Jump to content

Malwarebytes won't run, Please help.


JavaSama

Recommended Posts

Yeah my Malwarebytes won't run, and neither will many other programs, Hijack this, Spybot S&D, and a few other anti virus stuff I"ve tried won't work either. They'll start up, then close in about 2 to 3 seconds. When I try to re-open said program, It says that it can't find it, and I have to re-intall it.

I already ran Combofix, and here is what I got.

ComboFix 09-09-22.02 - owner 09/22/2009 20:23.1.1 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1697 [GMT -6:00]

Running from: c:\documents and settings\owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: PC Tools AntiVirus *On-access scanning enabled* (Updated) {832E7172-E406-4BB2-8B19-6D29F2C93A98}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\S-1-5-21-1275210071-1993962763-839522115-1005

c:\recycler\S-1-5-21-5050694030-1175619529-335498436-4620

c:\windows\Installer\swinstall.msi

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\41.exe

c:\windows\system32\kernel1.exe

c:\windows\system32\lipemeye.dll

c:\windows\system32\mi2.exe

c:\windows\system32\wbem\proquota.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\system32\logevent.dll

c:\windows\system32\proquota.exe . . . is missing!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))

.

2009-09-23 02:17 . 2009-09-23 02:17 0 ----a-r- c:\windows\win32k.sys

2009-09-23 01:10 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-23 01:10 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-23 01:07 . 2009-09-23 01:35 -------- d-----w- c:\program files\Unlocker

2009-09-23 00:55 . 2009-09-23 00:55 -------- d-----w- c:\documents and settings\owner\Application Data\PC Tools

2009-09-23 00:55 . 2008-02-12 16:44 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys

2009-09-23 00:55 . 2007-12-06 21:51 28568 ----a-w- c:\windows\system32\drivers\AVHook.sys

2009-09-23 00:55 . 2007-12-06 21:51 21912 ----a-w- c:\windows\system32\drivers\AVRec.sys

2009-09-23 00:55 . 2009-09-23 02:28 -------- d-----w- c:\program files\PC Tools AntiVirus

2009-09-23 00:55 . 2009-09-23 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-09-23 00:33 . 2009-09-23 00:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-23 00:32 . 2009-09-23 00:32 -------- d-----w- c:\program files\Common Files\PC Tools

2009-09-22 00:12 . 2009-09-23 02:17 -------- d--h--w- c:\windows\PIF

2009-09-21 20:30 . 2009-09-23 01:39 -------- d-----w- C:\$AVG8.VAULT$

2009-09-21 04:21 . 2009-09-21 04:21 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\AVG Security Toolbar

2009-09-21 04:19 . 2009-09-21 04:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-09-21 04:19 . 2009-09-21 04:19 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-09-21 04:19 . 2009-09-21 04:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-09-21 04:19 . 2009-09-21 04:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-09-21 04:19 . 2009-09-22 22:00 -------- d-----w- c:\windows\system32\drivers\Avg

2009-09-21 04:19 . 2009-09-21 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-09-21 04:19 . 2009-09-21 04:19 -------- d-----w- c:\program files\AVG

2009-09-21 04:19 . 2009-09-21 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-09-21 01:50 . 2009-07-29 04:53 82432 -c----w- c:\windows\system32\dllcache\fontsub.dll

2009-09-21 01:46 . 2008-12-05 07:12 144896 -c----w- c:\windows\system32\dllcache\schannel.dll

2009-09-21 01:46 . 2008-10-23 13:01 283648 -c----w- c:\windows\system32\dllcache\gdi32.dll

2009-09-21 01:45 . 2008-07-07 20:32 253952 -c----w- c:\windows\system32\dllcache\es.dll

2009-09-21 01:44 . 2008-06-24 16:23 74240 -c----w- c:\windows\system32\dllcache\mscms.dll

2009-09-21 01:44 . 2008-08-14 09:51 138368 -c----w- c:\windows\system32\dllcache\afd.sys

2009-09-21 01:44 . 2008-06-20 17:41 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll

2009-09-21 01:44 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-09-21 01:44 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys

2009-09-21 00:54 . 2009-09-21 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2009-09-21 00:54 . 2009-09-21 00:54 -------- d-----w- c:\program files\IObit

