1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Still getting random popups

Discussion in 'Virus & Other Malware Removal' started by Tracee, Apr 26, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Tracee

    Tracee Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    337
    :eek:The other day I opened a website that completely contaminated my computer with trojans and accidentally installed antimalwaredoctor on my computer.

    I was getting so many popups that I couldn't use the computer at all. I ran malwarebytes, avg, spybot, and adaware, and the computer seems to be almost back to normal, except I am still getting a random popup that comes out of nowhere. The popups are never the same. I've uninstalled antimalware doctor to the best of my knowledge.

    I've run all my scans several times and cleaned out my startups via msconfig, and still can't get rid of the pesky little bugger.


    update: Apr 27....Now I am getting constant alerts from my AVG Resident Shield that says resident shield C:\windows\system32\drivers\AvgLdx86.sys is infected. It's driving me nuts.
    Here is my HJT scan:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:50:41 PM, on 4/27/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Thunderbird 3 Beta 1\thunderbird.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    O16 - DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} (BiblioNetCtrl Class) - http://www.freehandmusic.com/Update/biblionet.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} (SoleroMusicControl Class) - http://www.freehandmusic.com/Update/SoleroMusicControl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...b/&filename=jinstall-6u11-windows-i586-jc.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://sra.cn.ca/dana-cached/sc/JuniperSetupClient.cab
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 8355 bytes
     
  2. Tracee

    Tracee Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    337
    still need help.

    Last night my computer seemed to infect itself with xp defender, which I think I managed to get off my computer, but I still have a win32/Patched.DO virus that keeps popping up threats detected in C:\WINDOWS\system32\drivers\AvgLdx86.sys.

    This is popping up so frequently that I can't work on my computer.

    Please help.
     
  3. Tracee

    Tracee Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    337
    still need some help
     
  4. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hello & Welcome to TechSupportGuy

    Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

    In the meantime please note the following:
    • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
    • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
      1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
      2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
    • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
    • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
    Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
    If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Thanks

    DeFogger
    Download DeFogger by jpshortstuff from here & save it to your desktop.
    • Double click DeFogger to run the tool
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A Finished! message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
    Do not re-enable these drivers until otherwise instructed.

    DDS
    Download DDS.scr by sUBs from one of the following links & save it to your desktop.
    Link 1
    Link 2
    • Double-Click on dds.scr and a command window will appear. This is normal
    • Shortly after two logs will appear, DDS.txt & Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
    Gmer
    Download GMER Rootkit Scanner from here & save it to your desktop.
    • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    • Save it where you can easily find it, such as your desktop, and post it in reply
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Do not run any programs while Gmer is running.

    NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
    • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
    • Double click the gmer.exe file
    • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
    • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply


    To post in next reply:
    Contents of DDS log
    Contents of Attach.txt
    Contents of Gmer log
     
  5. Tracee

    Tracee Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    337
    Here are the scan results. I ran gmer, and when it finished almost 12 hours later, it would not allow me to save the scan and froze my computer. I rebooted.

    Here is the GMER quick scan result:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-05-02 12:24:03
    Windows 5.1.2600 Service Pack 3
    Running: Gamer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxtdipog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat InCDRec.sys (InCD File System Recognizer/Nero AG)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

    ---- EOF - GMER 1.0.15 ----
     
  6. Tracee

    Tracee Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    337
    Here are the two scan results for Attach.txt, and DDS
     

    Attached Files:

  7. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    P2P Warning!
    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    ĀµTorrent | BitTorrent | LimeWire 5.5.6

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
    P2P file sharing used to be fairly safe. That is no longer true. I'd like you to read the Perils of P2P File Sharing where we explain why it's not a good idea to have them.
    References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
    http://www.techweb.com/wire/160500554
    http://www.internetworldstats.com/articles/art053.htm
    See Clean/Infected P2P Programs here

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

    It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

    Remove Programs
    Click Start > Control Panel > Add/Remove Programs
    Remove these programs by clicking Remove

    Personal Antispy - I hope you didn't pay for this

    If some programs listed are not present, please do not panic
    The following version of Adobe Reader should also be removed as it is open to exploitation:
    Adobe Acrobat Reader 3.01

    TFC (Temp File Cleaner)
    Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
    • Save any unsaved work. TFC Cleaner will close all open application windows
    • Double-click TFC.exe to run the program, your desktop will temporarily disappear
    • If prompted, click Yes to reboot
    Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

    ComboFix
    Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
    Link 1
    Link 2

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
      A guide to do this can be found here
    • Double click on ComboFix.exe & follow the prompts
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
    [​IMG]
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    [​IMG]

    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    To post in next reply:
    ComboFix log
    Update on how the computer is running
     
  8. Tracee

    Tracee Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    337
    check
     
  9. Tracee

    Tracee Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    337
    Here is the combofix log. I had to shut down the computer manually after running the temp file cleaner, as the computer froze up on the "windows is shutting down" screen. Hope this didn't affect anything.

