Jump to content

Can't install any programs; "file is corrupt", please help!


Recommended Posts

Hey,

Recently, I suspected I had a virus after strange things were happening when browsing the internet; sometimes pages would only load with text (basic, white backgrounds etc.)...Also I'm connected through a university proxy, so when I first open up either firefox or IE a pop-up box comes in where I have to key in my username and password etc... but in conjuction with the other browser problems the pop-up box started to come in many times, even when I clicked the cross, as though a program is trying to connect or something??? I can download things fine, however the main problem is when I try to install any anti-virus or other unrelated programs it will always come up with (paraphrasing) "The source file is corrupt" or something similar. Also I can't update AVG or any of programs, in its outdated state AVG doesnt pick up anything regardless. Intially hijack this wasn't installing either, but for some reason I tried later and I managed to install it and get the log. Thanks SO MUCH for any help!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:38:00 PM, on 16/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Applications\DAEMON Tools\daemon.exe

C:\Applications\Cyberlink PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Applications\DVD Region Killer\RegKillTray.exe

C:\Program Files\Lexmark 2300 Series\lxcgmon.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Applications\WinZip\WZQKPICK.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\lxcgcoms.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\DllHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.usyd.edu.au/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://www-cache.usyd.edu.au:8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\iiNet Web Accelerator\prpl_IePopupBlocker.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [smoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"

O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"

O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Applications\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [RemoteControl] "C:\Applications\Cyberlink PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Applications\DVD Region Killer\ElbyCheck.exe" /L RegKill

O4 - HKLM\..\Run: [RegKillTray] "C:\Applications\DVD Region Killer\RegKillTray.exe"

O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Applications\Photoshop Lightroom\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Ubisoft register.lnk = C:\Games\Chess Master 10th\Register\register\schedule.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Applications\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Avid SDM Service (AvidSDMService) - Unknown owner - C:\WINDOWS\system32\AvidSDMService.exe (file missing)

O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Applications\Perfect Disk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Applications\Perfect Disk\PDSched.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--

End of file - 10704 bytes

Link to post
Share on other sites

Just another note (this is NOT an intentional bump, I forgot to include important info)

I ran combofix after reading through other posts with similiar problems (I know I probably shouldn't have done this without supervision), but the following files were deleted:

c:\program files\Mozilla Firefox\plc4.dll

c:\windows\system32\HQDLAPI.dll

c:\windows\system32\lsp.dll

The first is a legitmate component of firefox, and as such firefox no longer works (not a problem though, I can reinstall later). Im not sure about the middle file, I cant find much info on it, but the last one is a browser hijacker. And not suprisingly I no longer get the pop-up box jumping in all the time... so it seems at least that part of the problem is fixed (or partially at least). However, the corrupt file problem and the other browser issues are still there, so I would really appreciate some help whenever someone is available.

The above Hijack this log was taken after the combofix scan (maybe thats how I got hijack this to work???).

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please post the log from C:\ComboFix.txt

After that, please go to this website, and complete the form as follows:

Link to topic where this file was requested: http://www.malwarebytes.org/forums/index.php?showtopic=24864

Browse to the file you want to submit:

Click Browse, and navigate to the following file:

C:\Qoobox\quarantine\c\program files\Mozilla Firefox\plc4.dll

Leave any comments, further information about this file, or contact information: ComboFix false positive

-screen317

Link to post
Share on other sites

Hi, thanks so much for quick reply.

Here is the combofix log I took the other day:

ComboFix 09-09-14.02 - Andris 16/09/2009 21:15.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.204 [GMT 10:00]

Running from: c:\documents and settings\Andris\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Mozilla Firefox\plc4.dll

c:\windows\system32\HQDLAPI.dll

c:\windows\system32\lsp.dll

.

((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))

.

