Jump to content

malwarebytes Anti-Malware, Not fully deleting Trojan


Recommended Posts

hello, i will give you my log. but this is about whats going on, i got a virus/trojan and i ran malewarebytes and it got rid of everything then when i ran it again it still had 3 trojans or whatever. and i left for a day and came back and when i came back it kind of spread and made more, but those arent the problem, i can just clean those off. the problem is the main 3 that just wont seem to go away.

_____________________________________________________________________________

Malwarebytes' Anti-Malware 1.34

Database version: 1875

Windows 5.1.2600 Service Pack 3

3/20/2009 5:07:33 PM

mbam-log-2009-03-20 (17-07-31).txt

Scan type: Quick Scan

Objects scanned: 23153

Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d10e173-4b6a-452f-9d89-c44a5a04c42b} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{0d10e173-4b6a-452f-9d89-c44a5a04c42b} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\josazidadi (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

_______________________________________________________________________

thank you, i even went into my registry and tryed manually deleting them and they just came back when i went back to my registry. please help i do not know what to do =(

Link to post
Share on other sites

Welcome to the MalwareBytes forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:

  1. If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. :)
  2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. :(
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

I will post back soon with my first fix for you.

Regards,

Adam

Link to post
Share on other sites

Hi there,

Download and Run ComboFix

Please visit this page to download and run Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Save it to your desktop.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will see the following message if Microsoft Windows Recovery Console is not installed.
    RcAuto1.gif
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes to continue scanning for malware.

When finished, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

Regards,

Adam

Link to post
Share on other sites

okay here it is, and thank you

ComboFix 09-03-19.02 - Michael Optis 2009-03-21 3:58:27.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1549 [GMT -4:00]

Running from: c:\documents and settings\Michael Optis\Desktop\ComboFix.exe

AV: AVG 7.5.557 *On-access scanning disabled* (Updated)

FW: McAfee Personal Firewall *enabled*

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\MICHAE~1\LOCALS~1\Temp\tmp2.tmp

c:\windows\system32\afyhfv.dll

c:\windows\system32\bszip.dll

c:\windows\system32\bwfvhb.dll

c:\windows\system32\czhffn.dll

c:\windows\system32\deyorosi.dll

c:\windows\system32\fugafizu.dll

c:\windows\system32\kidodize.dll

c:\windows\system32\kolohage.dll

c:\windows\system32\lekozeko.dll

c:\windows\system32\nidegeri.dll

c:\windows\system32\nijetiyi.dll

c:\windows\system32\njnebj.dll

c:\windows\system32\onvsiu.dll

c:\windows\system32\pegapuva.dll

c:\windows\system32\sirewaya.dll

c:\windows\system32\urokapab.ini

c:\windows\system32\vayfsl.dll

c:\windows\system32\wirqgv.dll

c:\windows\system32\wokibezo.dll

c:\windows\system32\wusonaha.dll

c:\windows\system32\zelewehe.dll

c:\windows\system32\zuyahoba.dll

.

((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))

.

2009-03-20 22:34 . 2009-03-20 23:00 <DIR> d-------- c:\program files\Windows Live Safety CenterRebootActions

2009-03-20 21:55 . 2009-03-20 22:36 <DIR> d-------- c:\program files\Windows Live Safety Center

2009-03-20 19:01 . 2009-03-20 19:01 <DIR> d--hs---- c:\documents and settings\Nick Optis\IETldCache

2009-03-20 18:16 . 2009-03-20 18:16 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache

2009-03-20 17:32 . 2009-03-20 17:32 <DIR> d--hs---- c:\documents and settings\Michael Optis\IECompatCache

2009-03-20 17:31 . 2009-03-20 17:31 <DIR> d--hs---- c:\documents and settings\Michael Optis\PrivacIE

2009-03-20 17:15 . 2009-03-20 17:15 <DIR> d--hs---- c:\documents and settings\Michael Optis\IETldCache

2009-03-20 17:12 . 2009-03-20 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

2009-03-20 17:11 . 2009-03-20 17:13 <DIR> d--h----- c:\windows\msdownld.tmp

2009-03-20 17:11 . 2009-03-20 17:12 <DIR> d--h-c--- c:\windows\ie8

2009-03-19 20:24 . 2009-03-19 20:24 61,440 --a------ c:\windows\system32\drivers\ggemrk.sys

2009-03-19 18:18 . 2009-03-19 18:18 4,096 --a------ C:\lvsen.exe

2009-03-19 18:18 . 2009-03-19 18:18 2 --a------ C:\-529988271

2009-03-18 17:30 . 2009-03-18 17:30 2,560 --a------ c:\windows\_MSRSTRT.EXE

2009-03-18 16:44 . 2009-03-18 16:44 <DIR> d-------- C:\a831996612730073e8

2009-03-18 16:41 . 2009-03-18 16:50 <DIR> d-------- C:\5993f0bc86c0bb3b1fb6

2009-03-15 16:38 . 2009-03-20 16:54 <DIR> dr-h----- C:\$VAULT$.AVG

2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui

2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui

2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui

2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui

2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll

2009-03-05 23:09 . 2009-03-06 20:45 <DIR> d-------- c:\program files\Guild Warz

2009-03-04 16:07 . 2009-03-04 16:07 <DIR> d-------- c:\program files\QIP

2009-02-28 16:18 . 2009-03-04 16:33 <DIR> d-------- c:\documents and settings\Michael Optis\Application Data\ICQ

2009-02-28 16:17 . 2009-03-11 14:43 <DIR> d-------- c:\documents and settings\Michael Optis\ICQ6.5

2009-02-25 17:12 . 2009-02-25 17:12 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft

2009-02-25 17:12 . 2009-02-25 17:13 <DIR> d-------- c:\documents and settings\Michael Optis\Free YouTube to iPod Converter

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 01:36 --------- d-----w c:\documents and settings\Michael Optis\Application Data\AVG7

2009-03-20 23:09 --------- d-----w c:\program files\Plaxo

2009-03-20 21:12 --------- d-----w c:\program files\Yahoo!

2009-03-20 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-03-20 20:09 --------- d-----w c:\documents and settings\Nick Optis\Application Data\AVG7

2009-03-20 11:35 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\AVG7

2009-03-18 22:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-18 21:45 --------- d-----w c:\program files\MUSICMATCH

2009-03-06 03:08 --------- d-----w c:\program files\Guild Wars

2009-02-28 20:18 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-26 08:07 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-19 00:37 --------- d-----w c:\documents and settings\Nick Optis sr\Application Data\AVG7

2009-02-11 14:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 14:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-07 16:11 --------- d-----w c:\documents and settings\Michael Optis\Application Data\Research In Motion

2009-02-03 12:17 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\Research In Motion

2009-01-30 22:47 --------- d-----w c:\documents and settings\Nick Optis\Application Data\Research In Motion

2009-01-30 22:11 --------- d-----w c:\documents and settings\Nick Optis\Application Data\InstallShield

2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic

2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio

2009-01-30 22:09 --------- d-----w c:\program files\Roxio

2009-01-30 22:09 --------- d-----w c:\program files\Common Files\Roxio Shared

2009-01-30 22:08 --------- d-----w c:\program files\Common Files\Sonic Shared

2009-01-30 22:02 --------- d-----w c:\program files\Research In Motion

2009-01-30 22:02 --------- d-----w c:\program files\Common Files\Research In Motion