2009-09-21 00:53 . 2009-09-21 00:53 -------- d-----w- c:\program files\Alwil Software

2009-09-20 23:56 . 2009-09-20 23:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-20 23:54 . 2009-09-20 23:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-09-20 23:47 . 2009-09-20 23:47 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes

2009-09-20 23:47 . 2009-09-20 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-20 17:47 . 2009-09-21 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\12779794

2009-09-20 06:53 . 2004-02-26 00:33 531456 ----a-w- c:\windows\system32\DiceMage.exe

2009-09-03 02:50 . 2009-09-03 02:56 -------- d-----w- c:\documents and settings\owner\Application Data\Trillian

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-23 02:27 . 2009-02-19 22:19 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-09-23 02:27 . 2009-02-19 22:19 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2009-09-23 00:47 . 2009-06-20 06:09 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-22 01:10 . 2007-08-03 09:42 -------- d-----w- c:\program files\Trillian

2009-09-21 05:47 . 2009-06-21 05:47 50688 --sha-w- c:\windows\system32\wanajiru.dll

2009-09-21 04:19 . 2007-02-16 06:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-09-21 00:35 . 2007-08-03 08:36 -------- d-----w- c:\program files\SpywareBlaster

2009-09-20 23:37 . 2008-01-01 05:11 -------- d-----w- c:\documents and settings\owner\Application Data\OpenOffice.org2

2009-09-20 23:37 . 2008-01-01 05:12 1 ----a-w- c:\documents and settings\owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2009-09-18 10:00 . 2008-12-07 16:28 -------- d-----w- c:\documents and settings\owner\Application Data\uTorrent

2009-08-21 00:07 . 2008-02-04 00:47 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys

2009-08-17 14:08 . 2009-08-17 14:08 -------- d-----w- c:\program files\Common Files\DirectX

2009-08-17 13:02 . 2009-08-17 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2009-08-06 00:36 . 2003-01-01 04:42 207832 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-30 10:24 . 2008-11-30 01:52 -------- d-----w- c:\documents and settings\owner\Application Data\U3

2009-07-29 16:23 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 05:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2007-07-26 19:32 . 2007-08-03 07:28 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2007-07-26 19:32 . 2007-08-03 07:28 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-07-26 19:32 . 2007-08-03 07:28 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2007-07-26 19:32 . 2007-08-03 07:28 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2007-07-26 19:32 . 2007-08-03 07:28 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

------- Sigcheck -------

[-] 2007-02-17 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

c:\windows\system32\drivers\beep.sys ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 15:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2003-03-01 138240]

"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 1368064]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]

"WireLessKeyboard "="c:\program files\Multimedia Keyboard\PS2USBKbdDrv.exe" [2005-08-03 253952]

"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-06 270336]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-02 1216272]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-22 2022680]

"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-07-23 1259408]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2007-02-28 53248]

"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-08-12 86016]

c:\documents and settings\owner\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-8-3 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-4 113664]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2007-8-2 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 01000000

"NoWinKeys"= 01000000

"NoRecentDocsNetHood"= 01000000

"NoSMMyDocs"= 01000000

"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 21:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-09-21 04:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Reboot.exe

backup=c:\windows\pss\Reboot.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

"MDM"=2 (0x2)

"Avg7UpdSvc"=2 (0x2)

"Avg7Alrt"=2 (0x2)

"AVG Anti-Spyware Guard"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56103:TCP"= 56103:TCP:Pando Media Booster

"56103:UDP"= 56103:UDP:Pando Media Booster

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9/20/2009 10:19 PM 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/20/2009 10:19 PM 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/20/2009 10:19 PM 108552]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2/15/2007 11:37 PM 13696]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/20/2009 10:19 PM 297752]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9/20/2009 6:54 PM 305936]

S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]

S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\0oeg0l7d.default\

FF - prefs.js: browser.search.selectedEngine - d20 SRD

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

HKLM-Run-paboyamuw - c:\windows\system32\fomasopi.dll

SharedTaskScheduler-{a47880e2-c6a6-4160-a98f-7aff2707e696} - c:\windows\system32\fomasopi.dll