2009-09-16 10:01 . 2009-09-16 10:01 10520 ----a-w- c:\windows\system32\avgrsstx.dll

2009-09-16 10:01 . 2009-09-16 10:01 107912 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-09-16 10:01 . 2009-09-16 10:01 325640 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-09-16 10:01 . 2009-09-16 10:01 27656 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-09-16 10:01 . 2009-09-16 10:01 -------- d-----w- c:\windows\system32\drivers\Avg

2009-09-16 09:16 . 2009-09-16 09:16 -------- d-----w- c:\program files\Panda Security

2009-09-16 09:16 . 2009-09-16 09:16 -------- d-----w- c:\windows\LastGood.Tmp

2009-09-16 08:51 . 2009-09-16 08:51 -------- d-----w- c:\program files\Trend Micro

2009-09-16 08:47 . 2009-09-10 04:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-11 22:49 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-16 10:01 . 2009-06-02 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-09-14 00:16 . 2008-03-18 01:43 -------- d-----w- c:\program files\Lx_cats

2009-08-05 09:11 . 2005-12-21 21:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-30 23:57 . 2009-07-30 23:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Juniper Networks

2009-07-17 18:55 . 2005-12-21 21:14 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 13:43 . 2005-12-21 21:15 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-26 15:59 . 2005-12-21 21:15 668160 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 15:59 . 2005-12-21 21:14 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-25 18:36 . 2005-12-21 21:14 95744 ----a-w- c:\windows\system32\mqsec.dll

2009-06-25 18:36 . 2005-12-21 21:14 661504 ----a-w- c:\windows\system32\mqqm.dll

2009-06-25 18:36 . 2005-12-21 21:14 517120 ----a-w- c:\windows\system32\mqsnap.dll

2009-06-25 18:36 . 2005-12-21 21:14 48640 ----a-w- c:\windows\system32\mqupgrd.dll

2009-06-25 18:36 . 2005-12-21 21:14 471552 ----a-w- c:\windows\system32\mqutil.dll

2009-06-25 18:36 . 2005-12-21 21:14 47104 ----a-w- c:\windows\system32\mqdscli.dll

2009-06-25 18:36 . 2005-12-21 21:14 225280 ----a-w- c:\windows\system32\mqoa.dll

2009-06-25 18:36 . 2005-12-21 21:14 186880 ----a-w- c:\windows\system32\mqtrig.dll

2009-06-25 18:36 . 2005-12-21 21:14 177152 ----a-w- c:\windows\system32\mqrt.dll

2009-06-25 18:36 . 2005-12-21 21:14 16896 ----a-w- c:\windows\system32\mqise.dll

2009-06-25 18:36 . 2005-12-21 21:14 138240 ----a-w- c:\windows\system32\mqad.dll

2009-06-25 18:36 . 2005-12-21 21:14 123392 ----a-w- c:\windows\system32\mqrtdep.dll

2009-06-22 11:49 . 2005-12-21 21:14 19968 ----a-w- c:\windows\system32\mqbkup.exe

2009-06-22 11:49 . 2005-12-21 21:14 117248 ----a-w- c:\windows\system32\mqtgsvc.exe

2009-06-22 11:49 . 2005-12-21 21:14 4608 ----a-w- c:\windows\system32\mqsvc.exe

2009-06-22 11:48 . 2005-12-21 21:14 91776 ----a-w- c:\windows\system32\drivers\mqac.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]

"DAEMON Tools"="c:\applications\DAEMON Tools\daemon.exe" [2005-12-10 133016]

"RemoteControl"="c:\applications\Cyberlink PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]

"RegKillElbyCheck"="c:\applications\DVD Region Killer\ElbyCheck.exe" [2002-11-02 45056]

"RegKillTray"="c:\applications\DVD Region Killer\RegKillTray.exe" [2002-11-27 49152]

"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]

"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]

"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]

"Adobe Photo Downloader"="c:\applications\Photoshop Lightroom\apdproxy.exe" [2008-03-06 61440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-12-08 61440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-16 1932568]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-14 88203]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]

"NDSTray.exe"="NDSTray.exe" [bU]

"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]