2009-01-30 21:09 --------- d-----w c:\program files\Viewpoint

2009-01-30 21:09 --------- d-----w c:\program files\Common Files\Software Update Utility

2009-01-30 21:09 --------- d-----w c:\program files\AIM6

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\AOL

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\acccore

2009-01-30 21:07 --------- d-----w c:\program files\AIM

2008-04-05 20:45 61,224 ----a-w c:\documents and settings\Michael Optis\GoToAssistDownloadHelper.exe

2006-06-02 17:25 104 -csh--r c:\windows\system32\68DD96E23A.sys

2006-06-02 17:25 4,184 -csha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]

"CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE]

"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-03-18 219136]

c:\documents and settings\Michael Optis\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-04-18 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-04-16 14:14 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Button Manager v1.836.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Button Manager v1.836.lnk

backup=c:\windows\pss\Button Manager v1.836.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk

backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Optis sr^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\Nick Optis sr\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc1m3j0ej7g

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc5m3j0ej7g

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2006-09-14 07:55 61440 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

-ra------ 2006-10-23 08:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]

--a------ 2003-06-18 03:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

--a------ 2007-11-15 09:23 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

--a------ 2005-11-07 05:20 122940 c:\windows\system32\dla\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

--------- 2005-02-23 18:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

--a------ 2005-09-29 16:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

--a------ 2006-09-25 20:52 50736 c:\program files\Common Files\AOL\1141078386\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2005-06-17 09:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2007-08-30 11:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2006-09-11 05:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-12-11 12:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

--a------ 2007-12-11 18:21 227914 c:\program files\Plaxo\2.13.1.3\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-12-11 11:56 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2005-12-17 05:22 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-07-26 03:03 49263 c:\program files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-18 15:23 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 03:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"KodakCCS"=2 (0x2)

"AOL TopSpeedMonitor"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"Viewpoint Manager Service"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"gusvc"=3 (0x3)

"sprtsvc_dellsupportcenter"=2 (0x2)

"IDriverT"=3 (0x3)

"GoToAssist"=3 (0x3)

"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\1141078386\\ee\\aolservicehost.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Common Files\\AOL\\1141078386\\EE\\aolsoftware.exe"=

"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=

"c:\\Documents and Settings\\Michael Optis\\My Documents\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Documents and Settings\\Michael Optis\\ICQ6.5\\ICQ.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-01-30 24652]

R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

S1 cvkpbwed;cvkpbwed;\??\c:\windows\system32\drivers\cvkpbwed.sys --> c:\windows\system32\drivers\cvkpbwed.sys [?]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [2004-10-05 4992]

S3 USBVCD;Canon USB Video;c:\windows\system32\drivers\USBVCD.sys [2004-10-05 57856]

S3 VCIDRV;Canon USB Video Control;c:\windows\system32\drivers\VCIDRV.sys [2004-10-05 6528]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

- - - - ORPHANS REMOVED - - - -

BHO-{0d10e173-4b6a-452f-9d89-c44a5a04c42b} - c:\windows\system32\figadufo.dll

HKLM-Run-josazidadi - c:\windows\system32\genebove.dll

HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-21 04:06:14

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)

c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

c:\program files\Common Files\AOL\ACS\AOLacsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\progra~1\Grisoft\AVG7\avgamsvr.exe

c:\progra~1\Grisoft\AVG7\avgupsvc.exe

c:\windows\system32\CTSVCCDA.EXE

c:\windows\system32\Crypserv.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\system32\LxrJD31s.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\rundll32.exe

c:\program files\UPHClean\uphclean.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-03-21 4:09:34 - machine was rebooted [Michael Optis]

ComboFix-quarantined-files.txt 2009-03-21 08:09:31

Pre-Run: 84,407,513,088 bytes free

Post-Run: 85,717,762,048 bytes free

312 --- E O F --- 2009-03-11 07:00:53

Link to post
Share on other sites

Hello,

Upload a file to VirusTotal

Please visit Virustotal

  • Click the Browse.. button
  • Navigate to the file c:\windows\system32\drivers\ggemrk.sys
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

Please repeat that process for the following file:

C:\lvsen.exe

Download HijackThis

  • Download HJTInstall.exe to your desktop and run it.
  • Following the on-screen prompts.
  • After the installation has finished, browse to C:\Program Files\Trend Micro
  • Now start HijackThis.
  • Click Do a system scan and save a log file.
  • Post the log file here. (Notepad will automatically open with the log file once HijackThis! has finished scanning). Do not attach the log file.

In your next reply, please include:

  1. Virustotal results
  2. HijackThis log

Regards,

Adam

Link to post
Share on other sites

1) Virustotal results

c:\windows\system32\drivers\ggemrk.sys

Antivirus Version Last Update Result

a-squared - - -

AhnLab-V3 - - Win-Trojan/Avenger.61440

AntiVir - - -

Authentium - - -

Avast - - -

AVG - - -

BitDefender - - -

CAT-QuickHeal - - -

ClamAV - - -

Comodo - - -

DrWeb - - -

eSafe - - Win32.Banker

eTrust-Vet - - -

F-Prot - - -

F-Secure - - -

Fortinet - - PossibleThreat

GData - - -

Ikarus - - -

K7AntiVirus - - -

Kaspersky - - -

McAfee - - -

McAfee+Artemis - - -

McAfee-GW-Edition - - -

Microsoft - - -

NOD32 - - -

Norman - - W32/Agent.HHSF

nProtect - - -

Panda - - Trj/Downloader.MDW

PCTools - - Trojan-PWS.Bancos.PWN

Prevx1 - - Medium Risk Malware

Rising - - -

Sophos - - -

Sunbelt - - -

Symantec - - -

TheHacker - - -

TrendMicro - - -

VBA32 - - -

ViRobot - - Hoax..Agent.61440

VirusBuster - - -

Additional information

MD5: 589312a3b46721c5a751e4d5222a89be

SHA1: 3a497d3968a4f6e3c648d196da38e5f98e75ec30

SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae

SHA512: c8abe050c97efe34541c3ef293a750e34b82117ae41f41d83db1f1489eb5d776a1d59d0b4a1e1353

6e5bebda630693daf4be66cc386f587a69288c76df98cf7b

C:\lvsen.exe

Antivirus Version Last Update Result

AhnLab-V3 - - -

AntiVir - - -

Authentium - - -

Avast - - -

AVG - - -

BitDefender - - -

CAT-QuickHeal - - -

ClamAV - - -

DrWeb - - -

eSafe - - -

eTrust-Vet - - -

Ewido - - -

F-Prot - - -

F-Secure - - -

FileAdvisor - - -

Fortinet - - -

Ikarus - - -

Kaspersky - - -

McAfee - - -

Microsoft - - -

NOD32v2 - - -

Norman - - -

Panda - - -

Prevx1 - - -

Rising - - -

Sophos - - -

Sunbelt - - -

Symantec - - -

TheHacker - - -

VBA32 - - -

VirusBuster - - -

Webwasher-Gateway - - BlockReason.0

Additional information

MD5: 620f0b67a91f7f74151bc5be745b7110

SHA1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256: ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512: 2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae963

13547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Link to post
Share on other sites

2) HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:05:09 PM, on 3/21/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\Citrix\GoToAssist\480\G2AProcessFactory.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Nick Optis')

O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Nick Optis')

O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Nick Optis')

O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Nick Optis')

O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Nick Optis')

O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Nick Optis')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207791331984

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...369/mcfscan.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

O24 - Desktop Component 0: (no name) - http://www.foci.buj.hu/oldalak/csapatok/an...d_arsenal01.jpg

O24 - Desktop Component 1: (no name) - http://thumbp1.mail.mud.yahoo.com/tn?sid=1...9&fid=Inbox

--

End of file - 12629 bytes

Link to post
Share on other sites

Hello,

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::c:\windows\system32\drivers\ggemrk.sys

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

I see that you have AVG7. AVG7 is out-of-date and will not recieve any more updates. You should get AVG8 or another free anti-virus that recieves updates to keep your system more secure.