    I will let you know about the popups, as they appear randomly without warning. ie. everything is fine and then all of a sudden it isn't fine.

    Any cleanups?


    hmmm. Won't let me post or attach the log.
     
  10. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    If the log is too big to post in one post, break it up & post over a few replies. Or try from another computer.
     
  11. Tracee

    Tracee Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    337
    used my laptop as it would not allow pasting or attaching on the one I'm trying to fix.

    ComboFix 10-05-02.01 - Owner 05/02/2010 18:44:53.3.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2494 [GMT -6:00]
    Running from: c:\documents and settings\Owner\Desktop\puppy.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
    .

    2010-05-02 08:10 . 2010-05-02 08:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-28 06:30 . 2010-04-28 06:30 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-04-28 06:29 . 2010-04-28 06:29 -------- d-----w- c:\program files\Personal Antispy
    2010-04-22 23:57 . 2010-04-22 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\30148
    2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2010-04-21 02:12 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-21 02:12 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-20 16:38 . 2010-04-20 16:38 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-04-20 16:38 . 2010-04-20 16:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2010-04-14 18:08 . 2010-04-14 18:08 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    2010-04-14 18:08 . 2010-04-14 18:08 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
    2010-04-14 18:08 . 2010-04-14 18:08 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
    2010-04-14 18:08 . 2010-04-14 18:08 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
    2010-04-14 18:08 . 2010-04-14 18:08 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
    2010-04-14 18:08 . 2010-04-14 18:08 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2010-04-14 18:08 . 2010-04-14 18:08 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
    2010-04-14 18:08 . 2010-04-14 18:08 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-02 18:42 . 2009-01-21 07:18 -------- d-----w- c:\program files\Mozilla Thunderbird 3 Beta 1
    2010-05-02 08:10 . 2009-12-08 06:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-01 17:18 . 2009-01-21 03:40 216200 ----a-w- c:\windows\system32\drivers\AvgLdx86.sys
    2010-04-28 18:18 . 2009-10-21 01:39 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
    2010-04-28 17:03 . 2009-11-02 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-28 06:41 . 2009-11-02 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-28 06:39 . 2009-08-20 08:06 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
    2010-04-20 16:38 . 2009-01-21 03:40 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-03 06:07 . 2010-02-28 07:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Bioshock2
    2010-03-29 23:10 . 2009-11-03 19:12 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla
    2010-03-27 20:18 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Juniper Networks
    2010-03-27 20:17 . 2010-03-27 20:17 291696 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
    2010-03-27 20:17 . 2010-03-27 20:17 36948 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\setup\uninstall.exe
    2010-03-27 20:17 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
    2010-03-17 16:43 . 2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-17 16:43 . 2009-01-21 03:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-14 18:40 . 2009-10-21 01:39 -------- d-----w- c:\program files\LimeWire
    2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-02 04:00 . 2010-03-02 04:00 188968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-03-01 20:46 . 2009-09-22 01:45 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
    2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-04 15:53 . 2010-03-31 15:02 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-02-04 15:53 . 2009-01-22 01:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    .

