Jump to content

Can't run malwarebytes or any other antivirus program - HiJackThis didn't work either...


td0099
 Share

Recommended Posts

Hi there,

My infected computer cannot run malwarebytes, any other virus program or the HiJack This either. I receive this sign when I try to run these programs mostly: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I downloaded malwarebytes to a flashdisk and tried to run by that way but exactly after 3 seconds after I start a scan the program shuts itself down. I downloaded the processexplorer as suggested at #5 of the FAQ page but it didn't solve the problem. (I killed the process of some exe files under internet explorer which were like malware programs but it didn't help me to run the malwarebytes neither.)

I will appreciate any of your help!

Thanks in advance,

Tyler

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thank you very much for your help Chris. Please find below first the log from Combofix and the log from HiJackThis thereafter. I had to change the name of HiJackThis file but it worked luckily after that. Combofix deleted some files just before I got the log file. FYI.

Best,

Burc

ComboFix 09-09-06.06 - Burc 09/07/2009 15:04.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.930 [GMT -4:00]

Running from: c:\documents and settings\Burc\Desktop\ComboFix.exe

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Burc\LOCALS~1\Temp\csrss.exe

c:\docume~1\Burc\LOCALS~1\Temp\lsass.exe

c:\docume~1\Burc\LOCALS~1\Temp\services.exe

c:\docume~1\Burc\LOCALS~1\Temp\svchost.exe

c:\docume~1\Burc\LOCALS~1\Temp\taskmgr.exe

c:\docume~1\Burc\LOCALS~1\Temp\winlogon.exe

c:\documents and settings\All Users\Application Data\axiqy.dl

c:\documents and settings\All Users\Documents\lejyg.ban

c:\documents and settings\All Users\Documents\nubizu.vbs

c:\documents and settings\All Users\Documents\utibi.vbs

c:\documents and settings\Burc\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk

C:\lcbckjms.exe

c:\program files\Common Files\azofufi.vbs

c:\program files\Common Files\july._dl

c:\program files\Common Files\kafimuhusa.dll

c:\program files\Common Files\rugap.dl

c:\program files\PC_Antispyware2010

c:\program files\PC_Antispyware2010\data\daily.cvd

c:\program files\PC_Antispyware2010\htmlayout.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll

c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll

c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg

c:\program files\PC_Antispyware2010\pthreadVC2.dll

c:\recycler\S-1-5-21-3868997124-911790988-508925577-500

c:\windows\awuqymag.scr

c:\windows\Installer\26ea74.msi

c:\windows\Installer\26ea79.msi

c:\windows\Installer\45f379.msi

c:\windows\Installer\5a283.msi

c:\windows\Installer\5a288.msi

c:\windows\kb913800.exe

c:\windows\system32\~.exe

c:\windows\system32\drivers\WZSZXvptxelpyrlisunhojipurxgyennqlsme.sys

c:\windows\system32\pocak.bin

c:\windows\system32\taJF83ikdmf.dll

c:\windows\system32\wuvufyc.bin

c:\windows\system32\WZSZXdrgnpbrcjncpnjkyodhwvqjlobyfqlli.dll

c:\windows\system32\WZSZXhpxledpkiqlcqjjwnkinmjrccumyknpp.dll

c:\windows\system32\WZSZXqacytgkudofeqypmmeyksflchuiivwwo.dll

c:\windows\system32\WZSZXwortfpolncworxuicvfquqxvbdrqqppx.dat

c:\windows\system32\WZSZXyjejcsqwgwtsfwdpxkvxnmkwxfhuupnm.dll

c:\windows\wpd99.drv

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\system32\logevent.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_WZSZXserv.sys

-------\Legacy_WZSZXserv.sys

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))

.