Note: Never install more than 1 anti-virus or firewall.

Scan with Malwarebytes' Anti-Malware

  • Double click on the Malwarebytes' Anti-Malware icon on your desktop.
  • Once the program has loaded, click on the Update tab and click on Check for Updates.
  • Click on the Scanner tab.
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Kaspersky Online Scanner

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply.

In your next reply, please include:

  1. ComboFix log
  2. MBAM log
  3. Kaspersky report
  4. A new HijackThis log

Regards,

Adam

Link to post
Share on other sites

1.) ComboFix Log

ComboFix 09-03-19.02 - Michael Optis 2009-03-21 13:40:28.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1462 [GMT -4:00]

Running from: c:\documents and settings\Michael Optis\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Michael Optis\Desktop\CFScript.txt

AV: AVG 7.5.557 *On-access scanning disabled* (Updated)

FW: McAfee Personal Firewall *enabled*

* Created a new restore point

FILE ::

c:\windows\system32\drivers\ggemrk.sys

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\ggemrk.sys

.

((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))

.

2009-03-21 13:04 . 2009-03-21 13:04 <DIR> d-------- c:\program files\Trend Micro

2009-03-21 11:04 . 2009-03-21 11:04 <DIR> d--hs---- c:\documents and settings\Nick Optis\PrivacIE

2009-03-20 22:34 . 2009-03-20 23:00 <DIR> d-------- c:\program files\Windows Live Safety CenterRebootActions

2009-03-20 21:55 . 2009-03-20 22:36 <DIR> d-------- c:\program files\Windows Live Safety Center

2009-03-20 19:01 . 2009-03-20 19:01 <DIR> d--hs---- c:\documents and settings\Nick Optis\IETldCache

2009-03-20 18:16 . 2009-03-20 18:16 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache

2009-03-20 17:32 . 2009-03-20 17:32 <DIR> d--hs---- c:\documents and settings\Michael Optis\IECompatCache

2009-03-20 17:31 . 2009-03-20 17:31 <DIR> d--hs---- c:\documents and settings\Michael Optis\PrivacIE

2009-03-20 17:15 . 2009-03-20 17:15 <DIR> d--hs---- c:\documents and settings\Michael Optis\IETldCache

2009-03-20 17:12 . 2009-03-20 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

2009-03-20 17:11 . 2009-03-20 17:13 <DIR> d--h----- c:\windows\msdownld.tmp

2009-03-20 17:11 . 2009-03-20 17:12 <DIR> d--h-c--- c:\windows\ie8

2009-03-19 18:18 . 2009-03-19 18:18 4,096 --a------ C:\lvsen.exe

2009-03-19 18:18 . 2009-03-19 18:18 2 --a------ C:\-529988271

2009-03-18 17:30 . 2009-03-18 17:30 2,560 --a------ c:\windows\_MSRSTRT.EXE

2009-03-18 16:44 . 2009-03-18 16:44 <DIR> d-------- C:\a831996612730073e8

2009-03-18 16:41 . 2009-03-18 16:50 <DIR> d-------- C:\5993f0bc86c0bb3b1fb6

2009-03-15 16:38 . 2009-03-20 16:54 <DIR> dr-h----- C:\$VAULT$.AVG

2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui

2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui

2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui

2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui

2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll

2009-03-05 23:09 . 2009-03-06 20:45 <DIR> d-------- c:\program files\Guild Warz

2009-03-04 16:07 . 2009-03-04 16:07 <DIR> d-------- c:\program files\QIP

2009-02-28 16:18 . 2009-03-04 16:33 <DIR> d-------- c:\documents and settings\Michael Optis\Application Data\ICQ

2009-02-28 16:17 . 2009-03-11 14:43 <DIR> d-------- c:\documents and settings\Michael Optis\ICQ6.5

2009-02-25 17:12 . 2009-02-25 17:12 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft

2009-02-25 17:12 . 2009-02-25 17:13 <DIR> d-------- c:\documents and settings\Michael Optis\Free YouTube to iPod Converter

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 16:51 --------- d-----w c:\documents and settings\Michael Optis\Application Data\AVG7

2009-03-21 12:00 --------- d-----w c:\documents and settings\Nick Optis\Application Data\AVG7

2009-03-20 23:09 --------- d-----w c:\program files\Plaxo

2009-03-20 21:12 --------- d-----w c:\program files\Yahoo!

2009-03-20 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-03-20 11:35 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\AVG7

2009-03-19 22:18 80,896 --sha-w c:\windows\system32\lezowafu.dll

2009-03-18 22:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-18 21:45 --------- d-----w c:\program files\MUSICMATCH

2009-03-08 18:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe

2009-03-08 18:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll

2009-03-08 08:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll

2009-03-08 08:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll

2009-03-08 08:34 914,944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 08:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll

2009-03-08 08:34 43,008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 08:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll

2009-03-08 08:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll

2009-03-08 08:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll

2009-03-08 08:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll

2009-03-08 08:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll

2009-03-08 08:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll

2009-03-08 08:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll

2009-03-08 08:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll

2009-03-08 08:33 420,352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 08:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll

2009-03-08 08:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll

2009-03-08 08:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll

2009-03-08 08:33 18,944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 08:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll

2009-03-08 08:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll

2009-03-08 08:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll

2009-03-08 08:32 72,704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 08:32 71,680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 08:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll

2009-03-08 08:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll

2009-03-08 08:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll

2009-03-08 08:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll

2009-03-08 08:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe

2009-03-08 08:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll

2009-03-08 08:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll

2009-03-08 08:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll

2009-03-08 08:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll

2009-03-08 08:22 156,160 ----a-w c:\windows\system32\msls31.dll

2009-03-08 08:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll

2009-03-08 08:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll

2009-03-06 03:08 --------- d-----w c:\program files\Guild Wars

2009-02-28 20:18 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-26 08:07 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-19 00:37 --------- d-----w c:\documents and settings\Nick Optis sr\Application Data\AVG7

2009-02-11 14:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 14:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys

2009-02-07 16:11 --------- d-----w c:\documents and settings\Michael Optis\Application Data\Research In Motion

2009-02-03 12:17 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\Research In Motion