"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-05-31 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-25 113664]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-22 155648]

WinZip Quick Pick.lnk - c:\applications\WinZip\WZQKPICK.EXE [2006-12-11 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-09-16 10:01 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MIDI1"=diomidi.dll

"wave2"=Digi32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Applications\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Valve\\Condition Zero\\czero.exe"=

"c:\\Applications\\Combustion\\combustion.exe"=

"c:\\Applications\\Azureus\\Azureus.exe"=

"c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFi~1.sys [10/10/2006 2:35 PM 20992]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/09/2009 8:01 PM 325640]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/09/2009 8:01 PM 107912]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/09/2009 8:01 PM 298264]

R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [26/05/2008 3:07 PM 11776]

R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [28/11/2002 7:46 AM 6400]

R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [8/02/2007 10:38 AM 20352]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]

S2 PDSched;PDScheduler;c:\applications\Perfect Disk\PDSched.exe [28/06/2005 2:07 PM 241731]

S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [8/02/2007 11:11 AM 81152]

S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [8/02/2007 11:11 AM 90368]

S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [10/10/2006 2:35 PM 73216]

S3 DCM300;ScopeTek DCM300 Driver;c:\windows\system32\drivers\dcm300.sys [25/12/2007 8:19 PM 13312]

S3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [15/11/2008 2:34 PM 79393]

S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [15/08/2006 6:52 PM 129535]

.

Contents of the 'Scheduled Tasks' folder

2009-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 03:57]

2009-09-16 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-10 06:19]

2009-09-16 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-03 11:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyServer = hxxp://www-cache.usyd.edu.au:8080

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Andris\Application Data\Mozilla\Firefox\Profiles\p9be4xmc.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.news.google.com/

FF - prefs.js: network.proxy.http - http://www-cache.usyd.edu.au

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Propel Accelerator - c:\program files\iiNet Web Accelerator\trayctl.exe

HKLM-Run-BigPondWirelessBroadbandCM - c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe

HKLM-Run-Antiy Auto Update - c:\program files\Antiy Labs\Alive\ALiveCenter.exe

AddRemove-CANONBJ_Deinstall_CNMCP64.DLL - c:\windows\system32\CNMCP64.exe -PRINTERNAMECanon PIXMA iP4000 -HELPERDLLc:\bjprinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll

AddRemove-Power Saver - c:\windows\IsUninst.exe -fc:\program files\TOSHIBA\Power Saver\Uninst.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-16 21:23

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Antiy Auto Update = c:\program files\Antiy Labs\Alive\ALiveCenter.exe????????? ?????x?=?x?=????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2744)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

c:\program files\Microsoft Office\OFFICE11\msohev.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Synaptics\SynTP\Toshiba.exe

c:\windows\system32\TPSBattM.exe

c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files\Toshiba\ConfigFree\CFSvcs.exe

c:\program files\Juniper Networks\Common Files\dsNcService.exe

c:\windows\system32\DVDRAMSV.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

c:\windows\system32\lxcgcoms.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Completion time: 2009-09-16 21:27 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-16 11:27

Pre-Run: 5,631,053,824 bytes free

Post-Run: 6,238,081,024 bytes free

222 --- E O F --- 2009-09-13 00:58

Link to post
Share on other sites

  • Staff

Hi,

Thanks for submitting it-- it is currently being examined.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Link to post
Share on other sites

  • Staff

Hmm.

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

Next, please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

-screen317

Link to post
Share on other sites

Well the wierd thing is, is that certain downloaded programs cant install. For instance win32kdiag works and so does rootrepeal, which are both .exe files (shoudl I post these logs?). Also for some reason one copy of combofix worked last time (hence the log), but now the new version doesn't. I tried changing a downloaded file to .com but the some "corrupt" msg comes up. Its corrupting the file in the download process, because when I watch streamed videos online, they have glitches (corruptions) aswell.

