Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Something is very wrong with pc it takes ...
Go to first new post How did you find PC CLEANER PRO on my c ...
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Tag Cloud
access acer asus bios bsod crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard mouse network not working printer problem ram registry repair router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: malware infestation

Page 2 of 4 1 2 34
Reply  
Thread Tools
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
07-Nov-2009, 02:58 AM #16
Ok looking good , lets finish off with an online scan to make sure we have not missed anything. This will probably take a while, but no mad rush, post it when you are able to. Lets clear all the rubbish first.

1. Download and Run OTM.exe

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code:
:Files
c:\program files\bmtley

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.exe


2. Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply


Please reply with:-
  • OTM log
  • Kaspersky log
  • New HJT log
__________________
Teacher - Malware Removal University - You too could train to help others

Topics not replied to within 3 days will be removed from my Subscribed Threads List
Register for free to hide this ad!
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
07-Nov-2009, 02:59 AM #17
I think I'm going to pack it in for the night. It's 1AM here, and I'm spent. I'll be sure to resume this in the morning.

Thank you SO MUCH for your help with this. I think we are close!

-Joe
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
07-Nov-2009, 03:00 AM #18
Yep, pretty much done. As I said no rush for Kaspersky. Do it when you are ready. Sleep well
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
07-Nov-2009, 11:23 AM #19
OK. Back at it. I ran OTM as directed, and unless it takes a while, it's frozen. All of my desktop items are missing, and the OTM application says NOT RESPONDING. Does this just take a long time, or did it die on me? It hasn't moved in 10+ minutes.
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
07-Nov-2009, 11:30 AM #20
I am going to leave this running (I'm typing this on a different laptop) until I hear from you. My guess is I froze up, but I don't want to cause damage by rebooting if I shouldn't be rebooting.
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
07-Nov-2009, 04:27 PM #21
Couple hours later, it was still frozen. Figured a reboot was necessary. Seemed to boot up just fine. No issues.

After working on it for 20 minutes, I tried to open itunes, and it just froze. Whole deal. Rebooting...
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
07-Nov-2009, 11:11 PM #22
Quote:
Couple hours later, it was still frozen. Figured a reboot was necessary. Seemed to boot up just fine. No issues.

After working on it for 20 minutes, I tried to open itunes, and it just froze. Whole deal. Rebooting...
Not sure what happened with OTM, lets clean the temp files with ATF.

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Make sure that all browser windows are closed.
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    (If you use FireFox or the Opera browser,To keep saved passwords, click No at the prompt.)
    Click Exit on the Main menu to close the program.

If all seems ok after running ATF continue on with the Kaspersky scan. Post the log a NEW HJT and an update on how all is running.
__________________
Teacher - Malware Removal University - You too could train to help others

Topics not replied to within 3 days will be removed from my Subscribed Threads List
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
07-Nov-2009, 11:59 PM #23
Ran ATF with no problems. Cleaned out 180MB!

I'll run the Kaspersky scan overnight and report back in the AM. Again, thanks so much for your help. I'd be screwed without it.
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
08-Nov-2009, 12:06 AM #24
Kaspersky is giving me this message:

Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later.

Should I install this java framework v1.5?
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
08-Nov-2009, 12:27 AM #25
Do this one instead. Are you still freezing up?

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on:
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
__________________
Teacher - Malware Removal University - You too could train to help others

Topics not replied to within 3 days will be removed from my Subscribed Threads List
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
08-Nov-2009, 11:42 AM #26
ESET ran overnight, and it found 7 more threats. With these instructions, I don't think ESET removed any of these threats.

C:\System Volume Information\_restore{38F2EBF7-82D1-497D-BBEF-456CE23D3633}\RP47\A0004951.exe a variant of Win32/Kryptik.AZS trojan
E:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\TQEM7EMK\rhad919[1].pdf PDF/Exploit.Gen trojan
E:\I386\GTDownDE_87.ocx probably a variant of Win32/Adware.Agent application
E:\Program Files\MediaCell Video Converter\apbarSp.infima.exe a variant of Win32/AdInstaller application
E:\WINDOWS\SYSTEM32\awewejip.ini Win32/Adware.Virtumonde.NEO application
E:\WINDOWS\SYSTEM32\emofamaz.ini Win32/Adware.Virtumonde.NEO application
F:\Janna's Computer\downloaded programs\unlocker1.8.7.exe a variant of Win32/Adware.ADON application
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
08-Nov-2009, 12:00 PM #27
A problem area seems to be my E drive, which I think has been the source of a lot of this. This is my old hard drive. It was dying, and in the process it corrupted my OS. So I had a new harddrive put in with the OS on that. The place that did it put my old drive in so I could retrieve the files. Well, a lot of viruses seem to pop up from that drive. I don't need it anymore, so I'd like to just remove it.

I unplugged the power cable and the other data cable from it, thinking it would be that easy. Of course not. My computer wouldn't boot up. So, what do I need to do to ditch the old HD?
muppy03's Avatar
Senior Member with 1,881 posts.
  