2009-01-30 22:47 --------- d-----w c:\documents and settings\Nick Optis\Application Data\Research In Motion

2009-01-30 22:11 --------- d-----w c:\documents and settings\Nick Optis\Application Data\InstallShield

2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic

2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio

2009-01-30 22:09 --------- d-----w c:\program files\Roxio

2009-01-30 22:09 --------- d-----w c:\program files\Common Files\Roxio Shared

2009-01-30 22:08 --------- d-----w c:\program files\Common Files\Sonic Shared

2009-01-30 22:02 --------- d-----w c:\program files\Research In Motion

2009-01-30 22:02 --------- d-----w c:\program files\Common Files\Research In Motion

2009-01-30 21:09 --------- d-----w c:\program files\Viewpoint

2009-01-30 21:09 --------- d-----w c:\program files\Common Files\Software Update Utility

2009-01-30 21:09 --------- d-----w c:\program files\AIM6

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\AOL

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\acccore

2009-01-30 21:07 --------- d-----w c:\program files\AIM

2009-01-07 22:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe

2009-01-07 22:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll

2009-01-07 22:20 265,720 ----a-w c:\windows\system32\msdbg2.dll

2009-01-07 22:20 26,112 ----a-w c:\windows\system32\idndl.dll

2009-01-07 22:20 24,576 ----a-w c:\windows\system32\nlsdl.dll

2009-01-07 22:20 23,552 ----a-w c:\windows\system32\normaliz.dll

2009-01-07 22:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll

2009-01-07 22:20 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll

2009-01-07 22:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll

2008-04-05 20:45 61,224 ----a-w c:\documents and settings\Michael Optis\GoToAssistDownloadHelper.exe

2006-06-02 17:25 104 -csh--r c:\windows\system32\68DD96E23A.sys

2006-06-02 17:25 4,184 -csha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]

"CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE]

"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-03-18 219136]

c:\documents and settings\Michael Optis\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-04-18 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-04-16 14:14 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Button Manager v1.836.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Button Manager v1.836.lnk

backup=c:\windows\pss\Button Manager v1.836.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk

backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Optis sr^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\Nick Optis sr\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2006-09-14 07:55 61440 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

-ra------ 2006-10-23 08:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]

--a------ 2003-06-18 03:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

--a------ 2007-11-15 09:23 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

--a------ 2005-11-07 05:20 122940 c:\windows\system32\dla\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

--------- 2005-02-23 18:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

--a------ 2005-09-29 16:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

--a------ 2006-09-25 20:52 50736 c:\program files\Common Files\AOL\1141078386\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2005-06-17 09:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2007-08-30 11:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2006-09-11 05:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-12-11 12:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

--a------ 2007-12-11 18:21 227914 c:\program files\Plaxo\2.13.1.3\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-12-11 11:56 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2005-12-17 05:22 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-07-26 03:03 49263 c:\program files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-18 15:23 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 03:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"KodakCCS"=2 (0x2)

"AOL TopSpeedMonitor"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"Viewpoint Manager Service"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"gusvc"=3 (0x3)

"sprtsvc_dellsupportcenter"=2 (0x2)

"IDriverT"=3 (0x3)

"GoToAssist"=3 (0x3)

"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\1141078386\\ee\\aolservicehost.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Common Files\\AOL\\1141078386\\EE\\aolsoftware.exe"=

"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=

"c:\\Documents and Settings\\Michael Optis\\My Documents\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Documents and Settings\\Michael Optis\\ICQ6.5\\ICQ.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-01-30 24652]

R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

S1 cvkpbwed;cvkpbwed;\??\c:\windows\system32\drivers\cvkpbwed.sys --> c:\windows\system32\drivers\cvkpbwed.sys [?]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [2004-10-05 4992]

S3 USBVCD;Canon USB Video;c:\windows\system32\drivers\USBVCD.sys [2004-10-05 57856]

S3 VCIDRV;Canon USB Video Control;c:\windows\system32\drivers\VCIDRV.sys [2004-10-05 6528]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-21 13:42:57

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)

c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'winlogon.exe'(2520)

c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

.

Completion time: 2009-03-21 13:45:17

ComboFix-quarantined-files.txt 2009-03-21 17:44:29

ComboFix2.txt 2009-03-21 08:09:35

Pre-Run: 85,690,056,704 bytes free

Post-Run: 85,702,422,528 bytes free

312 --- E O F --- 2009-03-11 07:00:53

Link to post
Share on other sites

Please post the MBAM scan when it finishes and when it is done post a new HijackTHis log.

What are you going to do about AVG7?

Please also follow these instructions:

Eset Online Scanner

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

Regards,

Adam

Link to post
Share on other sites

2)MBAM Log

Malwarebytes' Anti-Malware 1.34

Database version: 1879

Windows 5.1.2600 Service Pack 3

3/21/2009 3:54:21 PM

mbam-log-2009-03-21 (15-54-21).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objects scanned: 238216

Time elapsed: 1 hour(s), 22 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

3) HighJackThis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:01:31 PM, on 3/21/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Microsoft Office\Office\POWERPNT.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207791331984

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...369/mcfscan.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

O24 - Desktop Component 0: (no name) - http://www.foci.buj.hu/oldalak/csapatok/an...d_arsenal01.jpg

O24 - Desktop Component 1: (no name) - http://thumbp1.mail.mud.yahoo.com/tn?sid=1...9&fid=Inbox

--

End of file - 11535 bytes

Link to post
Share on other sites

3) ESET Online Scanner

# version=4

# OnlineScanner.ocx=1.0.0.635

# OnlineScannerDLLA.dll=1, 0, 0, 79

# OnlineScannerDLLW.dll=1, 0, 0, 78

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=3953 (20090321)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.066 (20070917)

# EOSSerial=89853d605540d247bf7e4e4227992e8f

# end=finished

# remove_checked=false

# unwanted_checked=true

# utc_time=2009-03-21 09:34:52

# local_time=2009-03-21 05:34:52 (-0500, Eastern Daylight Time)

# country="United States"

# osver=5.1.2600 NT Service Pack 3

# scanned=452313

# found=9

# scan_time=5045

C:\Documents and Settings\Michael Optis\My Documents\LimeWire\Incomplete\Preview-T-3545425-common - the people.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 2FC8D01B828AA9A621674D6A57443414

C:\Documents and Settings\Michael Optis\My Documents\LimeWire\Saved\Common - The Corner.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 54091CA497F4D3C4D4CB3E3953E9C1C5

C:\Documents and Settings\Michael Optis\Shared\cartman gets an anal probe - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan EA1B34FC5085EDB362AE423E2D6939FE

C:\Documents and Settings\Michael Optis\Shared\fligh high dj starskream.mp3 WMA/TrojanDownloader.GetCodec.C trojan AFA3AE52FDE53166F217E95C0A92CFAF

C:\Documents and Settings\Michael Optis\Shared\flobots - handlebars.mp3 WMA/TrojanDownloader.GetCodec.C trojan 1A31AF52C42A4B385BFD1DC08CCDF7F2

C:\Documents and Settings\Michael Optis\Shared\mercenaries oh no you didnt 192kb.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan E1548CEF050BF97E8A6AD5DA90849865

C:\Documents and Settings\Michael Optis\Shared\ratatat - falcon jab.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan C878135B225BD516E15564520FC0F816

