Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Computer, several problems including Antivirus 2009/Antivirus 360


  • This topic is locked This topic is locked
5 replies to this topic

#1 angelinazooma

angelinazooma

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 12 January 2009 - 06:07 PM

Okay, I've been fighting this for a couple weeks now and things keep popping up.

It started with Antivirus 2009, which was hijacking my browser windows and making my desktop flicker. I (thought) I'd gotten rid of this but then more issues popped up a week or so later.

I had what appeared to be Antivirus 2009/ Antivirus 360 again, but it was coupled with something that was causing my computer to shut down due to "DCOM Server Process Launcher" shutting me down.

I'd "mostly" fixed this problem, with the exception that I can no longer defrag my computer.

Then today I had a warning pop up in my toolbar that said I was infected, and tried to direct me to real-avg.org, so I immediately shut off my wireless and ran malwarebits, adaware, avg free, Iobit's Advanced System Care and I'm just really paraniod that I can't get rid of this problem.

Oh, and I've had a few blue screen's of death here and there in all of this, but I'm not sure what they were specifically warning against.

I've ran HijackThis and the DDS thing, and here are the results.. any help would be hugely appreciated!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:30 PM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Angie Gott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webprovider.ca/vrb1/status2.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [XSC SIP Client] "C:\Program Files\X-PRO Vonage\X-PRO-Vonage.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Angie Gott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [bodujusedi] Rundll32.exe "C:\WINDOWS\system32\vufipuye.dll",s (User '?')
O4 - HKUS\S-1-5-20\..\Run: [bodujusedi] Rundll32.exe "C:\WINDOWS\system32\vufipuye.dll",s (User '?')
O4 - HKUS\S-1-5-21-2417178129-1633585-2783902139-1005\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-21-2417178129-1633585-2783902139-1005\..\Run: [XSC SIP Client] "C:\Program Files\X-PRO Vonage\X-PRO-Vonage.exe" (User '?')
O4 - HKUS\S-1-5-21-2417178129-1633585-2783902139-1005\..\Run: [Google Update] "C:\Documents and Settings\Angie Gott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-2417178129-1633585-2783902139-1005\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (User '?')
O4 - S-1-5-21-2417178129-1633585-2783902139-1005 Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe (User '?')
O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User '?')
O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.cogeco.ca/en/OLS3.3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DF54E8E-54A9-4894-AC62-C7A5D06A662F}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 11875 bytes








DDS (Ver_09-01-07.01) - NTFSx86
Run by Angie Gott at 18:03:09.48 on Mon 01/12/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.webprovider.ca/vrb1/status2.html
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [XSC SIP Client] "c:\program files\x-pro vonage\X-PRO-Vonage.exe"
uRun: [Google Update] "c:\documents and settings\angie gott\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [MotiveMonitor] "c:\program files\motive\asstcommon\motmon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\angieg~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital lifeline\bin\mpbtn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TCP: {8DF54E8E-54A9-4894-AC62-C7A5D06A662F} = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\angieg~1\applic~1\mozilla\firefox\profiles\wc509wa9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - component: c:\documents and settings\angie gott\application data\mozilla\firefox\profiles\wc509wa9.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\angie gott\application data\mozilla\firefox\profiles\wc509wa9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\angie gott\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: XUL Cache: {BDBA7A2B-5C3E-4D7C-BD5E-39CCED13E5D8} - c:\windows\system32\config\systemprofile\local settings\application data\{bdba7a2b-5c3e-4d7c-bd5e-39cced13e5d8}\

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-12 13:27 1 a------- c:\windows\system32\uniq.tll
2009-01-12 13:27 1 a------- c:\windows\system32\test.ttt
2009-01-12 13:27 31,232 a------- c:\windows\system32\pcload.exe
2009-01-09 11:57 <DIR> --d----- c:\docume~1\angieg~1\applic~1\IObit
2009-01-09 11:14 11,138 a------- c:\windows\msvrc20.dll
2009-01-06 12:03 <DIR> --d----- c:\docume~1\angieg~1\applic~1\IsolatedStorage
2009-01-06 12:02 <DIR> --d----- c:\program files\ljArchive
2009-01-04 01:47 <DIR> --d----- c:\program files\Advanced Windows Cleaner
2009-01-03 18:12 <DIR> --d----- c:\program files\Trend Micro
2009-01-03 15:06 <DIR> --d----- c:\windows\ie8updates
2009-01-03 14:03 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-03 04:06 <DIR> --d----- C:\5dd7b5e94212ee5dd0e91febc87a
2009-01-03 01:15 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-03 01:15 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-03 01:15 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-03 01:15 <DIR> --d----- c:\docume~1\angieg~1\applic~1\AVGTOOLBAR
2009-01-03 01:15 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-03 01:15 <DIR> --d----- c:\program files\AVG
2009-01-03 01:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-27 12:26 <DIR> --d----- c:\program files\directx
2008-12-27 12:25 7,552 a------- c:\windows\system32\drivers\enodpl.sys
2008-12-27 12:25 4,736 a------- c:\windows\system32\drivers\tandpl.sys
2008-12-25 11:24 <DIR> --d----- c:\program files\Magellan
2008-12-25 11:24 26,112 ac------ c:\windows\system32\dllcache\usbser.sys
2008-12-25 11:24 26,112 a------- c:\windows\system32\drivers\usbser.sys
2008-12-24 16:10 <DIR> --d----- C:\fsaua.data
2008-12-23 14:36 <DIR> --d----- c:\program files\Kaspersky Lab
2008-12-23 14:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2008-12-21 00:00 1,610,020 ---sh--- c:\windows\system32\uzafuyat.ini
2008-12-18 10:40 <DIR> --d----- c:\program files\Lavasoft
2008-12-18 10:39 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-15 16:45 <DIR> --d----- c:\docume~1\angieg~1\applic~1\Malwarebytes
2008-12-15 16:45 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-15 16:45 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-15 16:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-15 16:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-01-12 16:31 12,721 ac------ c:\windows\system32\tablet.dat
2008-10-27 08:34 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
2007-11-27 12:25 14 ac------ c:\documents and settings\angie gott\getfile.dat

