-08-21 20:53 -------- d-----w- c:\program files\iPod 2009-08-21 20:53 . 2009-08-21 20:55 -------- d-----w- c:\program files\iTunes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-17 22:23 . 2008-01-18 00:33 156869 ----a-w- c:\windows\system32\nvModes.dat 2009-09-17 17:41 . 2008-06-09 16:16 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-09-16 17:54 . 2009-06-16 17:53 49664 --sha-w- c:\windows\system32\yadihoni.dll 2009-09-16 01:10 . 2008-01-18 14:48 80200 ----a-w- c:\documents and settings\Colin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-16 01:08 . 2009-01-29 17:43 -------- d-----w- c:\documents and settings\Colin\Application Data\Skype 2009-09-15 14:39 . 2009-05-14 21:32 -------- d-----w- c:\documents and settings\Colin\Application Data\Launchy 2009-09-15 14:39 . 2009-01-29 17:45 -------- d-----w- c:\documents and settings\Colin\Application Data\skypePM 2009-09-10 15:58 . 2008-06-25 04:01 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-10 03:21 . 2008-05-20 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-21 20:53 . 2007-11-15 20:30 -------- d-----w- c:\program files\Common Files\Apple 2009-08-14 16:08 . 2008-06-02 22:33 -------- d-----w- c:\program files\Paint.NET 2009-08-12 04:21 . 2009-08-12 04:21 -------- d-----w- c:\documents and settings\Colin\Application Data\acccore 2009-08-06 18:38 . 2007-09-27 15:15 -------- d-----w- c:\program files\Apoint 2009-08-05 09:11 . 2002-09-03 19:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-24 17:02 . 2008-01-20 17:24 -------- d-----w- c:\documents and settings\Colin\Application Data\Azureus 2009-07-24 02:05 . 2008-01-20 16:29 -------- d-----w- c:\program files\LimeWire 2009-07-17 18:55 . 2002-09-03 19:33 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-03 18:03 . 2009-03-07 12:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-03 17:09 . 2006-06-23 15:33 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 18:36 . 2002-09-03 19:45 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2002-09-03 19:45 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2002-09-03 19:45 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2002-09-03 19:45 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2002-09-03 19:45 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2002-09-03 19:45 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2002-09-03 19:45 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2002-09-03 19:45 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 18:36 . 2002-09-03 19:45 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2002-09-03 19:45 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2002-09-03 19:45 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2002-09-03 19:45 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 08:44 . 2005-06-15 17:50 298496 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:44 . 2002-09-03 20:02 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:44 . 2002-09-03 19:54 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:44 . 2002-09-03 19:54 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:44 . 2002-09-03 19:48 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:44 . 2002-09-03 19:42 724480 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-22 11:49 . 2002-09-03 19:45 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2002-09-03 19:45 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2002-09-03 19:45 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2002-09-03 19:45 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-22 11:34 . 2002-09-03 19:41 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-06-16 17:54 . 2009-06-16 17:54 49664 --sha-w- c:\windows\system32\saperiho.dll . ------- Sigcheck ------- [-] 2009-09-16 04:46 . 471098B6001A434561CC4CE1F068907C . 28672 . . [------] . . c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de35813e-785b-4407-a481-0cbbaeca992f}] 2009-06-16 17:54 49664 --sha-w- c:\windows\system32\saperiho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoToMeeting"="c:\program files\Citrix\GoToMeeting\320\g2mstart.exe" [2008-10-17 31552] "Google Update"="c:\documents and settings\Colin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976] "DivX Free Codec"="c:\program files\DivX Free Codec\Divx Free Update.exe" [2007-03-30 274432] "UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208] "ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672] "PCTVOICE"="pctspk.exe" - c:\windows\system32\pctspk.exe [2002-07-18 163840] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-26 921600] c:\documents and settings\Colin\Start Menu\Programs\Startup\ allSnap.lnk - c:\program files\allSnap\allSnap.exe [2009-5-1 90112] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Launchy.lnk - c:\program files\Launchy\Launchy.exe [2009-5-14 286720] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Colin^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Colin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Colin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\MicroStar\\WLANUtility\\APUtility.