C:\Documents and Settings\Michael Optis\Shared\Red Hot Chili Peppers - Breaking the girl.mp3 WMA/TrojanDownloader.GetCodec.C trojan 1A31AF52C42A4B385BFD1DC08CCDF7F2

C:\Documents and Settings\Michael Optis\Shared\Willa Ford - I Wanna Be Bad (Remix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 54091CA497F4D3C4D4CB3E3953E9C1C5

Link to post
Share on other sites

Hello,

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::C:\Documents and Settings\Michael Optis\My Documents\LimeWire\Incomplete\Preview-T-3545425-common - the people.mp3C:\Documents and Settings\Michael Optis\My Documents\LimeWire\Saved\Common - The Corner.mp3C:\Documents and Settings\Michael Optis\Shared\cartman gets an anal probe - greatest hits.mp3C:\Documents and Settings\Michael Optis\Shared\fligh high dj starskream.mp3C:\Documents and Settings\Michael Optis\Shared\flobots - handlebars.mp3C:\Documents and Settings\Michael Optis\Shared\mercenaries oh no you didnt 192kb.mp3C:\Documents and Settings\Michael Optis\Shared\ratatat - falcon jab.mp3C:\Documents and Settings\Michael Optis\Shared\Red Hot Chili Peppers - Breaking the girl.mp3C:\Documents and Settings\Michael Optis\Shared\Willa Ford - I Wanna Be Bad (Remix).mp3

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include:

  1. ComboFix log
  2. How is your computer running now?
  3. A new HijackThis log

Regards,

Adam

Link to post
Share on other sites

1) ComboFix Log

ComboFix 09-03-22.01 - Michael Optis 2009-03-22 18:55:13.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1481 [GMT -4:00]

Running from: c:\documents and settings\Michael Optis\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Michael Optis\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

FW: McAfee Personal Firewall *enabled*

* Created a new restore point

FILE ::

c:\documents and settings\Michael Optis\My Documents\LimeWire\Incomplete\Preview-T-3545425-common - the people.mp3

c:\documents and settings\Michael Optis\My Documents\LimeWire\Saved\Common - The Corner.mp3

c:\documents and settings\Michael Optis\Shared\cartman gets an anal probe - greatest hits.mp3

c:\documents and settings\Michael Optis\Shared\fligh high dj starskream.mp3

c:\documents and settings\Michael Optis\Shared\flobots - handlebars.mp3

c:\documents and settings\Michael Optis\Shared\mercenaries oh no you didnt 192kb.mp3

c:\documents and settings\Michael Optis\Shared\ratatat - falcon jab.mp3

c:\documents and settings\Michael Optis\Shared\Red Hot Chili Peppers - Breaking the girl.mp3

c:\documents and settings\Michael Optis\Shared\Willa Ford - I Wanna Be Bad (Remix).mp3

.

((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))

.

2009-03-21 16:10 . 2009-03-22 12:29 <DIR> d-------- c:\windows\LastGood

2009-03-21 16:06 . 2009-03-21 16:09 <DIR> d-------- c:\program files\EsetOnlineScanner

2009-03-21 14:58 . 2009-03-22 00:29 <DIR> d--h----- C:\$AVG8.VAULT$

2009-03-21 14:06 . 2009-03-22 18:31 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\program files\AVG

2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\Nick Optis\Application Data\AVG7

2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVG7

2009-03-21 14:06 . 2009-03-21 14:06 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-03-21 14:06 . 2009-03-21 14:06 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-03-21 14:06 . 2009-03-21 14:06 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-03-21 13:04 . 2009-03-21 13:04 <DIR> d-------- c:\program files\Trend Micro

2009-03-21 11:04 . 2009-03-21 11:04 <DIR> d--hs---- c:\documents and settings\Nick Optis\PrivacIE

2009-03-20 22:34 . 2009-03-22 12:29 <DIR> d-------- c:\program files\Windows Live Safety CenterRebootActions

2009-03-20 21:55 . 2009-03-22 12:29 <DIR> d-------- c:\program files\Windows Live Safety Center

2009-03-20 19:01 . 2009-03-20 19:01 <DIR> d--hs---- c:\documents and settings\Nick Optis\IETldCache

2009-03-20 18:16 . 2009-03-20 18:16 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache

2009-03-20 17:32 . 2009-03-20 17:32 <DIR> d--hs---- c:\documents and settings\Michael Optis\IECompatCache

2009-03-20 17:31 . 2009-03-20 17:31 <DIR> d--hs---- c:\documents and settings\Michael Optis\PrivacIE

2009-03-20 17:15 . 2009-03-20 17:15 <DIR> d--hs---- c:\documents and settings\Michael Optis\IETldCache

2009-03-20 17:12 . 2009-03-20 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

2009-03-20 17:11 . 2009-03-20 17:13 <DIR> d--h----- c:\windows\msdownld.tmp

2009-03-20 17:11 . 2009-03-20 17:12 <DIR> d--h-c--- c:\windows\ie8

2009-03-19 18:18 . 2009-03-19 18:18 4,096 --a------ C:\lvsen.exe

2009-03-19 18:18 . 2009-03-19 18:18 2 --a------ C:\-529988271

2009-03-18 17:30 . 2009-03-18 17:30 2,560 --a------ c:\windows\_MSRSTRT.EXE

2009-03-18 16:44 . 2009-03-18 16:44 <DIR> d-------- C:\a831996612730073e8

2009-03-18 16:41 . 2009-03-18 16:50 <DIR> d-------- C:\5993f0bc86c0bb3b1fb6

2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui

2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui

2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui

2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui

2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll

2009-03-05 23:09 . 2009-03-06 20:45 <DIR> d-------- c:\program files\Guild Warz

2009-03-04 16:07 . 2009-03-04 16:07 <DIR> d-------- c:\program files\QIP

2009-02-28 16:18 . 2009-03-04 16:33 <DIR> d-------- c:\documents and settings\Michael Optis\Application Data\ICQ

2009-02-28 16:17 . 2009-03-11 14:43 <DIR> d-------- c:\documents and settings\Michael Optis\ICQ6.5

2009-02-25 17:12 . 2009-02-25 17:12 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft

2009-02-25 17:12 . 2009-02-25 17:13 <DIR> d-------- c:\documents and settings\Michael Optis\Free YouTube to iPod Converter

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 18:58 --------- d-----w c:\program files\DIGStream

2009-03-20 23:09 --------- d-----w c:\program files\Plaxo

2009-03-20 21:12 --------- d-----w c:\program files\Yahoo!