2009-09-01 23:00 . 2009-09-01 23:00 59412 ---ha-w- c:\windows\system32\mlfcache.dat

2009-08-30 20:46 . 2009-08-30 20:49 -------- d-----w- c:\program files\Windows Live Safety Center

2009-08-30 20:24 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-30 20:23 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-26 21:18 . 2009-08-27 14:38 -------- d-----w- c:\program files\SpywareBlaster

2009-08-26 18:34 . 2009-08-26 18:34 -------- d-----w- c:\program files\Trend Micro

2009-08-26 17:43 . 2009-08-26 19:09 -------- d--h--w- C:\$AVG8.VAULT$

2009-08-26 17:33 . 2009-08-26 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

2009-08-26 17:33 . 2009-08-26 17:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-26 17:33 . 2009-08-26 17:33 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-08-26 17:33 . 2009-08-26 17:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-08-26 17:33 . 2009-08-26 17:33 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-26 17:33 . 2009-08-26 17:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-26 17:32 . 2009-09-07 18:43 -------- d-----w- c:\windows\system32\drivers\Avg

2009-08-26 17:31 . 2009-08-26 17:31 50968 ----a-w- c:\windows\system32\avgfwdx.dll

2009-08-26 17:31 . 2009-08-26 17:31 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys

2009-08-26 17:31 . 2009-08-26 17:31 -------- d-----w- c:\program files\AVG

2009-08-26 17:31 . 2009-08-26 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-08-26 17:28 . 2009-08-26 17:28 -------- d-----w- c:\documents and settings\Burc\Application Data\AVG8

2009-08-25 17:32 . 2009-08-25 17:32 -------- d-----w- c:\program files\Common Files\Windows Live

2009-08-25 15:59 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-08-25 05:23 . 2009-08-25 05:23 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)

2009-08-25 05:23 . 2009-08-25 05:23 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

2009-08-25 05:23 . 2009-08-25 05:23 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2009-08-25 05:21 . 2009-08-25 05:21 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

2009-08-25 05:14 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2009-08-25 05:08 . 2009-08-25 05:08 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-25 05:08 . 2009-08-25 05:08 -------- d-----w- c:\program files\MSBuild

2009-08-25 05:08 . 2009-08-25 05:08 -------- d-----w- c:\program files\Reference Assemblies

2009-08-25 05:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-25 05:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-25 05:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-25 05:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-25 05:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-25 05:07 . 2009-08-25 05:08 -------- d-----w- C:\ea01d236f3b6112726d089

2009-08-25 05:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-25 05:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-25 04:46 . 2009-08-25 04:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-07 19:11 . 2006-08-10 16:01 -------- d-----w- c:\program files\Symantec AntiVirus

2009-09-07 18:54 . 2006-02-15 14:02 56320 ----a-w- c:\windows\system32\eventlog.dll

2009-08-30 21:16 . 2006-10-22 03:04 -------- d-----w- c:\documents and settings\Burc\Application Data\Apple Computer

2009-08-26 22:46 . 2008-09-20 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-26 18:51 . 2008-02-11 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-25 16:02 . 2006-08-10 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-25 05:49 . 2006-02-16 16:59 73080 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-25 05:30 . 2006-08-10 16:23 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-25 05:15 . 2008-04-07 23:49 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-25 05:15 . 2009-08-25 05:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2009-08-25 05:15 . 2009-08-25 05:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-08-25 05:00 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works

2009-08-25 03:57 . 2009-08-25 03:57 19473 ----a-w- c:\documents and settings\Burc\Application Data\urabivizi.dat

2009-08-08 04:37 . 2009-08-08 04:37 -------- d-----w- c:\program files\iTunes

2009-08-08 04:37 . 2009-08-08 04:37 -------- d-----w- c:\program files\iPod

2009-08-08 04:37 . 2007-06-29 20:43 -------- d-----w- c:\program files\Common Files\Apple

2009-08-08 04:34 . 2009-08-08 04:33 -------- d-----w- c:\program files\QuickTime

2009-07-29 04:57 . 2006-08-10 04:28 -------- d-----w- c:\documents and settings\Burc\Application Data\Skype

2009-07-14 03:43 . 2006-02-15 14:05 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-09 16:16 . 2009-03-24 02:41 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-07-09 16:16 . 2007-09-12 04:12 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2008-01-24 05:01 . 2007-03-01 05:52 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-01-24 05:01 . 2007-03-01 05:52 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-01-24 05:01 . 2007-03-01 05:52 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4A9D-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]