SSODL-pufehegut-{a47880e2-c6a6-4160-a98f-7aff2707e696} - c:\windows\system32\fomasopi.dll

AddRemove-iCF Skin Pack - c:\program files\iColorFolder\Uninstall Skin Pack.exe

AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware\unins000.exe

AddRemove-Windows Vista - c:\documents and settings\owner\My Documents\My TopThemes\My Themes\UninstTheme.exe

AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-22 20:28

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"

"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"

"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"

"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"

"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"

"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"

"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"

"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"

"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"

"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"

"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"

"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"

"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"

"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"

"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)

c:\windows\system32\Ati2evxx.dll

c:\progra~1\COMMON~1\Stardock\mcpstub.dll

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

- - - - - - - > 'lsass.exe'(780)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

- - - - - - - > 'explorer.exe'(4944)

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

c:\program files\Stardock\ObjectDock\DockShellHook.dll

c:\progra~1\COMMON~1\Stardock\MCPCore.dll

c:\program files\CursorXP\CurXP0.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(696)

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\TGTSoft\StyleXP\StyleXPService.exe

c:\progra~1\COMMON~1\Stardock\SDMCP.exe

c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\nvsvc32.exe

c:\program files\PC Tools AntiVirus\PCTAVSvc.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\windows\system32\imapi.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

.

**************************************************************************

.

Completion time: 2009-09-23 20:33 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-23 02:32

Pre-Run: 18,199,707,648 bytes free

Post-Run: 16,425,959,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

298

Any help would be greatly appreciated.

Link to post
Share on other sites

Actually I tried it before I had read this, and Yes it ran fine.. and here is the log it gave me.

Malwarebytes' Anti-Malware 1.41

Database version: 2857

Windows 5.1.2600 Service Pack 2

9/24/2009 11:24:09 PM

mbam-log-2009-09-24 (23-24-09).txt

Scan type: Full Scan (C:\|)

Objects scanned: 148294

Time elapsed: 52 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\All Users\Application Data\12779794 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:

C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\lipemeye.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{008B42F0-35EB-4774-9CDD-66CB64DF5DF2}\RP793\A0119684.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{008B42F0-35EB-4774-9CDD-66CB64DF5DF2}\RP793\A0119687.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\12779794\12779794 (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\12779794\pc12779794ins (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winlogon.Del (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Thanks again for your help. This Thing has been a nightmare.

Link to post
Share on other sites

Please download the attached file to your desktop.

Please extract beep.sys to the following folder C:\windows\system32\drivers

Please extract proquota.exe to the following folder C:\windows\system32

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Link to post
Share on other sites

I ran it, and here is the log.

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, September 25, 2009

Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Saturday, September 26, 2009 00:24:57

Records in database: 2921582

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

Scan statistics:

Objects scanned: 42047

Threats found: 2

Infected objects found: 2

Suspicious objects found: 0

Scan duration: 00:59:22

File name / Threat / Threats count

C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir Infected: Backdoor.Win32.Bredolab.aao 1

C:\WINDOWS\system32\wanajiru.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1

Selected area has been scanned.

Link to post
Share on other sites

Download the attached file CFScript.txt to your Desktop

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt". In your next reply, please include the ComboFix log and a fresh HIjackthis log.

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this user's computer only!!!!

CFScript.txt

Link to post
Share on other sites

Mmmk I downloaded the script and dragged it into Combofix. Here is the log it gave me.

ComboFix 09-09-25.01 - owner 09/26/2009 1:09.2.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1376 [GMT -6:00]

Running from: c:\documents and settings\owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt

AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: PC Tools AntiVirus *On-access scanning enabled* (Updated) {832E7172-E406-4BB2-8B19-6D29F2C93A98}

FILE ::

"c:\windows\system32\wanajiru.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\wanajiru.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\drivers\beep.sys . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))

.