Link to post
Share on other sites

Success! I changed the dds name to .com at the 'save as' screen and the program works (coincidence maybe?). Heres the log (btw thanks heaps for your time and effort thus far):

DDS (Ver_09-07-30.01) - NTFSx86

Run by Andris at 13:32:00.90 on Sun 20/09/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.135 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Applications\DAEMON Tools\daemon.exe

C:\Applications\Cyberlink PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Applications\DVD Region Killer\RegKillTray.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Lexmark 2300 Series\lxcgmon.exe

C:\Program Files\Lexmark 2300 Series\ezprint.exe

C:\Applications\Photoshop Lightroom\apdproxy.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\lxcgcoms.exe

C:\WINDOWS\system32\RAMASST.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Applications\WinZip\WZQKPICK.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\DllHost.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Andris\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/

uInternet Settings,ProxyServer = hxxp://www-cache.usyd.edu.au:8080

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: {656ec4b7-072b-4698-b504-2a414c1f0037} - IE_PopupBlocker Class

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll

uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\toscdspd.exe"

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [NDSTray.exe] NDSTray.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [smoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"

mRun: [Tvs] "c:\program files\toshiba\tvs\TvsTray.exe"

mRun: [THotkey] "c:\program files\toshiba\toshiba applet\thotkey.exe"

mRun: [TDispVol] TDispVol.exe

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [TPSMain] TPSMain.exe

mRun: [Easy-PrintToolBox] "c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE" /logon

mRun: [DAEMON Tools] "c:\applications\daemon tools\daemon.exe" -lang 1033

mRun: [RemoteControl] "c:\applications\cyberlink powerdvd\PDVDServ.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"

mRun: [RegKillElbyCheck] "c:\applications\dvd region killer\ElbyCheck.exe" /L RegKill

mRun: [RegKillTray] "c:\applications\dvd region killer\RegKillTray.exe"

mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16

mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"

mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"

mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s

mRun: [Adobe Photo Downloader] "c:\applications\photoshop lightroom\apdproxy.exe"

mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\applications\winzip\WZQKPICK.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: WRNotifier - WRLogonNTF.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andris\applic~1\mozilla\firefox\profiles\p9be4xmc.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.news.google.com/

FF - prefs.js: network.proxy.http - http://www-cache.usyd.edu.au

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPInfotl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFi~1.sys [2006-10-10 20992]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-16 325640]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-16 27656]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-16 107912]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-16 298264]

R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-5-26 11776]

R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-28 6400]

R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-2-8 20352]

S2 PDSched;PDScheduler;c:\applications\perfect disk\PDSched.exe [2005-6-28 241731]

S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [2007-2-8 81152]

S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [2007-2-8 90368]

S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2006-10-10 73216]

S3 DCM300;ScopeTek DCM300 Driver;c:\windows\system32\drivers\dcm300.sys [2007-12-25 13312]

S3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [2008-11-15 79393]

S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2006-8-15 129535]

=============== Created Last 30 ================

2009-09-18 18:36 <DIR> --d----- C:\32788R22FWJFV

2009-09-18 16:56 <DIR> --d----- c:\program files\Yahoo!

2009-09-18 16:56 <DIR> --d----- c:\program files\CCleaner

2009-09-18 15:25 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner

2009-09-18 14:05 <DIR> a-dshr-- C:\cmdcons

2009-09-17 14:10 29,576 a------- C:\MGlogs.zip

2009-09-17 14:10 <DIR> --d----- C:\MGtools

2009-09-16 21:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-09-16 21:13 229,888 a------- c:\windows\PEV.exe

2009-09-16 21:13 161,792 a------- c:\windows\SWREG.exe

2009-09-16 21:13 98,816 a------- c:\windows\sed.exe

2009-09-16 20:01 10,520 a------- c:\windows\system32\avgrsstx.dll

2009-09-16 20:01 107,912 a------- c:\windows\system32\drivers\avgtdix.sys

2009-09-16 20:01 325,640 a------- c:\windows\system32\drivers\avgldx86.sys

2009-09-16 20:01 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-09-16 19:16 <DIR> --d----- c:\program files\Panda Security