    ((((((((((((((((((((((((((((( [email protected]_22.44.06 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-05-03 00:17 . 2010-05-03 00:17 16384 c:\windows\Temp\Perflib_Perfdata_548.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
    "nwiz"="nwiz.exe" [2008-12-26 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2010-03-31 15:02 818256 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
    2009-11-24 07:03 906640 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2008-02-18 20:36 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2009-07-16 21:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-02-27 19:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    2008-02-18 20:36 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2008-09-16 18:16 1833296 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-01-22 04:56 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-08-14 22:31 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-06-03 12:46 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2008-09-12 16:45 36352 ----a-w- c:\program files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
    "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= c:\\Program Files\\BitTorrent\\bittorrent.exe
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\123CopyDVD 2009\\123CopyDVD.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
    "c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 7:44 PM 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\AvgLdx86.sys [1/20/2009 9:40 PM 216200]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/20/2009 9:40 PM 242896]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/17/2010 10:43 AM 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 10:43 AM 308064]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 9:52 AM 1265264]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 6:46 AM 92008]
    R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [1/20/2009 3:48 PM 1310720]
    S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} - hxxp://www.freehandmusic.com/Update/biblionet.cab
    DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://www.freehandmusic.com/Update/SoleroMusicControl.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sra.cn.ca/dana-cached/sc/JuniperSetupClient.cab
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\imrofufo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-02 18:50
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-57989841-1390067357-682003330-1003\Software\SecuROM\License information*]
    "datasecu"=hex:db,43,43,5c,9c,a8,79,73,a8,32,94,d1,01,a9,9d,03,e1,31,1c,c4,12,
    80,9a,6b,23,1a,62,98,d8,e6,f1,9c,c2,49,df,fc,22,99,78,09,32,97,10,ce,48,2c,\
    "rkeysecu"=hex:10,6c,fe,42,bc,ec,2f,e0,93,95,e9,d3,98,2f,67,bb
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(744)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'lsass.exe'(804)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(2944)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-05-02 18:53:05
    ComboFix-quarantined-files.txt 2010-05-03 00:53
    ComboFix2.txt 2010-05-03 00:34
    ComboFix3.txt 2010-04-28 22:46
    ComboFix4.txt 2008-05-21 23:27

    Pre-Run: 380,952,506,368 bytes free
    Post-Run: 380,940,369,920 bytes free

    - - End Of File - - 794185CA8180A016776011A3C1A63DCD
     
  12. Tracee

    Tracee Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    337
    Sorry... I didn't see Personal Antispy in my add/remove list, and just noticed it on the comboFix scan.

    I uninstalled it via the Programs menu.

    Should I run another comboFix scan?
     
  13. Tracee

    Tracee Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    337
    Ok, so I ran the TFC again, and then the ComboFix.

    Here is the new ComboFix scan.

    ComboFix 10-05-02.01 - Owner 05/02/2010 19:28:47.4.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2564 [GMT -6:00]
    Running from: c:\documents and settings\Owner\Desktop\puppy.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
    .

    2010-05-02 08:10 . 2010-05-02 08:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-28 06:30 . 2010-04-28 06:30 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-04-22 23:57 . 2010-04-22 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\30148
    2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2010-04-21 02:12 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-21 02:12 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-20 16:38 . 2010-04-20 16:38 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-04-20 16:38 . 2010-04-20 16:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2010-04-14 18:08 . 2010-04-14 18:08 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    2010-04-14 18:08 . 2010-04-14 18:08 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
    2010-04-14 18:08 . 2010-04-14 18:08 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
    2010-04-14 18:08 . 2010-04-14 18:08 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
    2010-04-14 18:08 . 2010-04-14 18:08 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
    2010-04-14 18:08 . 2010-04-14 18:08 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2010-04-14 18:08 . 2010-04-14 18:08 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
    2010-04-14 18:08 . 2010-04-14 18:08 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-03 01:18 . 2009-01-22 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-05-03 01:17 . 2009-01-22 01:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-05-03 00:53 . 2009-01-21 07:18 -------- d-----w- c:\program files\Mozilla Thunderbird 3 Beta 1
    2010-05-02 08:10 . 2009-12-08 06:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-01 17:18 . 2009-01-21 03:40 216200 ----a-w- c:\windows\system32\drivers\AvgLdx86.sys
    2010-04-28 18:18 . 2009-10-21 01:39 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
    2010-04-28 17:03 . 2009-11-02 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-28 06:41 . 2009-11-02 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-28 06:39 . 2009-08-20 08:06 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
    2010-04-20 16:38 . 2009-01-21 03:40 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-03 06:07 . 2010-02-28 07:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Bioshock2
    2010-03-29 23:10 . 2009-11-03 19:12 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla
    2010-03-27 20:18 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Juniper Networks
    2010-03-27 20:17 . 2010-03-27 20:17 291696 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
    2010-03-27 20:17 . 2010-03-27 20:17 36948 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\setup\uninstall.exe
    2010-03-27 20:17 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
    2010-03-17 16:43 . 2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-17 16:43 . 2009-01-21 03:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-14 18:40 . 2009-10-21 01:39 -------- d-----w- c:\program files\LimeWire
    2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-02 04:00 . 2010-03-02 04:00 188968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-03-01 20:46 . 2009-09-22 01:45 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
    2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-04 15:53 . 2010-03-31 15:02 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-02-04 15:53 . 2009-01-22 01:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    .