2009-09-26 01:05 . 2009-04-22 07:19 28160 ----a-w- c:\windows\system32\proquota.exe

2009-09-25 04:30 . 2009-09-25 04:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-23 01:10 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-23 01:10 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-23 01:07 . 2009-09-23 01:35 -------- d-----w- c:\program files\Unlocker

2009-09-23 00:55 . 2009-09-23 00:55 -------- d-----w- c:\documents and settings\owner\Application Data\PC Tools

2009-09-23 00:55 . 2008-02-12 16:44 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys

2009-09-23 00:55 . 2007-12-06 21:51 28568 ----a-w- c:\windows\system32\drivers\AVHook.sys

2009-09-23 00:55 . 2007-12-06 21:51 21912 ----a-w- c:\windows\system32\drivers\AVRec.sys

2009-09-23 00:55 . 2009-09-26 07:16 -------- d-----w- c:\program files\PC Tools AntiVirus

2009-09-23 00:55 . 2009-09-23 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-09-23 00:33 . 2009-09-23 00:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-23 00:32 . 2009-09-23 00:32 -------- d-----w- c:\program files\Common Files\PC Tools

2009-09-22 00:12 . 2009-09-23 02:17 -------- d--h--w- c:\windows\PIF

2009-09-21 20:30 . 2009-09-23 18:54 -------- d-----w- C:\$AVG8.VAULT$

2009-09-21 04:21 . 2009-09-21 04:21 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\AVG Security Toolbar

2009-09-21 04:19 . 2009-09-21 04:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-09-21 04:19 . 2009-09-21 04:19 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-09-21 04:19 . 2009-09-21 04:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-09-21 04:19 . 2009-09-21 04:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-09-21 04:19 . 2009-09-25 22:00 -------- d-----w- c:\windows\system32\drivers\Avg

2009-09-21 04:19 . 2009-09-21 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-09-21 04:19 . 2009-09-21 04:19 -------- d-----w- c:\program files\AVG

2009-09-21 04:19 . 2009-09-21 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-09-21 01:50 . 2009-07-29 04:53 82432 -c----w- c:\windows\system32\dllcache\fontsub.dll

2009-09-21 01:46 . 2008-12-05 07:12 144896 -c----w- c:\windows\system32\dllcache\schannel.dll

2009-09-21 01:46 . 2008-10-23 13:01 283648 -c----w- c:\windows\system32\dllcache\gdi32.dll

2009-09-21 01:45 . 2008-07-07 20:32 253952 -c----w- c:\windows\system32\dllcache\es.dll

2009-09-21 01:44 . 2008-06-24 16:23 74240 -c----w- c:\windows\system32\dllcache\mscms.dll

2009-09-21 01:44 . 2008-08-14 09:51 138368 -c----w- c:\windows\system32\dllcache\afd.sys

2009-09-21 01:44 . 2008-06-20 17:41 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll

2009-09-21 01:44 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-09-21 01:44 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys

2009-09-21 00:54 . 2009-09-21 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2009-09-21 00:54 . 2009-09-21 00:54 -------- d-----w- c:\program files\IObit

2009-09-21 00:53 . 2009-09-21 00:53 -------- d-----w- c:\program files\Alwil Software

2009-09-20 23:56 . 2009-09-20 23:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-20 23:54 . 2009-09-20 23:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-09-20 23:47 . 2009-09-20 23:47 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes

2009-09-20 23:47 . 2009-09-20 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-20 06:53 . 2004-02-26 00:33 531456 ----a-w- c:\windows\system32\DiceMage.exe

2009-09-03 02:50 . 2009-09-03 02:56 -------- d-----w- c:\documents and settings\owner\Application Data\Trillian

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-26 07:16 . 2009-02-19 22:19 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-09-26 07:15 . 2009-02-19 22:19 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2009-09-26 02:35 . 2003-01-01 04:42 207440 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-25 05:33 . 2008-01-01 05:12 1 ----a-w- c:\documents and settings\owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2009-09-25 05:33 . 2008-01-01 05:11 -------- d-----w- c:\documents and settings\owner\Application Data\OpenOffice.org2

2009-09-25 03:49 . 2008-12-07 16:28 -------- d-----w- c:\documents and settings\owner\Application Data\uTorrent

2009-09-25 02:20 . 2007-08-03 09:42 -------- d-----w- c:\program files\Trillian

2009-09-23 00:47 . 2009-06-20 06:09 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-21 04:19 . 2007-02-16 06:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-09-21 00:35 . 2007-08-03 08:36 -------- d-----w- c:\program files\SpywareBlaster