2009-03-20 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-03-19 22:18 80,896 --sha-w c:\windows\system32\lezowafu.dll

2009-03-18 22:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-18 21:45 --------- d-----w c:\program files\MUSICMATCH

2009-03-08 18:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe

2009-03-08 18:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll

2009-03-08 08:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll

2009-03-08 08:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll

2009-03-08 08:34 914,944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 08:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll

2009-03-08 08:34 43,008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 08:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll

2009-03-08 08:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll

2009-03-08 08:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll

2009-03-08 08:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll

2009-03-08 08:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll

2009-03-08 08:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll

2009-03-08 08:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll

2009-03-08 08:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll

2009-03-08 08:33 420,352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 08:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll

2009-03-08 08:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll

2009-03-08 08:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll

2009-03-08 08:33 18,944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 08:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll

2009-03-08 08:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll

2009-03-08 08:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll

2009-03-08 08:32 72,704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 08:32 71,680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 08:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll

2009-03-08 08:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll

2009-03-08 08:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll

2009-03-08 08:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll

2009-03-08 08:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe

2009-03-08 08:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll

2009-03-08 08:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll

2009-03-08 08:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll

2009-03-08 08:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll

2009-03-08 08:22 156,160 ----a-w c:\windows\system32\msls31.dll

2009-03-08 08:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll

2009-03-08 08:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll

2009-03-06 03:08 --------- d-----w c:\program files\Guild Wars

2009-02-28 20:18 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-26 08:07 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-11 14:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 14:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys

2009-02-07 16:11 --------- d-----w c:\documents and settings\Michael Optis\Application Data\Research In Motion

2009-02-03 12:17 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\Research In Motion

2009-01-30 22:47 --------- d-----w c:\documents and settings\Nick Optis\Application Data\Research In Motion

2009-01-30 22:11 --------- d-----w c:\documents and settings\Nick Optis\Application Data\InstallShield

2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic

2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio

2009-01-30 22:09 --------- d-----w c:\program files\Roxio

2009-01-30 22:09 --------- d-----w c:\program files\Common Files\Roxio Shared

2009-01-30 22:08 --------- d-----w c:\program files\Common Files\Sonic Shared

2009-01-30 22:02 --------- d-----w c:\program files\Research In Motion

2009-01-30 22:02 --------- d-----w c:\program files\Common Files\Research In Motion

2009-01-30 21:09 --------- d-----w c:\program files\Viewpoint

2009-01-30 21:09 --------- d-----w c:\program files\Common Files\Software Update Utility

2009-01-30 21:09 --------- d-----w c:\program files\AIM6

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\AOL

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\acccore

2009-01-30 21:07 --------- d-----w c:\program files\AIM

2009-01-07 22:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe

2009-01-07 22:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll

2009-01-07 22:20 265,720 ----a-w c:\windows\system32\msdbg2.dll

2009-01-07 22:20 26,112 ----a-w c:\windows\system32\idndl.dll

2009-01-07 22:20 24,576 ----a-w c:\windows\system32\nlsdl.dll

2009-01-07 22:20 23,552 ----a-w c:\windows\system32\normaliz.dll

2009-01-07 22:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll

2009-01-07 22:20 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll

2009-01-07 22:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll

2008-04-05 20:45 61,224 ----a-w c:\documents and settings\Michael Optis\GoToAssistDownloadHelper.exe

2006-06-02 17:25 104 -csh--r c:\windows\system32\68DD96E23A.sys

2006-06-02 17:25 4,184 -csha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-03-21_ 4.08.44.48 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-22 22:54:57 8,192 ----a-w c:\windows\ERDNT\Hiv-backup\DEFAUL~1.DAT

+ 2007-07-27 18:49:02 196,683 ----a-w c:\windows\LastGood\system32\lnod32apiA.dll

+ 2007-07-27 18:49:02 225,355 ----a-w c:\windows\LastGood\system32\lnod32apiW.dll

+ 2005-12-05 23:25:22 139,264 ----a-w c:\windows\LastGood\system32\lnod32umc.dll

+ 2005-12-05 16:37:10 106,496 ----a-w c:\windows\LastGood\system32\lnod32upd.dll

+ 2008-02-11 13:39:26 253,952 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLA.dll

+ 2008-02-11 13:39:18 237,568 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLW.dll

+ 2008-02-08 17:53:46 110,592 ----a-w c:\windows\LastGood\system32\OnlineScannerLang.dll

+ 2008-02-05 12:48:04 77,824 ----a-w c:\windows\LastGood\system32\OnlineScannerUninstaller.exe

- 2008-03-18 14:16:35 26,952 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2009-03-21 18:06:34 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2007-07-27 18:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll

+ 2007-07-27 18:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll

+ 2005-12-05 23:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll

+ 2005-12-05 16:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll

+ 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe

+ 2008-02-11 13:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll

+ 2008-02-11 13:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll

+ 2008-02-08 17:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll

+ 2008-02-05 12:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe

+ 2006-12-02 04:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-21 1932568]

"CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE]

"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

c:\documents and settings\Michael Optis\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-04-18 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-04-16 14:14 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-21 14:06 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Button Manager v1.836.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Button Manager v1.836.lnk

backup=c:\windows\pss\Button Manager v1.836.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk

backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Optis sr^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\Nick Optis sr\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2006-09-14 07:55 61440 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

-ra------ 2006-10-23 08:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]

--a------ 2003-06-18 03:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

--a------ 2007-11-15 09:23 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

--a------ 2005-11-07 05:20 122940 c:\windows\system32\dla\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

--------- 2005-02-23 18:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

--a------ 2005-09-29 16:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

--a------ 2006-09-25 20:52 50736 c:\program files\Common Files\AOL\1141078386\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2005-06-17 09:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2007-08-30 11:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2006-09-11 05:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-12-11 12:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

--a------ 2007-12-11 18:21 227914 c:\program files\Plaxo\2.13.1.3\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-12-11 11:56 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2005-12-17 05:22 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-07-26 03:03 49263 c:\program files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-18 15:23 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 03:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"KodakCCS"=2 (0x2)

"AOL TopSpeedMonitor"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"Viewpoint Manager Service"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"gusvc"=3 (0x3)

"sprtsvc_dellsupportcenter"=2 (0x2)

"IDriverT"=3 (0x3)

"GoToAssist"=3 (0x3)

"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\1141078386\\ee\\aolservicehost.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Common Files\\AOL\\1141078386\\EE\\aolsoftware.exe"=

"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=

"c:\\Documents and Settings\\Michael Optis\\My Documents\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Documents and Settings\\Michael Optis\\ICQ6.5\\ICQ.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-21 325640]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-21 107912]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-21 298264]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-01-30 24652]

R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [2004-10-05 4992]

S3 USBVCD;Canon USB Video;c:\windows\system32\drivers\USBVCD.sys [2004-10-05 57856]

S3 VCIDRV;Canon USB Video Control;c:\windows\system32\drivers\VCIDRV.sys [2004-10-05 6528]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-22 18:56:37

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)

c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

.

Completion time: 2009-03-22 18:58:02

ComboFix-quarantined-files.txt 2009-03-22 22:57:56

ComboFix2.txt 2009-03-21 17:45:18

ComboFix3.txt 2009-03-21 08:09:35

Pre-Run: 85,276,266,496 bytes free

Post-Run: 85,434,081,280 bytes free

345 --- E O F --- 2009-03-22 07:02:24

Link to post
Share on other sites

2) My Computer seem to be running better.