2009-09-16 18:51 <DIR> --d----- c:\program files\Trend Micro

2009-09-16 18:47 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-13 12:50 54,156 a---h--- c:\windows\QTFont.qfn

2009-09-13 12:50 1,409 a------- c:\windows\QTFont.for

2009-09-12 08:49 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-08-05 19:11 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-07-18 04:55 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-06-27 01:59 668,160 -------- c:\windows\system32\wininet.dll

2009-06-27 01:59 81,920 a------- c:\windows\system32\ieencode.dll

2009-06-26 04:36 661,504 a------- c:\windows\system32\mqqm.dll

2009-06-26 04:36 517,120 a------- c:\windows\system32\mqsnap.dll

2009-06-26 04:36 471,552 a------- c:\windows\system32\mqutil.dll

2009-06-26 04:36 225,280 a------- c:\windows\system32\mqoa.dll

2009-06-26 04:36 186,880 a------- c:\windows\system32\mqtrig.dll

2009-06-26 04:36 177,152 a------- c:\windows\system32\mqrt.dll

2009-06-26 04:36 138,240 a------- c:\windows\system32\mqad.dll

2009-06-26 04:36 123,392 a------- c:\windows\system32\mqrtdep.dll

2009-06-26 04:36 95,744 a------- c:\windows\system32\mqsec.dll

2009-06-26 04:36 48,640 a------- c:\windows\system32\mqupgrd.dll

2009-06-26 04:36 47,104 a------- c:\windows\system32\mqdscli.dll

2009-06-26 04:36 16,896 a------- c:\windows\system32\mqise.dll

2009-06-22 21:49 117,248 a------- c:\windows\system32\mqtgsvc.exe

2009-06-22 21:49 19,968 a------- c:\windows\system32\mqbkup.exe

2009-06-22 21:49 4,608 a------- c:\windows\system32\mqsvc.exe

============= FINISH: 13:32:38.85 ===============

Link to post
Share on other sites

Heres the rootrepeal log:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/09/20 13:11

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name: 00000052

Image Path: \Driver\00000052

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xAA755000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF9465000 Size: 8192 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA9160000 Size: 49152 File Visible: No Signed: -

Status: -

SSDT

-------------------

#: 041 Function Name: NtCreateKey

Status: Hooked by "sptd.sys" at address 0xf8e57b3a

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "sptd.sys" at address 0xf8e57c7e

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "sptd.sys" at address 0xf8e57ff6

#: 119 Function Name: NtOpenKey

Status: Hooked by "sptd.sys" at address 0xf8e57a18

#: 160 Function Name: NtQueryKey

Status: Hooked by "sptd.sys" at address 0xf8e580c0

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "sptd.sys" at address 0xf8e57f58

#: 247 Function Name: NtSetValueKey

Status: Hooked by "sptd.sys" at address 0xf8e58148

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x8378eeb0 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_CREATE]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_CLOSE]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_READ]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_WRITE]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_CLEANUP]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: Udfsȅ䵃慄ȁః瑎て, IRP_MJ_PNP]

Process: System Address: 0x834b50e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_CREATE]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_CLOSE]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_READ]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_WRITE]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_QUERY_EA]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_SET_EA]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_CLEANUP]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_PNP]

Process: System Address: 0x8335f0e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x835080e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x835080e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x835080e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x835080e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x835080e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x835080e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x835080e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x835080e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x835080e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x835080e8 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x835080e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE]

Process: System Address: 0x8355b0e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLOSE]

Process: System Address: 0x8355b0e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8355b0e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8355b0e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_POWER]

Process: System Address: 0x8355b0e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8355b0e8 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_PNP]

Process: System Address: 0x8355b0e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]

Process: System Address: 0x8378e0e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]

Process: System Address: 0x8378e0e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]

Process: System Address: 0x8378e0e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]