2009-08-21 00:07 . 2008-02-04 00:47 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys

2009-08-17 14:08 . 2009-08-17 14:08 -------- d-----w- c:\program files\Common Files\DirectX

2009-08-17 13:02 . 2009-08-17 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-30 10:24 . 2008-11-30 01:52 -------- d-----w- c:\documents and settings\owner\Application Data\U3

2009-07-29 16:23 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 05:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2007-07-26 19:32 . 2007-08-03 07:28 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2007-07-26 19:32 . 2007-08-03 07:28 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-07-26 19:32 . 2007-08-03 07:28 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2007-07-26 19:32 . 2007-08-03 07:28 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2007-07-26 19:32 . 2007-08-03 07:28 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

------- Sigcheck -------

[-] 2007-02-17 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

c:\windows\system32\drivers\beep.sys ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 15:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2003-03-01 138240]

"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 1368064]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]

"WireLessKeyboard "="c:\program files\Multimedia Keyboard\PS2USBKbdDrv.exe" [2005-08-03 253952]

"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-06 270336]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-02 1216272]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-22 2022680]

"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-07-23 1259408]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2007-02-28 53248]

"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-08-12 86016]

c:\documents and settings\owner\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-8-3 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-4 113664]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2007-8-2 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 01000000

"NoWinKeys"= 01000000

"NoRecentDocsNetHood"= 01000000

"NoSMMyDocs"= 01000000

"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 21:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-09-21 04:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Reboot.exe

backup=c:\windows\pss\Reboot.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

"MDM"=2 (0x2)

"Avg7UpdSvc"=2 (0x2)

"Avg7Alrt"=2 (0x2)

"AVG Anti-Spyware Guard"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56103:TCP"= 56103:TCP:Pando Media Booster

"56103:UDP"= 56103:UDP:Pando Media Booster

R0 BootScreen;BootScreen;c:\windows\\SystemRoot\System32\drivers\vidstub.sys [x]

R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-09-21 12552]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-21 335240]

S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-21 108552]

S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-22 297752]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-09-02 305936]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\0oeg0l7d.default\

FF - prefs.js: browser.search.selectedEngine - d20 SRD

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-26 01:16

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)

c:\windows\system32\Ati2evxx.dll

c:\progra~1\COMMON~1\Stardock\mcpstub.dll

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

- - - - - - - > 'lsass.exe'(772)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

- - - - - - - > 'explorer.exe'(4172)

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

c:\program files\Stardock\ObjectDock\DockShellHook.dll

c:\progra~1\COMMON~1\Stardock\MCPCore.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(692)

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\TGTSoft\StyleXP\StyleXPService.exe

c:\progra~1\COMMON~1\Stardock\SDMCP.exe

c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\nvsvc32.exe

c:\program files\PC Tools AntiVirus\PCTAVSvc.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\IObit\IObit Security 360\is360updater.exe

.

**************************************************************************

.

Completion time: 2009-09-26 1:21 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-26 07:21

ComboFix2.txt 2009-09-23 02:33

Pre-Run: 16,249,282,560 bytes free

Post-Run: 16,289,771,520 bytes free

247

((((((here is the Hijack this log)))))))

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:28:53 AM, on 9/26/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1041396317692

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--

End of file - 7037 bytes

Link to post
Share on other sites

Download the attached file CFScript.txt to your Desktop

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt". In your next reply, please include the ComboFix log and a fresh HIjackthis log.

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this user's computer only!!!!

CFScript.txt

Link to post
Share on other sites

Done & Done.

Combofix Log

ComboFix 09-09-25.01 - owner 09/27/2009 23:50.3.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1435 [GMT -6:00]

Running from: c:\documents and settings\owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt

AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: PC Tools AntiVirus *On-access scanning enabled* (Updated) {832E7172-E406-4BB2-8B19-6D29F2C93A98}

* Created a new restore point

FILE ::

"c:\windows\system32\drivers\beep.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))

.