============= FINISH: 18:03:20.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:48 AM

Posted 13 January 2009 - 07:51 AM

Hello Angelinazooma and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 angelinazooma

angelinazooma
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 13 January 2009 - 10:31 AM

Thanks Thunder!

I've done what you requested, but I couldn't find the combofix.txt after running it, so I ran it a second time.

here are the logs:


GooredFix v1.82 by jpshortstuff
Log created at 09:49 on 13/01/2009 running Option #2 (Angie Gott)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{BDBA7A2B-5C3E-4D7C-BD5E-39CCED13E5D8}"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{BDBA7A2B-5C3E-4D7C-BD5E-39CCED13E5D8}\"
->Backing up value... Done.
->Deleting value... Done.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{BDBA7A2B-5C3E-4D7C-BD5E-39CCED13E5D8}\
->Backing up folder... Done.
->Emptying folder... Failed.
->Deleting folder... Failed.
->Delete on reboot... Set.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\Program Files\AVG\AVG8\ToolbarFF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

=====Reboot=====

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{BDBA7A2B-5C3E-4D7C-BD5E-39CCED13E5D8}"
->Unable to find folder.




ComboFix 09-01-12.03 - Angie Gott 2009-01-13 10:18:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.473 [GMT -5:00]
Running from: c:\documents and settings\Angie Gott\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-12 18:17 . 2009-01-12 18:50 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-12 18:17 . 2009-01-12 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 13:27 . 2009-01-12 13:27 31,232 --a------ c:\windows\system32\pcload.exe
2009-01-09 11:57 . 2009-01-09 11:57 <DIR> d-------- c:\documents and settings\Angie Gott\Application Data\IObit
2009-01-06 12:03 . 2009-01-06 12:03 <DIR> d-------- c:\documents and settings\Angie Gott\Application Data\IsolatedStorage
2009-01-06 12:02 . 2009-01-06 12:02 <DIR> d-------- c:\program files\ljArchive
2009-01-04 01:47 . 2009-01-04 01:47 <DIR> d-------- c:\program files\Advanced Windows Cleaner
2009-01-03 18:12 . 2009-01-03 18:12 <DIR> d-------- c:\program files\Trend Micro
2009-01-03 15:06 . 2009-01-09 10:57 <DIR> d-------- c:\windows\ie8updates
2009-01-03 14:03 . 2009-01-03 14:03 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-03 04:06 . 2009-01-03 05:36 <DIR> d-------- C:\5dd7b5e94212ee5dd0e91febc87a
2009-01-03 01:15 . 2009-01-13 09:16 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-03 01:15 . 2009-01-03 01:15 <DIR> d-------- c:\program files\AVG
2009-01-03 01:15 . 2009-01-05 17:01 <DIR> d-------- c:\documents and settings\Angie Gott\Application Data\AVGTOOLBAR
2009-01-03 01:15 . 2009-01-13 09:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-03 01:15 . 2009-01-03 01:15 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-03 01:15 . 2009-01-03 01:15 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-03 01:15 . 2009-01-03 01:15 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-27 12:26 . 2008-12-27 12:26 <DIR> d-------- c:\program files\directx
2008-12-27 12:25 . 2003-03-02 19:44 7,552 --a------ c:\windows\system32\drivers\enodpl.sys
2008-12-27 12:25 . 2003-04-19 02:32 4,736 --a------ c:\windows\system32\drivers\tandpl.sys
2008-12-25 11:24 . 2009-01-03 12:50 <DIR> d-------- c:\program files\Magellan
2008-12-25 11:24 . 2008-04-13 14:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-25 11:24 . 2008-04-13 14:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-12-24 16:10 . 2008-12-24 16:10 <DIR> d-------- C:\fsaua.data
2008-12-23 14:36 . 2008-12-23 14:36 <DIR> d-------- c:\program files\Kaspersky Lab
2008-12-23 14:34 . 2008-12-23 14:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-18 10:40 . 2008-12-18 10:40 <DIR> d-------- c:\program files\Lavasoft
2008-12-18 10:40 . 2008-12-18 10:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-18 10:39 . 2008-12-18 10:39 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-15 16:45 . 2008-12-15 16:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-15 16:45 . 2008-12-15 16:45 <DIR> d-------- c:\documents and settings\Angie Gott\Application Data\Malwarebytes
2008-12-15 16:45 . 2008-12-15 16:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-15 16:45 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-15 16:45 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 14:45 . 2008-12-15 14:45 <DIR> d-------- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 15:15 --------- d-----w c:\documents and settings\Angie Gott\Application Data\Skype
2009-01-13 15:14 --------- d-----w c:\documents and settings\Angie Gott\Application Data\skypePM
2009-01-13 15:14 --------- d-----w c:\documents and settings\Angie Gott\Application Data\OpenOffice.org2
2009-01-10 05:18 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-09 22:04 --------- d-----w c:\program files\Trillian
2009-01-09 16:57 --------- d-----w c:\program files\IObit
2009-01-04 06:51 --------- d-----w c:\documents and settings\Angie Gott\Application Data\Canon
2009-01-04 06:51 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-03 17:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-24 14:17 --------- d-----w c:\program files\TweakRAM
2008-12-18 14:20 --------- d-----w c:\documents and settings\Angie Gott\Application Data\Lavasoft
2008-12-15 19:01 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-14 01:09 --------- d-----w c:\program files\JetAudio
2008-12-04 13:58 --------- d-----w c:\program files\Skype
2008-12-04 13:58 --------- d-----w c:\program files\Common Files\Skype
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 -c--a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2007-11-27 17:25 14 -c--a-w c:\documents and settings\Angie Gott\getfile.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-13_10.08.27.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-13 15:04:18 12,721 -c--a-w c:\windows\system32\tablet.dat
+ 2009-01-13 15:13:45 12,721 -c--a-w c:\windows\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"XSC SIP Client"="c:\program files\X-PRO Vonage\X-PRO-Vonage.exe" [2005-03-28 3547136]
"Google Update"="c:\documents and settings\Angie Gott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2008-12-21 2250256]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-21 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"MotiveMonitor"="c:\program files\Motive\AsstCommon\motmon.exe" [2002-09-27 135168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-03 1261336]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2006-12-27 298]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2006-12-27 298]