3) HighjackThis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:00:32 PM, on 3/22/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207791331984

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...369/mcfscan.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

O24 - Desktop Component 0: (no name) - http://www.foci.buj.hu/oldalak/csapatok/an...d_arsenal01.jpg

O24 - Desktop Component 1: (no name) - http://thumbp1.mail.mud.yahoo.com/tn?sid=1...9&fid=Inbox

--

End of file - 11728 bytes

Link to post
Share on other sites

Hello,

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Registry::[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include:

  1. ComboFix log
  2. Please tell me how your computer is running now
  3. A new HijackThis log

Regards,

Adam

Link to post
Share on other sites

1) ComboFix Log.

2) My computer is running kinda slow.

ComboFix 09-03-22.01 - Michael Optis 2009-03-23 21:38:33.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1504 [GMT -4:00]

Running from: c:\documents and settings\Michael Optis\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Michael Optis\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

FW: McAfee Personal Firewall *enabled*

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))

.

2009-03-21 16:10 . 2009-03-22 12:29 <DIR> d-------- c:\windows\LastGood

2009-03-21 16:06 . 2009-03-21 16:09 <DIR> d-------- c:\program files\EsetOnlineScanner

2009-03-21 14:58 . 2009-03-23 01:33 <DIR> d--h----- C:\$AVG8.VAULT$

2009-03-21 14:06 . 2009-03-23 18:31 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\program files\AVG

2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\Nick Optis\Application Data\AVG7

2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVG7

2009-03-21 14:06 . 2009-03-21 14:06 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-03-21 14:06 . 2009-03-21 14:06 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-03-21 14:06 . 2009-03-21 14:06 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-03-21 13:04 . 2009-03-21 13:04 <DIR> d-------- c:\program files\Trend Micro

2009-03-21 11:04 . 2009-03-21 11:04 <DIR> d--hs---- c:\documents and settings\Nick Optis\PrivacIE

2009-03-20 22:34 . 2009-03-22 12:29 <DIR> d-------- c:\program files\Windows Live Safety CenterRebootActions

2009-03-20 21:55 . 2009-03-22 19:04 <DIR> d-------- c:\program files\Windows Live Safety Center

2009-03-20 19:01 . 2009-03-20 19:01 <DIR> d--hs---- c:\documents and settings\Nick Optis\IETldCache

2009-03-20 18:16 . 2009-03-20 18:16 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache

2009-03-20 17:32 . 2009-03-20 17:32 <DIR> d--hs---- c:\documents and settings\Michael Optis\IECompatCache

2009-03-20 17:31 . 2009-03-20 17:31 <DIR> d--hs---- c:\documents and settings\Michael Optis\PrivacIE

2009-03-20 17:15 . 2009-03-20 17:15 <DIR> d--hs---- c:\documents and settings\Michael Optis\IETldCache

2009-03-20 17:12 . 2009-03-20 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

2009-03-20 17:11 . 2009-03-20 17:13 <DIR> d--h----- c:\windows\msdownld.tmp

2009-03-20 17:11 . 2009-03-20 17:12 <DIR> d--h-c--- c:\windows\ie8

2009-03-19 18:18 . 2009-03-19 18:18 4,096 --a------ C:\lvsen.exe

2009-03-19 18:18 . 2009-03-19 18:18 2 --a------ C:\-529988271

2009-03-18 17:30 . 2009-03-18 17:30 2,560 --a------ c:\windows\_MSRSTRT.EXE

2009-03-18 16:44 . 2009-03-18 16:44 <DIR> d-------- C:\a831996612730073e8

2009-03-18 16:41 . 2009-03-18 16:50 <DIR> d-------- C:\5993f0bc86c0bb3b1fb6

2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui

2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui

2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui

2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui

2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll

2009-03-05 23:09 . 2009-03-06 20:45 <DIR> d-------- c:\program files\Guild Warz

2009-03-04 16:07 . 2009-03-04 16:07 <DIR> d-------- c:\program files\QIP

2009-02-28 16:18 . 2009-03-04 16:33 <DIR> d-------- c:\documents and settings\Michael Optis\Application Data\ICQ

2009-02-28 16:17 . 2009-03-11 14:43 <DIR> d-------- c:\documents and settings\Michael Optis\ICQ6.5

2009-02-25 17:12 . 2009-02-25 17:12 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft

2009-02-25 17:12 . 2009-02-25 17:13 <DIR> d-------- c:\documents and settings\Michael Optis\Free YouTube to iPod Converter

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 18:58 --------- d-----w c:\program files\DIGStream

2009-03-20 23:09 --------- d-----w c:\program files\Plaxo

2009-03-20 21:12 --------- d-----w c:\program files\Yahoo!

2009-03-20 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-03-18 22:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-18 21:45 --------- d-----w c:\program files\MUSICMATCH

2009-03-08 18:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe

2009-03-08 18:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll

2009-03-08 08:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll

2009-03-08 08:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll

2009-03-08 08:34 914,944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 08:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll

2009-03-08 08:34 43,008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 08:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll

2009-03-08 08:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll

2009-03-08 08:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll

2009-03-08 08:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll

2009-03-08 08:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll

2009-03-08 08:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll

2009-03-08 08:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll

2009-03-08 08:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll

2009-03-08 08:33 420,352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 08:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll

2009-03-08 08:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll

2009-03-08 08:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll

2009-03-08 08:33 18,944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 08:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll

2009-03-08 08:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll

2009-03-08 08:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll

2009-03-08 08:32 72,704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 08:32 71,680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 08:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll

2009-03-08 08:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll

2009-03-08 08:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll

2009-03-08 08:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll

2009-03-08 08:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe

2009-03-08 08:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll

2009-03-08 08:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll

2009-03-08 08:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll

2009-03-08 08:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll

2009-03-08 08:22 156,160 ----a-w c:\windows\system32\msls31.dll

2009-03-08 08:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll

2009-03-08 08:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll

2009-03-06 03:08 --------- d-----w c:\program files\Guild Wars

2009-02-28 20:18 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-26 08:07 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-11 14:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 14:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys

2009-02-07 16:11 --------- d-----w c:\documents and settings\Michael Optis\Application Data\Research In Motion

2009-02-03 12:17 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\Research In Motion

2009-01-30 22:47 --------- d-----w c:\documents and settings\Nick Optis\Application Data\Research In Motion

2009-01-30 22:11 --------- d-----w c:\documents and settings\Nick Optis\Application Data\InstallShield

2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic

2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio

2009-01-30 22:09 --------- d-----w c:\program files\Roxio

2009-01-30 22:09 --------- d-----w c:\program files\Common Files\Roxio Shared

2009-01-30 22:08 --------- d-----w c:\program files\Common Files\Sonic Shared

2009-01-30 22:02 --------- d-----w c:\program files\Research In Motion

2009-01-30 22:02 --------- d-----w c:\program files\Common Files\Research In Motion

2009-01-30 21:09 --------- d-----w c:\program files\Viewpoint

2009-01-30 21:09 --------- d-----w c:\program files\Common Files\Software Update Utility