2007-04-16 15:40 2336312 ----a-w- c:\program files\Mozy\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]

2007-04-16 15:40 2336312 ----a-w- c:\program files\Mozy\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-25 53408]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-26 2007832]

"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]

"TFncKy"="TFncKy.exe" [bU]

"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]

"NDSTray.exe"="NDSTray.exe" [bU]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]

"CFSServ.exe"="CFSServ.exe" [bU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\Burc\Start Menu\Programs\Startup\

Mozy Status.lnk - c:\program files\Mozy\mozystat.exe [2007-1-15 1807928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

mimio Studio.lnk - c:\program files\Virtual Ink\mimio\mimiosys.exe [2006-8-10 233472]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

Sidecar.lnk - c:\windows\SideCar.exe [2006-3-2 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-26 17:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\WINDOWS\\SideCar.exe"=

"c:\\Program Files\\Virtual Ink\\mimio\\mimiosys.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=

"c:\\Program Files\\CU Services\\JtF.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/26/2009 1:33 PM 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/26/2009 1:33 PM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/26/2009 1:33 PM 108552]

R1 MozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [1/15/2007 4:27 AM 52984]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/26/2009 1:32 PM 297752]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [8/26/2009 1:32 PM 1370488]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [8/30/2009 3:56 PM 102448]

S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/26/2009 1:31 PM 29208]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/26/2009 1:31 PM 29208]

S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]

S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [?]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 4:40 AM 115952]

.

Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm

IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB

FF - ProfilePath - c:\documents and settings\Burc\Application Data\Mozilla\Firefox\Profiles\oqinut4a.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - component: c:\documents and settings\Burc\Application Data\Mozilla\Firefox\Profiles\oqinut4a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\documents and settings\Burc\Application Data\Mozilla\Firefox\Profiles\oqinut4a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-07 15:14

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2784)

c:\program files\Mozy\mozyshell.dll

c:\windows\system32\TDispVol.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\aolshare\aolshcpy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\AOL\ACS\AOLacsd.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\windows\system32\DVDRAMSV.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\TPSBattM.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files\Synaptics\SynTP\SynToshiba.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\ehome\ehmsas.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\krbcc32s.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

.

**************************************************************************

.

Completion time: 2009-09-07 15:19 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-07 19:19

Pre-Run: 86,406,795,264 bytes free

Post-Run: 86,480,314,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

364 --- E O F --- 2009-09-07 18:42

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:31:23 PM, on 9/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\dla\DLACTRLW.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Virtual Ink\mimio\mimiosys.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\SideCar.exe

C:\Program Files\Mozy\mozystat.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\krbcc32s.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Safari\Safari.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\h\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: mimio Studio.lnk = C:\Program Files\Virtual Ink\mimio\mimiosys.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: Sidecar.lnk = C:\WINDOWS\SideCar.exe

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1251174680968

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Mozy Backup Service (MozyBackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--

End of file - 13596 bytes

Link to post
Share on other sites

  • Staff

Hi,

Looks like we're winning! :P

I notice that you are using more than one antivirus program (AVG and Norton). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Let me know what you decide to remove.

After that, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Yes, definitely it feels like we are in the right direction! Thanks again for your help. After running the combofix I ran malwarebytes and avira and deleted the files that these programs found on my computer. (deleted all other antivirus and keeping avira as of now) I have a different problem now unfortunately. I cannot run internet explorer. Each time I try I see a warning of: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I uninstalled and tried to reinstall the browser again but reinstallation could not be completed so I don't have explorer right now. I had to uninstall SP 3 for doing this and I am struggling to re-install that one too. Anyways in order to complete the first task that you suggest I need explorer, correct? Do you have any idea about how can I solve this particular issue?

Thanks,

Burc

Hi,

Looks like we're winning! :P

I notice that you are using more than one antivirus program (AVG and Norton). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Let me know what you decide to remove.

After that, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.