c:\documents and settings\Angie Gott\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-01-02 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2007-01-13 172032]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2007-01-08 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\X-PRO Vonage\\X-PRO-Vonage.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23026:TCP"= 23026:TCP:BitComet 23026 TCP
"23026:UDP"= 23026:UDP:BitComet 23026 UDP
"52000:TCP"= 52000:TCP:52000
"52000:UDP"= 52000:UDP:BitComet 52000 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-03 97928]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-03 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-03 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-03 76040]
S1 efbDisk;efbDisk; [x]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2007-11-05 31872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a697bd2a-8d7c-11dd-a577-0016e39deef5}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-13 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2008-12-12 12:17]

2009-01-13 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2008-12-12 12:17]

2009-01-13 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-01-13 10:14]

2009-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2417178129-1633585-2783902139-1005.job
- c:\documents and settings\Angie Gott\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 09:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webprovider.ca/vrb1/status2.html
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: {8DF54E8E-54A9-4894-AC62-C7A5D06A662F} = 192.168.0.1

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Angie Gott\Application Data\Mozilla\Firefox\Profiles\wc509wa9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - component: c:\documents and settings\Angie Gott\Application Data\Mozilla\Firefox\Profiles\wc509wa9.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Angie Gott\Application Data\Mozilla\Firefox\Profiles\wc509wa9.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Angie Gott\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 10:21:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-13 10:24:06
ComboFix-quarantined-files.txt 2009-01-13 15:23:32
ComboFix2.txt 2009-01-13 15:10:12

Pre-Run: 9,285,877,760 bytes free
Post-Run: 9,274,097,664 bytes free

226 --- E O F --- 2009-01-11 04:24:34

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:48 AM

Posted 13 January 2009 - 10:43 AM

Hello Angelinazooma,

Looking better now. :thumbsup:

Open Notepad and copy and paste the bold, blue text below in it:@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
"c:\windows\system32\pcload.exe") DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Save this as del.bat Choose to save as "all files" and place it on your Desktop.
It should look like this: Posted Image
Doubleclick on it and post the content of the log fole that opens in your next reply.

Then, you can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Click the Download button to the right of Java SE Runtime Environment (JRE) 6 Update 11 (first option).
  • Select your Platform (Windows version) and check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
  • Click "Continue" and the page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 angelinazooma

angelinazooma
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 18 January 2009 - 01:11 PM

Hi Thunder, I just wanted to update you on the situation. I wanted to use it for a few days just to make sure nothing new was going to pop up on me, but it looks like I'm fixed! Thanks so much for your time and help!

Angie

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:48 AM

Posted 18 January 2009 - 01:30 PM

Glad we could help, Angie :thumbsup:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users