Join Date: Jun 2006
Location: Australia
Experience: gettin there
08-Nov-2009, 07:04 PM #28
Quote:
I unplugged the power cable and the other data cable from it, thinking it would be that easy. Of course not. My computer wouldn't boot up. So, what do I need to do to ditch the old HD?
You would be better off asking in the Hardware forum, they would be better suited to answer that question.

In the meantime leave it as is, as we are going to remove the infections found in E:\. Also what is F: drive? If it is an external drive ie flash drive, make sure it is connected before doing the following.


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code:
    File::
E:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\TQEM7EMK\rhad919[1].pdf 
E:\I386\GTDownDE_87.ocx 
E:\Program Files\MediaCell Video Converter\apbarSp.infima.exe 
E:\WINDOWS\SYSTEM32\awewejip.ini 
E:\WINDOWS\SYSTEM32\emofamaz.ini 
F:\Janna's Computer\downloaded programs\unlocker1.8.7.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Please reply with:-
  • Combofix log
  • New HJT log
__________________
Teacher - Malware Removal University - You too could train to help others

Topics not replied to within 3 days will be removed from my Subscribed Threads List
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
08-Nov-2009, 08:13 PM #29
ComboFix 09-11-06.03 - Owner 11/08/2009 18:03.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2239 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"e:\documents and settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\TQEM7EMK\rhad919[1].pdf"
"e:\i386\GTDownDE_87.ocx"
"e:\program files\MediaCell Video Converter\apbarSp.infima.exe"
"e:\windows\SYSTEM32\awewejip.ini"
"e:\windows\SYSTEM32\emofamaz.ini"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\TQEM7EMK\rhad919[1].pdf
e:\i386\GTDownDE_87.ocx
e:\program files\MediaCell Video Converter\apbarSp.infima.exe
e:\windows\SYSTEM32\awewejip.ini
e:\windows\SYSTEM32\emofamaz.ini
.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.
2009-11-08 04:31 . 2009-11-08 04:31 -------- d-----w- c:\program files\ESET
2009-11-07 15:12 . 2009-11-07 15:12 -------- d-----w- C:\_OTM
2009-11-07 06:00 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 06:00 . 2009-11-07 06:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 06:00 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 22:40 . 2009-11-03 22:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Amazon
2009-11-03 22:39 . 2009-11-03 22:39 -------- d-----w- c:\program files\Amazon
2009-11-01 17:52 . 2009-11-01 17:52 -------- d-----w- c:\program files\Flip Video
2009-11-01 17:52 . 2009-11-01 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video
2009-10-31 15:48 . 2009-10-31 15:50 -------- d-----w- C:\$AVG
2009-10-31 15:47 . 2009-10-31 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-29 03:36 . 2009-10-29 03:36 -------- d-----w- C:\rsit
2009-10-20 21:16 . 2009-10-20 21:16 -------- d-----w- c:\program files\Trend Micro
2009-10-17 21:46 . 2009-10-17 21:46 -------- d-----w- c:\documents and settings\Owner\DoctorWeb
2009-10-16 15:40 . 2009-10-16 15:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-15 18:17 . 2009-10-15 18:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Iomega Automatic Backup
2009-10-15 17:56 . 2009-10-15 17:56 -------- d-----w- c:\program files\Iomega
2009-10-15 17:55 . 2009-10-15 17:55 -------- d-----w- c:\windows\Downloaded Installations
2009-10-11 18:00 . 2009-10-11 21:28 -------- d-----w- c:\program files\iDump (Freeware)
2009-10-10 01:39 . 2009-10-10 01:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 20:28 . 2009-10-04 21:00 -------- d-----w- c:\program files\Dl_cats
2009-10-31 15:48 . 2009-10-02 14:58 -------- d-----w- c:\program files\AVG
2009-10-31 15:48 . 2009-10-02 14:59 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-31 15:48 . 2009-10-02 14:59 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-31 15:48 . 2009-10-02 14:59 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-31 15:48 . 2009-10-02 14:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-30 22:55 . 2009-10-03 15:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-16 22:34 . 2009-10-02 14:54 156592 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 17:55 . 2009-10-02 16:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-09 16:47 . 2009-10-09 16:47 -------- d-----w- c:\program files\3ivx
2009-10-08 00:53 . 2009-10-08 00:53 -------- d-----w- c:\documents and settings\Owner\Application Data\DellFaxCtr
2009-10-07 01:16 . 2009-10-03 01:54 -------- d-----w- c:\program files\iTunes
2009-10-06 15:08 . 2009-10-02 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-05 00:01 . 2009-10-04 23:48 -------- d-----w- c:\program files\Microsoft Money Plus
2009-10-04 20:59 . 2009-10-04 20:52 -------- d-----w- c:\program files\Dell Photo AIO Printer 966
2009-10-04 20:57 . 2009-10-04 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-10-04 20:56 . 2009-10-04 20:56 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-10-04 20:55 . 2009-10-04 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-10-04 20:55 . 2009-10-04 20:54 -------- d-----w- c:\program files\Dell PC Fax
2009-10-04 20:54 . 2009-10-04 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DellFaxCtr
2009-10-04 20:36 . 2009-10-04 20:36 -------- d-----w- c:\program files\NETGEAR
2009-10-04 20:20 . 2009-10-01 22:42 -------- d-----w- c:\program files\microsoft frontpage
2009-10-04 20:11 . 2009-10-04 20:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2009-10-03 17:36 . 2009-10-03 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-10-03 17:35 . 2009-10-03 17:35 -------- d-----w- c:\program files\Common Files\Macromedia Shared
2009-10-03 17:35 . 2009-10-03 17:35 -------- d-----w- c:\program files\Common Files\Macromedia
