Jump to content

Can't run MBAM


Recommended Posts

Not sure what my computer is infected with but I can't rum MBAM, can't run many programs or the internet, Mozilla or IE. The hijackthis log is first and then the combofix. Any help is appreciated.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:36:41 PM, on 1/23/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Eagle Point Software2\Network License Manager\lservnt.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Kodak\printer\center\KodakSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

G:\Business\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"

O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} (ILINCInstall86 Class) - https://content.ilinc.com/clientdownload/do...ad/ilinci86.dll

O18 - Protocol: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Common Files\Bricscad\BrxProtIE.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Eagle Point LM - Rainbow Technologies, Inc. - C:\Program Files\Eagle Point Software2\Network License Manager\lservnt.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--

End of file - 8186 bytes

ComboFix 10-01-23.02 - Administrator 01/23/2010 14:01:13.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2431 [GMT -7:00]

Running from: g:\business\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\lsprst7.dll

c:\windows\system32\nsprs.dll

.

((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))

.

2010-01-23 21:00 . 2010-01-23 21:00 -------- d-----w- c:\windows\LastGood

2010-01-23 20:34 . 2010-01-23 20:34 1025 ----a-w- c:\windows\system32\serauth2.dll

2010-01-23 20:34 . 2010-01-23 20:34 1025 ----a-w- c:\windows\system32\serauth1.dll

2010-01-23 19:50 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-23 19:50 . 2010-01-23 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-23 19:50 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-23 18:42 . 2010-01-23 18:42 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-01-23 18:27 . 2010-01-23 18:27 -------- d-----w- c:\windows\system32\wbem\Repository

2010-01-21 02:18 . 2010-01-21 02:18 0 ----a-w- c:\windows\system32\drivers\{5B746011-89CE-4FD7-ACF3-F860665E7A38}.sys

2010-01-21 01:59 . 2010-01-23 18:27 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-01-21 01:59 . 2010-01-21 01:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2010-01-20 20:44 . 2010-01-20 20:44 0 ----a-w- c:\windows\system32\drivers\TCPIP_{CA0060E9-4A36-426E-AD77-71E059F0B925}.sys

2010-01-20 00:56 . 2010-01-20 00:56 -------- d-----w- C:\found.000

2010-01-15 23:51 . 2010-01-15 23:51 72192 ----a-w- c:\windows\system32\drivers\yubg8302N.sys

2010-01-15 16:44 . 2010-01-18 20:48 -------- d-----w- C:\data2010

2010-01-15 16:43 . 2010-01-15 16:43 -------- d-----w- C:\New Folder (3)

2010-01-13 12:45 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-01-07 18:56 . 2010-01-07 18:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-01-07 18:56 . 2010-01-07 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-23 20:58 . 2010-01-23 20:58 118784 ----a-w- c:\windows\system32\chg.exe

2010-01-23 20:57 . 2009-09-18 17:38 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-23 19:36 . 2007-01-03 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-01-23 19:03 . 2009-11-13 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-01-23 18:46 . 2010-01-23 18:46 2855 ----a-w- c:\windows\PIF\rkill.PIF

2010-01-23 18:34 . 2009-11-13 00:08 0 ----a-w- c:\windows\Pjesibekepemiy.bin

2010-01-23 18:27 . 2006-01-16 22:12 824960 ----a-w- c:\windows\system32\drivers\iaStor.sys

2010-01-21 15:56 . 2007-01-02 22:21 -------- d-----w- c:\program files\AutoCAD R14

2010-01-21 02:36 . 2007-03-16 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-01-21 02:32 . 2009-08-17 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-01-21 01:58 . 2008-07-31 20:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-01-21 01:52 . 2009-11-13 00:08 120 ----a-w- c:\windows\Omewef.dat

2010-01-16 00:15 . 2009-12-01 20:30 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat

2010-01-15 23:51 . 2009-08-17 17:12 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-12-22 15:20 . 2009-12-22 15:20 4043544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe

2009-12-22 15:20 . 2009-12-22 15:20 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2009-12-17 15:48 . 2009-12-17 15:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hotbar_Icons

2009-12-16 21:01 . 2009-12-16 21:01 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat

2009-11-21 15:51 . 2006-02-28 02:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-16 15:09 . 2009-11-16 15:09 16 ----a-w- c:\documents and settings\NetworkService\Application Data\zxcvbd.dat

2009-11-13 20:31 . 2009-08-17 17:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-13 20:31 . 2009-08-17 17:12 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-11-13 20:31 . 2009-08-17 17:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-13 00:04 . 2009-11-13 00:04 24 ----a-w- c:\documents and settings\LocalService\Application Data\zxcvbd.dat