2009-01-30 21:09 --------- d-----w c:\program files\AIM6

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\AOL

2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\acccore

2009-01-30 21:07 --------- d-----w c:\program files\AIM

2009-01-07 22:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe

2009-01-07 22:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll

2009-01-07 22:20 265,720 ----a-w c:\windows\system32\msdbg2.dll

2009-01-07 22:20 26,112 ----a-w c:\windows\system32\idndl.dll

2009-01-07 22:20 24,576 ----a-w c:\windows\system32\nlsdl.dll

2009-01-07 22:20 23,552 ----a-w c:\windows\system32\normaliz.dll

2009-01-07 22:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll

2009-01-07 22:20 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll

2009-01-07 22:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll

2008-04-05 20:45 61,224 ----a-w c:\documents and settings\Michael Optis\GoToAssistDownloadHelper.exe

2006-06-02 17:25 104 -csh--r c:\windows\system32\68DD96E23A.sys

2006-06-02 17:25 4,184 -csha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-03-21_ 4.08.44.48 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-24 01:38:20 8,192 ----a-w c:\windows\ERDNT\Hiv-backup\DEFAUL~1.DAT

+ 2007-07-27 18:49:02 196,683 ----a-w c:\windows\LastGood\system32\lnod32apiA.dll

+ 2007-07-27 18:49:02 225,355 ----a-w c:\windows\LastGood\system32\lnod32apiW.dll

+ 2005-12-05 23:25:22 139,264 ----a-w c:\windows\LastGood\system32\lnod32umc.dll

+ 2005-12-05 16:37:10 106,496 ----a-w c:\windows\LastGood\system32\lnod32upd.dll

+ 2008-02-11 13:39:26 253,952 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLA.dll

+ 2008-02-11 13:39:18 237,568 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLW.dll

+ 2008-02-08 17:53:46 110,592 ----a-w c:\windows\LastGood\system32\OnlineScannerLang.dll

+ 2008-02-05 12:48:04 77,824 ----a-w c:\windows\LastGood\system32\OnlineScannerUninstaller.exe

- 2008-03-18 14:16:35 26,952 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2009-03-21 18:06:34 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2007-07-27 18:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll

+ 2007-07-27 18:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll

+ 2005-12-05 23:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll

+ 2005-12-05 16:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll

+ 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe

+ 2008-02-11 13:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll

+ 2008-02-11 13:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll

+ 2008-02-08 17:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll

+ 2008-02-05 12:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe

+ 2006-12-02 04:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-21 1932568]

"CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE]

"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

c:\documents and settings\Michael Optis\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-04-18 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-04-16 14:14 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-21 14:06 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Button Manager v1.836.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Button Manager v1.836.lnk

backup=c:\windows\pss\Button Manager v1.836.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk

backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nick Optis sr^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\Nick Optis sr\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2006-09-14 07:55 61440 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

-ra------ 2006-10-23 08:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]

--a------ 2003-06-18 03:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

--a------ 2007-11-15 09:23 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]

--a------ 2005-11-07 05:20 122940 c:\windows\system32\dla\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

--------- 2005-02-23 18:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

--a------ 2005-09-29 16:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

--a------ 2006-09-25 20:52 50736 c:\program files\Common Files\AOL\1141078386\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2005-06-17 09:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2007-08-30 11:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2006-09-11 05:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-12-11 12:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

--a------ 2007-12-11 18:21 227914 c:\program files\Plaxo\2.13.1.3\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-12-11 11:56 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2005-12-17 05:22 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-07-26 03:03 49263 c:\program files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-18 15:23 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 03:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"KodakCCS"=2 (0x2)

"AOL TopSpeedMonitor"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"Viewpoint Manager Service"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"gusvc"=3 (0x3)

"sprtsvc_dellsupportcenter"=2 (0x2)

"IDriverT"=3 (0x3)

"GoToAssist"=3 (0x3)

"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\1141078386\\ee\\aolservicehost.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1141078386\\EE\\aolsoftware.exe"=

"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=

"c:\\Documents and Settings\\Michael Optis\\My Documents\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Documents and Settings\\Michael Optis\\ICQ6.5\\ICQ.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-21 325640]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-21 107912]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-21 298264]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-01-30 24652]

R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [2004-10-05 4992]

S3 USBVCD;Canon USB Video;c:\windows\system32\drivers\USBVCD.sys [2004-10-05 57856]

S3 VCIDRV;Canon USB Video Control;c:\windows\system32\drivers\VCIDRV.sys [2004-10-05 6528]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{398e2f37-c81c-11dc-99e4-00038a000015}]

\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

Contents of the 'Scheduled Tasks' folder

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-23 21:41:50

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)

c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

.

Completion time: 2009-03-23 21:44:10

ComboFix-quarantined-files.txt 2009-03-24 01:43:22

ComboFix2.txt 2009-03-22 22:58:03

ComboFix3.txt 2009-03-21 17:45:18

ComboFix4.txt 2009-03-21 08:09:35

Pre-Run: 84,160,770,048 bytes free

Post-Run: 84,160,221,184 bytes free

336 --- E O F --- 2009-03-22 07:02:24

Link to post
Share on other sites

3) Highjackthis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:46:50 PM, on 3/23/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207791331984

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...369/mcfscan.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

O24 - Desktop Component 0: (no name) - http://www.foci.buj.hu/oldalak/csapatok/an...d_arsenal01.jpg

O24 - Desktop Component 1: (no name) - http://thumbp1.mail.mud.yahoo.com/tn?sid=1...9&fid=Inbox

--

End of file - 11498 bytes

Link to post
Share on other sites

All of your logs are clean, so this is not a malware issue anymore. You may refer to this article to find some steps to help speed up your computer.

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9. Please uninstall all old versions of Adobe Reader and then you can download the newest version from http://www.adobe.com/products/acrobat/readstep2.html If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

Since you have Acrobat 6.0, you should use that for creating and editing PDF's and Adobe Reader 9 for reading them. This will ensure your security.

Update Java

Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 12.

  1. Click on Start > Control Panel and double click on Add/Remove Programs. Locate any entries that are java (such as Java X update X) and click on Change/Remove to uninstall them.
  2. Click here to visit Java's website.
  3. Select Windows from the drop-down list for Platform.
  4. Select Multi-language from the drop-down list for Language.
  5. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  6. Click on jre-6u12-windows-i586-p.exe link to download it and save this to a convenient location.
  7. Run this installation to update your Java.

Congratulations, you are now all clean! To help to prevent from becoming reinfected, please follow the instructions below in order. If you have any questions, please feel free to ask them. If after 48 hours you have not responded to this, then I will assume you have no questions and have the topic closed.

First, lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click Apply.
  5. Uncheck (untick) Turn off system restore on all drives box.
  6. Click OK.
  7. Restart your computer.

Note: Do this only ONCE, don't flush it regularly.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update

Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

I also recommend, if it's not already on, to enable Automatic updates. It will notify you whenever there are new updates available. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
    You can get a free copy of Winpatrol or use the Plus version for more features.
    You can read Winpatrol's FAQ if you run into problems.
  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.
    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
    Here are some Hosts files:
    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts
    A tutorial about Hosts File can be found at Malware Removal.
  3. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.
    Spybot Search & Destroy can be downloaded from here.
    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.
    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.
  4. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Happy surfing and stay clean!

Regards,

Adam

Link to post
Share on other sites

I dislike any P2P programs (including BitComet, Limwire, BitTorrent, etc.). You never know if you are downloading from an infected machine and that is why so many people get infected from P2P. I highly recommend that you stay away from Limewire and all P2P programs.

Regards,

Adam

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.