2009-09-27 06:00 . 2009-09-27 06:00 -------- d-----w- c:\program files\NVIDIA Corporation

2009-09-27 06:00 . 2009-09-27 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2009-09-27 05:59 . 2009-09-27 05:59 -------- d-----w- C:\NVIDIA

2009-09-26 07:28 . 2009-09-26 07:28 -------- d-----w- c:\program files\Trend Micro

2009-09-26 01:05 . 2009-04-22 07:19 28160 ----a-w- c:\windows\system32\proquota.exe

2009-09-25 04:30 . 2009-09-25 04:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-23 01:10 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-23 01:10 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-23 01:07 . 2009-09-23 01:35 -------- d-----w- c:\program files\Unlocker

2009-09-23 00:55 . 2009-09-23 00:55 -------- d-----w- c:\documents and settings\owner\Application Data\PC Tools

2009-09-23 00:55 . 2008-02-12 16:44 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys

2009-09-23 00:55 . 2007-12-06 21:51 28568 ----a-w- c:\windows\system32\drivers\AVHook.sys

2009-09-23 00:55 . 2007-12-06 21:51 21912 ----a-w- c:\windows\system32\drivers\AVRec.sys

2009-09-23 00:55 . 2009-09-28 05:59 -------- d-----w- c:\program files\PC Tools AntiVirus

2009-09-23 00:55 . 2009-09-23 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-09-23 00:33 . 2009-09-23 00:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-23 00:32 . 2009-09-23 00:32 -------- d-----w- c:\program files\Common Files\PC Tools

2009-09-22 00:12 . 2009-09-23 02:17 -------- d--h--w- c:\windows\PIF

2009-09-21 20:30 . 2009-09-23 18:54 -------- d-----w- C:\$AVG8.VAULT$

2009-09-21 04:21 . 2009-09-21 04:21 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\AVG Security Toolbar

2009-09-21 04:19 . 2009-09-21 04:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-09-21 04:19 . 2009-09-21 04:19 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2009-09-21 04:19 . 2009-09-21 04:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-09-21 04:19 . 2009-09-21 04:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-09-21 04:19 . 2009-09-27 02:00 -------- d-----w- c:\windows\system32\drivers\Avg

2009-09-21 04:19 . 2009-09-21 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-09-21 04:19 . 2009-09-21 04:19 -------- d-----w- c:\program files\AVG

2009-09-21 04:19 . 2009-09-21 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-09-21 01:50 . 2009-07-29 04:53 82432 -c----w- c:\windows\system32\dllcache\fontsub.dll

2009-09-21 01:46 . 2008-12-05 07:12 144896 -c----w- c:\windows\system32\dllcache\schannel.dll

2009-09-21 01:46 . 2008-10-23 13:01 283648 -c----w- c:\windows\system32\dllcache\gdi32.dll

2009-09-21 01:45 . 2008-07-07 20:32 253952 -c----w- c:\windows\system32\dllcache\es.dll

2009-09-21 01:44 . 2008-06-24 16:23 74240 -c----w- c:\windows\system32\dllcache\mscms.dll

2009-09-21 01:44 . 2008-08-14 09:51 138368 -c----w- c:\windows\system32\dllcache\afd.sys

2009-09-21 01:44 . 2008-06-20 17:41 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll

2009-09-21 01:44 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-09-21 01:44 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys

2009-09-21 00:54 . 2009-09-21 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2009-09-21 00:54 . 2009-09-21 00:54 -------- d-----w- c:\program files\IObit

2009-09-21 00:53 . 2009-09-21 00:53 -------- d-----w- c:\program files\Alwil Software

2009-09-20 23:56 . 2009-09-20 23:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-09-20 23:54 . 2009-09-20 23:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2009-09-20 23:47 . 2009-09-20 23:47 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes

2009-09-20 23:47 . 2009-09-20 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-20 06:53 . 2004-02-26 00:33 531456 ----a-w- c:\windows\system32\DiceMage.exe

2009-09-03 02:50 . 2009-09-03 02:56 -------- d-----w- c:\documents and settings\owner\Application Data\Trillian

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-27 06:47 . 2009-02-19 22:19 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-09-27 06:47 . 2009-02-19 22:19 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2009-09-26 02:35 . 2003-01-01 04:42 207440 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-25 05:33 . 2008-01-01 05:12 1 ----a-w- c:\documents and settings\owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2009-09-25 05:33 . 2008-01-01 05:11 -------- d-----w- c:\documents and settings\owner\Application Data\OpenOffice.org2