Process: System Address: 0x8378e0e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8378e0e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8378e0e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8378e0e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8378e0e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]

Process: System Address: 0x8378e0e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8378e0e8 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]

Process: System Address: 0x8378e0e8 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]

Process: System Address: 0x8378f660 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]

Process: System Address: 0x8378f660 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]

Process: System Address: 0x8378f660 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]

Process: System Address: 0x8378f660 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8378f660 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8378f660 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8378f660 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8378f660 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]

Process: System Address: 0x8378f660 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8378f660 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]

Process: System Address: 0x8378f660 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x8378f918 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x8378f918 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x8378f918 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8378f918 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8378f918 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8378f918 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8378f918 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x8378f918 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x8378f918 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8378f918 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x8378f918 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x832b24b0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x832b24b0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x832b24b0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x832b24b0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x832b24b0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x832b24b0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA]

Process: System Address: 0x832ae788 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x833b84e8 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_CREATE]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_CLOSE]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_READ]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_WRITE]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_CLEANUP]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: 0000, IRP_MJ_SET_SECURITY]

Process: System Address: 0x83394eb0 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_CREATE]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_CLOSE]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_READ]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_WRITE]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_CLEANUP]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: Msfsȅఐ卆浩, IRP_MJ_SET_SECURITY]

Process: System Address: 0x833100e8 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_CREATE]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_CLOSE]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_READ]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_SHUTDOWN]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_CLEANUP]

Process: System Address: 0x825a2248 Size: 15

Object: Hidden Code [Driver: CdfsЅఋ敓Ш, IRP_MJ_PNP]

Process: System Address: 0x825a2248 Size: 15

==EOF==

Link to post
Share on other sites

  • Staff

Grab a fresh copy of ComboFix.

Before you download it, rename it to chambershex.bat

Save it to your Desktop.

Reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Navigate to Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\chambershex.bat" /killall

See if it runs now.

-screen317

Link to post
Share on other sites

Na sorry it didn't work.

I'm thinking that if it is corrupting the file during the download (not during the installation), then that explains why the above won't work - because the damage has already been done to the file.

Is there some way to block it from interfering with the download? I've tried downloading in safe mode with networking but that doesn't work either...

Link to post
Share on other sites

I was hoping you wouldn't say that... a while ago when I tried to download some antivirus stuff to transfer to this computer (in order to try and get rid of the problem), in the process the other computer got infected as well (despite thorough scanning). So I can't download most files on either computer now. Any other ideas?

Link to post
Share on other sites

  • Staff

Yikes.

What browser are you using?

Try using Firefox if you're using IE, vice-versa.

If no joy, try this online scanner.

Please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

-screen317

Link to post
Share on other sites

Well I can't use firefox now, because combofix deleted that file that was integral to it working (I can't reinstall it either because of the corrupt bullshit). But I can tell you prior to using combofix both IE and firefox were suffering the same problems, so this is independant of a browser.

Also tried the scanner, didn't work. Didn't even begin downloading the required files. I have serious browser issues, almost every pg I visit is marked with the little "done but with errors on the page" triangle.

Link to post
Share on other sites

I just had a ridiculous idea...after reading up a bit on data corruption I noticed a fair few sites were talking about causes due to connection issues... You don't think its possible that the corruption is caused by a damaged ethernet cable? If you think about it something like that could explain everything: BOTH IE and firefox are affected equally, almost every file I download is corrupted (even if they are irrelevant to malware removal) regardless of file type, streaming videos, webpages and pictures all have glitches, and my other laptop suddenly got "infected", in retrospect, very soon after I plugged it in to the same ethernet cable...

It all seems to fit, and if it is the case, I'm extremely sorry for all your time that I will have wasted...

Link to post
Share on other sites

Unfortunately not at the moment... but by saturday I will able to use this computer with wireless internet (thereby getting the cable out of the picture), so I can report back to you then.

So unless theres anything else you think I should be doing in the meantime, do you think you could keep this thread open until sat/sun?

Cheers

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.