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\explorer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/16/2008 5:11 PM 96520] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/16/2008 5:10 PM 902424] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/16/2008 5:10 PM 282904] R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/16/2008 5:11 PM 75272] R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [4/16/2009 8:27 AM 447848] R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [5/13/2008 3:01 PM 135168] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088] R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22 PM 11776] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/27/2008 1:44 PM 24652] R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [4/16/2009 8:27 AM 20736] R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [4/16/2009 8:27 AM 18944] R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 9:23 PM 3584] S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [5/27/2009 11:15 PM 20992] S3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver;c:\windows\system32\drivers\i2220ntx.sys [8/27/2007 11:40 PM 117248] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/17/2009 12:30 PM 17408] S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [11/24/2008 1:30 PM 264576] S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/2/2002 10:57 AM 13532] S3 Vgomnse;Vgomnse; [x] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-789336058-839522115-1004Core.job - c:\documents and settings\Colin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 05:29] 2009-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-789336058-839522115-1004UA.job - c:\documents and settings\Colin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 05:29] 2009-09-16 c:\windows\Tasks\SyncBack Zipscene.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-03-04 17:00] 2009-09-17 c:\windows\Tasks\User_Feed_Synchronization-{DD492AFF-3B5D-4B43-BE97-8058FF6A319B}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] 2009-09-17 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: turbotax.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\vivakpoz.default\ FF - prefs.js: browser.startup.homepage - hxxps://zipscene.basecamphq.com/login FF - component: c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\vivakpoz.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll FF - plugin: c:\documents and settings\Colin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npsharedview.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) HKLM-Run-13165254 - c:\documents and settings\All Users\Application Data\13165254\13165254.exe HKLM-Run-pdfSaver3 - (no file) HKLM-Run-lugosusibi - ganotida.dll HKU-Default-Run-Advanced Virus Remover - c:\program files\AdvancedVirusRemover\PAVRM.exe Notify-ljJDUono - ljJDUono.dll AddRemove-CANONBJ_Deinstall_CNMCP49.DLL - c:\windows\system32\CNMCP49.exe -PRINTERNAMECanon i550 -HELPERDLLc:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-17 18:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\Colin\LOCALS~1\Temp\etilqs_YcSZ6qjK97EbCUjNCwEH 479232 bytes ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,7c,dc,99,d7,28,e7,4e,9e,48,90,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,7c,dc,99,d7,28,e7,4e,9e,48,90,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(560) c:\windows\system32\Ati2evxx.dll c:\program files\Funk Software\Odyssey Client\odLogin.dll - - - - - - - > 'explorer.exe'(3756) c:\windows\system32\WININET.dll c:\program files\UltraMon\RTSUltraMonHook.dll c:\windows\system32\saperiho.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\BCMWLTRY.EXE c:\windows\system32\searchindexer.exe c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe c:\program files\Canon\CAL\CALMAIN.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\program files\DisplayLink Core Software\DisplayLinkManager.exe c:\program files\DisplayLink Core Software\DisplayLinkUI.exe c:\program files\Apoint\ApntEx.exe c:\program files\Apoint\hidfind.exe c:\windows\system32\rundll32.exe c:\program files\Mozilla Thunderbird\thunderbird.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\UltraMon\UltraMonTaskbar.exe . ************************************************************************** . Completion time: 2009-09-17 18:48 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-17 22:46 Pre-Run: 473,489,408 bytes free Post-Run: 6,681,198,592 bytes free 437 --- E O F --- 2009-09-10 03:29 I will note that the machine seems to be loading with out interruption from scareware.
  2. Colin Klayer
    Hello JSntgRvr, Thanks in advance for your help! This is what was in the log: Running from: C:\Documents and Settings\Colin\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Colin\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll [1] 2004-03-29 21:48:36 364544 C:\WINDOWS\$NtServicePackUninstall$\callcont.dll (Microsoft Corporation)
  3. Colin Klayer
    I appear to be infected with all the above(Total Security, Soft Safeness, and AntiVirus Pro 2010). I have tried the following: o Scan with AVG - Did not run o Scan with Lavasoft Adaware - Scan started then PC shutdown out of nowhere o In order to do the following(and to access any webpage) I had to install "process explorer" from sysinternals to kill the process that was hijacking my browser(I normally use firefox. I am currently using chrome as it does not seem to be affected by any of these.) o Download and install MalwareBytes - Installed fine and started scan then program shuts down o Download and install HiJackThis - Installed fine but will not open I have been reading though these forums and the amount of help that is given here is awe inspiring! Please help me out of this mess(my finance's wedding planning got me into it). Colin
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.