    ((((((((((((((((((((((((((((( [email protected]_22.44.06 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-05-03 01:24 . 2010-05-03 01:24 16384 c:\windows\Temp\Perflib_Perfdata_490.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
    "nwiz"="nwiz.exe" [2008-12-26 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2010-03-31 15:02 818256 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
    2009-11-24 07:03 906640 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2008-02-18 20:36 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2009-07-16 21:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-02-27 19:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    2008-02-18 20:36 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2008-09-16 18:16 1833296 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-01-22 04:56 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-08-14 22:31 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-06-03 12:46 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2008-09-12 16:45 36352 ----a-w- c:\program files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
    "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= c:\\Program Files\\BitTorrent\\bittorrent.exe
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\123CopyDVD 2009\\123CopyDVD.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
    "c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 7:44 PM 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\AvgLdx86.sys [1/20/2009 9:40 PM 216200]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/20/2009 9:40 PM 242896]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/17/2010 10:43 AM 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 10:43 AM 308064]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 9:52 AM 1265264]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 6:46 AM 92008]
    R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [1/20/2009 3:48 PM 1310720]
    S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} - hxxp://www.freehandmusic.com/Update/biblionet.cab
    DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://www.freehandmusic.com/Update/SoleroMusicControl.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sra.cn.ca/dana-cached/sc/JuniperSetupClient.cab
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\imrofufo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-1.0 - c:\program files\Personal Antispy\uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-02 19:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-57989841-1390067357-682003330-1003\Software\SecuROM\License information*]
    "datasecu"=hex:db,43,43,5c,9c,a8,79,73,a8,32,94,d1,01,a9,9d,03,e1,31,1c,c4,12,
    80,9a,6b,23,1a,62,98,d8,e6,f1,9c,c2,49,df,fc,22,99,78,09,32,97,10,ce,48,2c,\
    "rkeysecu"=hex:10,6c,fe,42,bc,ec,2f,e0,93,95,e9,d3,98,2f,67,bb
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(744)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'lsass.exe'(804)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(4040)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-05-02 19:39:05
    ComboFix-quarantined-files.txt 2010-05-03 01:39
    ComboFix2.txt 2010-05-03 00:53
    ComboFix3.txt 2010-05-03 00:34
    ComboFix4.txt 2010-04-28 22:46
    ComboFix5.txt 2010-05-03 01:27

    Pre-Run: 380,965,433,344 bytes free
    Post-Run: 380,929,081,344 bytes free

    - - End Of File - - 653401630A89732C36D67C3F921964F4
     
  14. jmw3

    jmw3 Malware Specialist

    Joined:
    Jul 23, 2007
    Messages:
    1,460
    Hi

    Any reason why you renamed ComboFix.exe to puppy.exe?

    CFScript
    Close any open browsers.
    Open notepad and copy/paste the text in the code box below into it:

    Code:
    Folder::
    c:\program files\Personal Antispy
    DirLook::
    c:\documents and settings\All Users\Application Data\30148
    Driver::
    NeroRegInCDSrv
    DDS::
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe
    If prompted by ComboFix to update, please do so
    When finished, it shall produce a log for you at "C:\ComboFix.txt"
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
    A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    maxlook
    Download maxlook by noahdfear from Here & save the file to your desktop.
    • Double click maxlook.exe to run it. Note - you must run it only once!
    • As instructed when the tool runs, restart the computer & log on to the Recovery Console
    • Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

      batch look.bat

    • Press Enter
    • You will see 1 file copied many times then return to the x:\windows> prompt
    • Type Exit to restart your computer then logon in normal mode
    • Once back in Windows, go to Start > Run & copy/paste the following then press Enter

      maxlook -sig

    • Follow the prompts & post the log produced, C:\looklog.txt
    To post in next reply:
    ComboFix log
    looklog.txt

    Could you also let me know if you uninstalled any of the P2P programs. If so we can clean up any leftover files/folders/registry entries
     
  15. Tracee

    Tracee Thread Starter

    Joined:
    Mar 9, 2004
    Messages:
    337
    I'm sorry, I did not remove the P2P programs as I do use them and am usually pretty careful with what I download. I will be extra careful now. :eek:

    Here is the comboFix log:

    ComboFix 10-05-02.01 - Owner 05/02/2010 20:31:40.5.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2651 [GMT -6:00]
    Running from: c:\documents and settings\Owner\Desktop\puppy.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NEROREGINCDSRV
    -------\Service_NeroRegInCDSrv


    ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
    .