2009-11-04 10:15 . 2009-08-18 20:44 579848 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-10-29 07:46 . 2006-02-28 02:00 832512 ------w- c:\windows\system32\wininet.dll

2009-10-29 07:46 . 2006-02-28 02:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:46 . 2006-02-28 02:00 17408 ----a-w- c:\windows\system32\corpol.dll

2008-08-17 00:42 . 2008-08-17 00:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-17 00:42 . 2008-08-17 00:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-17 00:42 . 2008-08-17 00:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-17 00:42 . 2008-08-17 00:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-17 00:43 . 2008-08-17 00:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-17 00:42 . 2008-08-17 00:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-17 00:42 . 2008-08-17 00:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 15:41 . 2008-05-21 15:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 15:41 . 2008-05-21 15:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 15:41 . 2008-05-21 15:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 20:58 . 2008-06-05 20:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-17 00:42 . 2008-08-17 00:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-01-23_20.52.04 )))))))))))))))))))))))))))))))))))))))))

.

- 2006-04-25 17:43 . 2010-01-23 20:47 71264 c:\windows\system32\perfc009.dat

+ 2006-04-25 17:43 . 2010-01-23 21:02 71264 c:\windows\system32\perfc009.dat

+ 2006-04-25 17:43 . 2010-01-23 21:02 441454 c:\windows\system32\perfh009.dat

- 2006-04-25 17:43 . 2010-01-23 20:47 441454 c:\windows\system32\perfh009.dat

+ 2010-01-23 20:55 . 2010-01-23 20:55 15710720 c:\windows\Installer\35a2d.msp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 20:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-05-04 344064]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2006-07-14 279576]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-02 257088]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-07 185872]

"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]

"Drag'n'Drop_Autolaunch"="c:\program files\Iomega HotBurn Pro\Autolaunch.exe" [2004-12-01 131072]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-13 20:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Executive Software\\Diskeeper\\Diskeeper.exe"=

"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Eagle Point Software\\EGPT\\PROGRAM\\egpt.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/17/2009 10:12 AM 333192]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/13/2009 1:30 PM 906520]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/13/2009 1:30 PM 285392]

R2 Eagle Point LM;Eagle Point LM;c:\program files\Eagle Point Software2\Network License Manager\lservnt.exe [11/12/2008 2:30 PM 577536]

R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [10/30/2008 9:58 AM 28672]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/18/2006 11:16 PM 534040]

S0 okfgck;okfgck;c:\windows\system32\drivers\ewtlbdf.sys --> c:\windows\system32\drivers\ewtlbdf.sys [?]

S0 xhpqhfzq;xhpqhfzq; [x]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/17/2009 10:12 AM 360584]

S1 yubg8302N;yubg8302N;c:\windows\system32\drivers\yubg8302N.sys [1/15/2010 4:51 PM 72192]

S3 TRMUSB5K;Trimble USB GPS Driver;c:\windows\system32\drivers\TRMUSB5K.SYS [7/30/2008 12:49 PM 9881]

S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [2/27/2006 7:00 PM 12800]

--- Other Services/Drivers In Memory ---

*Deregistered* - dnbudf

.

Contents of the 'Scheduled Tasks' folder

2010-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 22:42]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.Google.com

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll

DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - hxxps://content.ilinc.com/clientdownload/download/ilinci86.dll

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v3nlpmwd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - HiddenExtension: XULRunner: {B51F9201-2ABC-4548-827E-F7DC6CC16438} - c:\documents and settings\Administrator\Local Settings\Application Data\{B51F9201-2ABC-4548-827E-F7DC6CC16438}\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-23 14:03

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]

"ImagePath"="\"\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-01-23 14:04:45

ComboFix-quarantined-files.txt 2010-01-23 21:04

ComboFix2.txt 2010-01-23 20:54

Pre-Run: 87,386,624,000 bytes free

Post-Run: 87,349,608,448 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CBB76E1883B2FB6FED7896A6376F23C0

ComboFix.txt

hijackthis2.txt

Link to post
Share on other sites

Hello, and welcome to Malwarebytes.org

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here. Try to complete all the steps, but you can skip any steps you are unable to complete. Then post a NEW topic here. If your computer is un-bootable, just post a description of the problems you are having there.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

EDIT: It is not recommended to run ComboFix unless you are requested to run it by an expert during guided help. But, as you have already run Combofix, you can paste the ComboFix log in the HJT forum along with the other logs.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.