2009-10-03 17:35 . 2009-10-03 17:34 -------- d-----w- c:\program files\Macromedia
2009-10-03 15:44 . 2009-10-03 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-10-03 15:42 . 2009-10-03 15:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-10-03 02:07 . 2009-10-03 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-03 02:07 . 2009-10-03 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-03 01:55 . 2009-10-03 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-03 01:54 . 2009-10-03 01:54 -------- d-----w- c:\program files\iPod
2009-10-03 01:54 . 2009-10-03 01:53 -------- d-----w- c:\program files\Common Files\Apple
2009-10-03 01:54 . 2009-10-03 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-03 01:54 . 2009-10-03 01:54 -------- d-----w- c:\program files\Bonjour
2009-10-03 01:54 . 2009-10-03 01:54 -------- d-----w- c:\program files\QuickTime
2009-10-03 01:53 . 2009-10-03 01:53 -------- d-----w- c:\program files\Apple Software Update
2009-10-03 01:31 . 2009-10-03 01:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-03 01:30 . 2009-10-03 01:30 -------- d-----w- c:\program files\Microsoft.NET
2009-10-02 16:20 . 2009-10-02 16:20 -------- d-----w- c:\program files\Analog Devices
2009-10-02 15:09 . 2009-10-02 15:09 -------- d-----w- c:\program files\MSXML 4.0
2009-10-02 14:59 . 2009-10-02 14:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Nero
2009-10-02 14:58 . 2009-10-02 14:56 -------- d-----w- c:\program files\Common Files\Nero
2009-10-02 14:56 . 2009-10-02 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-02 14:56 . 2009-10-02 14:56 -------- d-----w- c:\program files\Nero
2009-10-02 14:54 . 2009-10-02 14:54 -------- d-----w- c:\program files\Windows Defender
2009-10-02 14:53 . 2009-10-02 14:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-02 14:53 . 2009-10-02 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-02 14:53 . 2009-10-02 14:53 -------- d-----w- c:\program files\XP Codec Pack
2009-10-01 23:41 . 2009-10-01 23:41 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-01 23:08 . 2009-10-01 22:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-01 22:39 . 2009-10-01 22:39 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-01 15:29 . 2009-10-03 06:40 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-21 22:09 . 2009-09-21 22:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-08-29 00:42 . 2009-10-03 01:53 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-10-03 01:53 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-07_05.40.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-01 16:28 . 2009-10-01 16:28 225280 c:\windows\Downloaded Program Files\WBEtoolsAX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Iomega Automatic Backup"="c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2007-06-29 312560]
"dlcqmon.exe"="c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe" [2007-06-29 292080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 966\memcard.exe" [2007-06-29 304368]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLCQCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-10-16 106496]
"Iomega Automatic Backup 1.0.1"="c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-31 2010904]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-10-3 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-31 15:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlcqcoms.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"20001:UDP"= 20001:UDP:MicroSAN
R0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [10/4/2009 2:36 PM 12800]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/2/2009 8:59 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/2/2009 8:59 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/31/2009 9:47 AM 285392]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [10/4/2009 2:36 PM 345984]
R2 Z-SANService;Z-SAN Service;c:\program files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [10/4/2009 2:36 PM 376891]
R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [10/4/2009 2:36 PM 15488]
R3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [10/4/2009 2:36 PM 5120]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [10/1/2009 5:25 PM 20160]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.SYS [10/27/2004 3:05 PM 22144]
S4 Imdflpp6cwnf;Imdflpp6cwnf; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-11-07 c:\windows\Tasks\User_Feed_Synchronization-{5EB36B48-E061-4477-9395-25A423B004BD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.flashmobrocks.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCQCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16???? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ?????????????????????????
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Completion time: 2009-11-09 18:12
ComboFix-quarantined-files.txt 2009-11-09 00:11
ComboFix2.txt 2009-11-07 06:43
ComboFix3.txt 2009-11-07 05:43
Pre-Run: 449,872,961,536 bytes free
Post-Run: 450,004,656,128 bytes free
- - End Of File - - CC3837317CC61AA5A4C99CB3A3089D25
loverjw's Avatar
Member with 36 posts.
  
Join Date: Nov 2009
Experience: Intermediate
08-Nov-2009, 08:13 PM #30
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:57 PM, on 11/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ComboFix\hidec.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\mbr.cfxxe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flashmobrocks.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1254439577278
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
--
End of file - 9314 bytes
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 4 1 2 34

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 02:49 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.