    2010-05-02 08:10 . 2010-05-02 08:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-28 06:30 . 2010-04-28 06:30 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-04-22 23:57 . 2010-04-22 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\30148
    2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2010-04-21 02:12 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-21 02:12 . 2010-04-21 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-21 02:12 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-20 16:38 . 2010-04-20 16:38 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-04-20 16:38 . 2010-04-20 16:38 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2010-04-14 18:08 . 2010-04-14 18:08 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    2010-04-14 18:08 . 2010-04-14 18:08 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
    2010-04-14 18:08 . 2010-04-14 18:08 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
    2010-04-14 18:08 . 2010-04-14 18:08 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
    2010-04-14 18:08 . 2010-04-14 18:08 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
    2010-04-14 18:08 . 2010-04-14 18:08 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2010-04-14 18:08 . 2010-04-14 18:08 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
    2010-04-14 18:08 . 2010-04-14 18:08 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
    2010-04-14 18:08 . 2010-04-14 18:08 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-03 02:24 . 2009-01-21 07:18 -------- d-----w- c:\program files\Mozilla Thunderbird 3 Beta 1
    2010-05-03 02:06 . 2009-12-08 06:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-03 02:03 . 2009-01-22 01:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-05-03 01:39 . 2009-01-22 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-05-01 17:18 . 2009-01-21 03:40 216200 ----a-w- c:\windows\system32\drivers\AvgLdx86.sys
    2010-04-28 18:18 . 2009-10-21 01:39 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
    2010-04-28 17:03 . 2009-11-02 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-04-28 06:41 . 2009-11-02 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-28 06:39 . 2009-08-20 08:06 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
    2010-04-20 16:38 . 2009-01-21 03:40 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-04-03 06:07 . 2010-02-28 07:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Bioshock2
    2010-03-29 23:10 . 2009-11-03 19:12 -------- d-----w- c:\documents and settings\Owner\Application Data\FileZilla
    2010-03-27 20:18 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Juniper Networks
    2010-03-27 20:17 . 2010-03-27 20:17 291696 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
    2010-03-27 20:17 . 2010-03-27 20:17 36948 ----a-w- c:\documents and settings\Owner\Application Data\Juniper Networks\setup\uninstall.exe
    2010-03-27 20:17 . 2010-03-27 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
    2010-03-17 16:43 . 2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-17 16:43 . 2009-01-21 03:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-14 18:40 . 2009-10-21 01:39 -------- d-----w- c:\program files\LimeWire
    2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-02 04:00 . 2010-03-02 04:00 188968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-03-01 20:46 . 2009-09-22 01:45 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
    2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-04 15:53 . 2010-03-31 15:02 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-02-04 15:53 . 2009-01-22 01:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\documents and settings\All Users\Application Data\30148 ----

    2010-04-22 23:57 . 2010-04-22 23:57 3172 ----a-w- c:\documents and settings\All Users\Application Data\30148\{BF55C9EF-AA5F-4ADF-A3CE-352FC468402A}.swf