2009-09-25 03:49 . 2008-12-07 16:28 -------- d-----w- c:\documents and settings\owner\Application Data\uTorrent

2009-09-25 02:20 . 2007-08-03 09:42 -------- d-----w- c:\program files\Trillian

2009-09-23 00:47 . 2009-06-20 06:09 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-21 04:19 . 2007-02-16 06:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-09-21 00:35 . 2007-08-03 08:36 -------- d-----w- c:\program files\SpywareBlaster

2009-08-21 00:07 . 2008-02-04 00:47 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys

2009-08-17 14:08 . 2009-08-17 14:08 -------- d-----w- c:\program files\Common Files\DirectX

2009-08-17 13:02 . 2009-08-17 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2009-08-17 09:04 . 2009-08-17 09:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe

2009-08-17 09:04 . 2009-08-17 09:04 81920 ----a-w- c:\windows\system32\nvwddi.dll

2009-08-17 09:03 . 2009-08-17 09:03 3170304 ----a-w- c:\windows\system32\nvwss.dll

2009-08-17 09:03 . 2009-08-17 09:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll

2009-08-17 09:03 . 2009-08-17 09:03 188416 ----a-w- c:\windows\system32\nvmccss.dll

2009-08-17 09:03 . 2009-08-17 09:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll

2009-08-17 09:03 . 2009-08-17 09:03 3547136 ----a-w- c:\windows\system32\nvgames.dll

2009-08-17 09:03 . 2009-08-17 09:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll

2009-08-17 09:03 . 2009-08-17 09:03 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-08-17 09:03 . 2009-08-17 09:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-08-17 09:03 . 2009-08-17 09:03 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-08-17 09:03 . 2009-08-17 09:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll

2009-08-17 09:02 . 2009-08-17 09:02 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-08-17 06:57 . 2009-08-17 06:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll

2009-08-17 06:57 . 2009-08-17 06:57 2002944 ----a-w- c:\windows\system32\nvcuda.dll

2009-08-17 06:57 . 2009-08-17 06:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-08-17 06:57 . 2009-08-17 06:57 1597690 ----a-w- c:\windows\system32\nvdata.bin

2009-08-17 06:57 . 2007-08-17 17:34 485920 ----a-w- c:\windows\system32\nvudisp.exe

2009-08-17 06:57 . 2006-08-12 04:43 868352 ----a-w- c:\windows\system32\nvapi.dll

2009-08-17 06:57 . 2006-08-12 04:42 10457088 ----a-w- c:\windows\system32\nvoglnt.dll

2009-08-17 06:57 . 2006-08-12 04:42 155648 ----a-w- c:\windows\system32\nvcodins.dll

2009-08-17 06:57 . 2006-08-12 04:42 155648 ----a-w- c:\windows\system32\nvcod.dll

2009-08-17 06:57 . 2004-10-08 06:46 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-08-17 06:57 . 2004-10-08 06:46 5845760 ----a-w- c:\windows\system32\nv4_disp.dll

2009-08-11 18:35 . 2007-08-17 17:33 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-30 10:24 . 2008-11-30 01:52 -------- d-----w- c:\documents and settings\owner\Application Data\U3

2009-07-29 16:23 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 05:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2007-07-26 19:32 . 2007-08-03 07:28 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2007-07-26 19:32 . 2007-08-03 07:28 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-07-26 19:32 . 2007-08-03 07:28 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2007-07-26 19:32 . 2007-08-03 07:28 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2007-07-26 19:32 . 2007-08-03 07:28 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

------- Sigcheck -------

[-] 2007-02-17 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

c:\windows\system32\drivers\beep.sys ... is missing !!

.

((((((((((((((((((((((((((((( SnapShot@2009-09-23_02.28.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-27 06:00 . 2006-08-12 04:43 81920 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvwddi.dll

+ 2009-09-27 06:00 . 2006-08-12 04:43 86016 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvmctray.dll

+ 2009-09-27 06:00 . 2006-08-12 04:42 35840 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvcod.dll

+ 2009-09-27 06:00 . 2006-08-12 04:42 155715 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvsvc32.exe

+ 2009-09-27 06:00 . 2006-08-12 04:43 286720 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvnt4cpl.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 888832 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvmobls.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 458752 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvmccssr.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 188416 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvmccss.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 229376 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvmccs.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 581632 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvhwvid.dll

+ 2009-09-27 06:00 . 2006-08-12 04:43 196608 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvapi.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 1732608 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvwssr.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 1236992 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvwss.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 2953216 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvvitvsr.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 2904064 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvvitvs.dll

+ 2009-09-27 06:00 . 2006-08-12 04:42 5636096 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvoglnt.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 2859008 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvmoblsr.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 2928640 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvgamesr.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 3039232 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvgames.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 5251072 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvdispsr.dll

+ 2009-09-27 06:00 . 2006-08-12 04:45 5611520 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvdisps.dll

+ 2009-09-27 06:00 . 2006-08-12 04:43 7630848 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nvcpl.dll

+ 2009-09-27 06:00 . 2006-08-12 04:42 3958496 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nv4_mini.sys

+ 2009-09-27 06:00 . 2006-08-12 04:42 4496128 c:\windows\system32\ReinstallBackups\0004\DriverFiles\nv4_disp.dll

+ 2004-10-08 06:46 . 2009-08-17 06:57 7729568 c:\windows\system32\dllcache\nv4_mini.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 15:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2003-03-01 138240]

"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 1368064]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WireLessKeyboard "="c:\program files\Multimedia Keyboard\PS2USBKbdDrv.exe" [2005-08-03 253952]

"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-06 270336]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-02 1216272]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-22 2022680]

"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-07-23 1259408]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]

"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2007-02-28 53248]

c:\documents and settings\owner\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-8-3 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-4 113664]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2007-8-2 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 01000000

"NoWinKeys"= 01000000

"NoRecentDocsNetHood"= 01000000

"NoSMMyDocs"= 01000000

"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 21:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-09-21 04:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Reboot.exe

backup=c:\windows\pss\Reboot.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

"MDM"=2 (0x2)

"Avg7UpdSvc"=2 (0x2)

"Avg7Alrt"=2 (0x2)

"AVG Anti-Spyware Guard"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56103:TCP"= 56103:TCP:Pando Media Booster

"56103:UDP"= 56103:UDP:Pando Media Booster

R0 BootScreen;BootScreen;c:\windows\\SystemRoot\System32\drivers\vidstub.sys [x]

R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-09-21 12552]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-21 335240]

S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-21 108552]

S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-22 297752]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-09-02 305936]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\0oeg0l7d.default\

FF - prefs.js: browser.search.selectedEngine - d20 SRD

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-27 23:59

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)

c:\windows\system32\Ati2evxx.dll

c:\progra~1\COMMON~1\Stardock\mcpstub.dll

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

- - - - - - - > 'lsass.exe'(788)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

- - - - - - - > 'explorer.exe'(4696)

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

c:\program files\Stardock\ObjectDock\DockShellHook.dll

c:\progra~1\COMMON~1\Stardock\MCPCore.dll

c:\program files\CursorXP\CurXP0.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(692)

c:\program files\PC Tools AntiVirus\PCTAVHook.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\TGTSoft\StyleXP\StyleXPService.exe

c:\progra~1\COMMON~1\Stardock\SDMCP.exe

c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\PC Tools AntiVirus\PCTAVSvc.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

.

**************************************************************************

.

Completion time: 2009-09-28 0:06 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-28 06:06

ComboFix2.txt 2009-09-26 07:21

ComboFix3.txt 2009-09-23 02:33

Pre-Run: 15,831,728,128 bytes free

Post-Run: 15,805,198,336 bytes free

306

Hijack This log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:21:34 AM, on 9/28/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\alg.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1041396317692

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--

End of file - 7162 bytes

Link to post
Share on other sites

You have a file i would like you to get anaylzed. Please go to VirusTotal. On the very top of the Website, you will see a Browse button. Use that to search for this file c:\windows\system32\winlogon.exe. Then Click on Send. This could take between 30 Second-a couple of minutes. When you get the Results, Open Notepad, please highlight the results, copy them to Notepad and save it as "Scan.txt". Save the text file "Scan.txt" to your desktop. Please include the file in your next post.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.