    ((((((((((((((((((((((((((((( [email protected]_22.44.06 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-05-03 02:41 . 2010-05-03 02:41 16384 c:\windows\Temp\Perflib_Perfdata_4b4.dat
    + 2010-05-03 02:41 . 2009-10-07 07:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
    "nwiz"="nwiz.exe" [2008-12-26 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-03-17 16:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2010-03-31 15:02 818256 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
    2009-11-24 07:03 906640 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2008-02-18 20:36 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2009-07-16 21:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-02-27 19:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    2008-02-18 20:36 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-01-22 04:56 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-08-14 22:31 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-06-03 12:46 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2008-09-12 16:45 36352 ----a-w- c:\program files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
    "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= c:\\Program Files\\BitTorrent\\bittorrent.exe
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\123CopyDVD 2009\\123CopyDVD.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\fear2\\FEAR2.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
    "c:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 7:44 PM 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\AvgLdx86.sys [1/20/2009 9:40 PM 216200]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/20/2009 9:40 PM 242896]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/17/2010 10:43 AM 916760]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 10:43 AM 308064]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 9:52 AM 1265264]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 6:46 AM 92008]
    R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [1/20/2009 3:48 PM 1310720]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} - hxxp://www.freehandmusic.com/Update/biblionet.cab
    DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} - hxxp://www.freehandmusic.com/Update/SoleroMusicControl.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sra.cn.ca/dana-cached/sc/JuniperSetupClient.cab
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\imrofufo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-02 20:43
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-57989841-1390067357-682003330-1003\Software\SecuROM\License information*]
    "datasecu"=hex:db,43,43,5c,9c,a8,79,73,a8,32,94,d1,01,a9,9d,03,e1,31,1c,c4,12,
    80,9a,6b,23,1a,62,98,d8,e6,f1,9c,c2,49,df,fc,22,99,78,09,32,97,10,ce,48,2c,\
    "rkeysecu"=hex:10,6c,fe,42,bc,ec,2f,e0,93,95,e9,d3,98,2f,67,bb
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(744)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'lsass.exe'(804)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(1324)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2010-05-02 20:48:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-05-03 02:48
    ComboFix2.txt 2010-05-03 01:39
    ComboFix3.txt 2010-05-03 00:53
    ComboFix4.txt 2010-05-03 00:34
    ComboFix5.txt 2010-05-03 02:29

    Pre-Run: 380,912,758,784 bytes free
    Post-Run: 380,785,152,000 bytes free

    - - End Of File - - F4EFA1E663244A35E69D652A8574C3D6

    Here is the looklog:

    Code:
    Run from C:\Documents and Settings\Owner\Desktop\maxlook.exe on Sun 05/02/2010 at 22:02:11.20
    
    --------- maxlook unsigned files ---------
    
    c:\windows\maxdriver\AvgLdx86.sys:
    	Verified:	Unsigned
    	File date:	11:18 AM 5/1/2010
    	Publisher:	n/a
    	Description:	n/a
    	Product:	n/a
    	Version:	n/a
    	File version:	n/a
    c:\windows\maxdriver\cdr4_xp.sys:
    	Verified:	Unsigned
    	File date:	3:00 AM 8/19/2005
    	Publisher:	Sonic Solutions
    	Description:	CDR4 CD and DVD Place Holder Driver (see PxHelp)
    	Product:	Drag-to-Disc
    	Version:	8.0.0.212 
    	File version:	8.0.0.212 
    c:\windows\maxdriver\cdralw2k.sys:
    	Verified:	Unsigned
    	File date:	3:00 AM 8/19/2005
    	Publisher:	Sonic Solutions
    	Description:	CDRAL Place Holder Driver (see PxHelp)
    	Product:	Drag-to-Disc
    	Version:	8.0.0.212 
    	File version:	8.0.0.212 
    c:\windows\maxdriver\nvtcp.sys:
    	Verified:	Unsigned
    	File date:	9:08 PM 4/14/2006
    	Publisher:	NVIDIA Corporation
    	Description:	NVIDIA Networking Protocol Driver.
    	Product:	NVTCP
    	Version:	1.00.00.05025
    	File version:	1.00.00.05025
    
    --------- system32\drivers unsigned files ---------
    
    c:\windows\system32\drivers\cdr4_xp.sys:
    	Verified:	Unsigned
    	File date:	3:00 AM 8/19/2005
    	Publisher:	Sonic Solutions
    	Description:	CDR4 CD and DVD Place Holder Driver (see PxHelp)
    	Product:	Drag-to-Disc
    	Version:	8.0.0.212 
    	File version:	8.0.0.212 
    c:\windows\system32\drivers\cdralw2k.sys:
    	Verified:	Unsigned
    	File date:	3:00 AM 8/19/2005
    	Publisher:	Sonic Solutions
    	Description:	CDRAL Place Holder Driver (see PxHelp)
    	Product:	Drag-to-Disc
    	Version:	8.0.0.212 
    	File version:	8.0.0.212 
    c:\windows\system32\drivers\nvtcp.sys:
    	Verified:	Unsigned
    	File date:	9:08 PM 4/14/2006
    	Publisher:	NVIDIA Corporation
    	Description:	NVIDIA Networking Protocol Driver.
    	Product:	NVTCP
    	Version:	1.00.00.05025
    	File version:	1.00.00.05025
    
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Still getting random
  1. MayurXsh
    Replies:
    1
    Views:
    429
  2. Scuba69
    Replies:
    5
    Views:
    542
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/919483

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice