Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Laptop is running slow and AVG will not turn on


  • This topic is locked This topic is locked
22 replies to this topic

#1 luiben

luiben

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 27 February 2009 - 04:42 PM

My laptop is running slow and my AVG Anti-Virus is turned off. I tried to turn it on the AVG on several occasions, and it will not turn on? Any help would be greatly appreciated.



DDS (Ver_09-02-01.01) - NTFSx86
Run by Luis Goyeneche at 16:21:31.39 on Fri 02/27/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.196 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\lxdccoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\Intuit\QUICKB~1.0\QBDBMgrN.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Luis Goyeneche\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\ACT\Act for Windows\ActSage.exe
C:\Program Files\Intuit\QuickBooks Enterprise Solutions 8.0\qbw32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TOSHIBA\TOSHIBA SD Memory Utilities\TOSSDFMT.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Luis Goyeneche\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\users\luis goyeneche\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\QBServerUtilityMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~3.lnk - c:\program files\common files\intuit\quickbooks\qbwebconnector\QBWebConnector.exe
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} - hxxp://www.blackberry.com/devicesoftware/AxLoader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks enterprise solutions 8.0\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\luisgo~1\appdata\roaming\mozilla\firefox\profiles\izqsbc06.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\users\luis goyeneche\appdata\local\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-28 325128]
R3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2);c:\windows\system32\drivers\idcphid.sys [2008-12-11 16256]

=============== Created Last 30 ================

2009-02-26 12:13 <DIR> --d----- c:\users\luisgo~1\appdata\roaming\Research In Motion
2009-02-26 12:00 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-02-26 12:00 <DIR> --d----- c:\program files\Roxio
2009-02-26 11:53 <DIR> --d----- c:\program files\common files\Research In Motion
2009-02-26 11:53 <DIR> --d----- c:\program files\Research In Motion
2009-02-16 08:09 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-16 08:09 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-16 08:09 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-16 08:09 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-16 08:09 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-13 03:01 <DIR> --d----- c:\windows\SQL9_KB960089_ENU
2009-02-12 13:26 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-12 12:56 827,392 a------- c:\windows\system32\wininet.dll
2009-02-12 12:56 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-06 11:46 16 ----h--- c:\users\luis goyeneche\SyncToy_25860451-f17c-46bb-a165-7e27a137d6ae.dat
2009-02-06 11:44 <DIR> --d----- c:\program files\SyncToy 2.0
2009-02-03 08:05 <DIR> --dsh--- C:\found.003

==================== Find3M ====================

2009-02-27 16:20 1,942 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-26 11:55 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-26 11:55 51,200 a------- c:\windows\inf\infpub.dat
2009-02-26 11:55 86,016 a------- c:\windows\inf\infstor.dat
2009-02-12 13:26 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-20 10:38 119,544 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-01-12 10:35 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-16 10:12 61,224 a------- c:\users\luis goyeneche\GoToAssistDownloadHelper.exe
2008-06-11 02:11 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-29 10:33 174 a--sh--- c:\program files\desktop.ini
2008-04-03 10:44 952 a--sh--- c:\programdata\KGyGaAvL.sys
2008-04-03 10:44 952 a--sh--- c:\progra~2\KGyGaAvL.sys
2008-03-24 09:46 88 ---shr-- c:\programdata\1BD664DF3C.sys
2008-03-24 09:46 88 ---shr-- c:\progra~2\1BD664DF3C.sys
2006-12-01 14:54 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-07-19 18:11 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-07-19 18:11 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-07-19 18:11 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-11-15 09:49 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-15 09:49 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-15 09:49 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-04-08 12:57 88 ---shr-- c:\windows\system32\1BD664DF3C.sys

============= FINISH: 16:22:53.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:25 AM

Posted 12 March 2009 - 08:35 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma. Appologies for taking so long in getting to you and your problem.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!


Please perform a BitDefender Online Virus and Malware Scan here:
http://www.bitdefender.com/scan8/ie.html
* Click on I Agree.
* An ActiveX warning box will appear, click on Install.
* Under Select What You Want To Check For Viruses.
* Please Check My Computer and Click Ok
* Now Click On Click Here To Scan
* Next, Click on Click here to export the scan report
* Save it to your Desktop.
* In your next reply, please include the BitDefender log and a fresh HijackThis log.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#3 luiben

luiben
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 13 March 2009 - 01:13 PM

Here are the two reports as requested.







BitDefender QuickScan Beta 0.9.2.7 - Mar 10 2009, 19:37:40
----------------------------------------------------------------

Scan date/time: Fri Mar 13 08:32:30 2009
Machine Id: CA388239
Warning: Not all process scanned because of low execution rights or 64-bit issues.


Processes
----------
<unsigned> Act.Outlook.Service 1748 C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
<unsigned> ACT! 9.x/2007 5952 C:\Program Files\ACT\Act for Windows\ActSage.exe
<unsigned> TOSHIBA Power Saver 3632 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
<unsigned> SmoothView 1584 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
<unsigned> CD/DVD Drive Acoustic Silencer 1312 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

<verified> AVG Tray Monitor 3684 C:\Program Files\AVG\AVG8\avgtray.exe
<verified> WinPatrol System Monitor 3400 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
<verified> Macrovision Software Manager 3468 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
<verified> Java™ Platform SE binary 3388 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Microsoft Location Finder 2100 C:\Program Files\Microsoft Location Finder\LocationFinder.exe
<verified> Microsoft Office Excel 2524 C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
<verified> GrooveMonitor Utility 3484 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
<verified> Firefox 5940 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Fingerprint Tray Application 3224 C:\Program Files\Protector Suite QL\psqltray.exe
<verified> Windows Defender User Interface 2312 C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows Media Player 4956 C:\Program Files\Windows Media Player\wmplayer.exe
<verified> Google Installer 4056 C:\Users\Luis Goyeneche\AppData\Local\Google\Update\GoogleUpdate.exe
<verified> Media Center Media Status Aggregator Service 3356 C:\Windows\ehome\ehmsas.exe
<verified> Media Center Tray Applet 3880 C:\Windows\ehome\ehtray.exe
<verified> Windows Explorer 888 C:\Windows\Explorer.EXE
<verified> Desktop Window Manager 2720 C:\Windows\system32\Dwm.exe
<verified> hkcmd Module 3188 C:\Windows\System32\hkcmd.exe
<verified> persistence Module 3080 C:\Windows\System32\igfxpers.exe
<verified> Microsoft Sync Center 4456 C:\Windows\System32\mobsync.exe
<verified> Microsoft Windows Search Protocol Host 5240 C:\Windows\system32\SearchProtocolHost.exe
<verified> Task Scheduler Engine 3028 C:\Windows\system32\taskeng.exe
<verified> TOSHIBA HDD Protection Service 3268 C:\Windows\System32\ThpSrv.exe
<verified> Sink to receive asynchronous callbacks for WMI cli 1032 C:\Windows\system32\wbem\unsecapp.exe


Autoruns and critical files
---------------------------
c:\program files\act\act for windows\act.outlook.service.exe
c:\program files\act\act for windows\actsage.exe
c:\program files\apoint2k\apoint.exe
c:\program files\avg\avg8\avgtray.exe
c:\program files\billp studios\winpatrol\winpatrol.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
c:\program files\common files\intuit\quickbooks\qbserverutilitymgr.exe
c:\program files\common files\intuit\quickbooks\qbwebconnector\qbwebconnector.exe
c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe
c:\program files\google\google desktop search\googledesktopnetwork3.dll
c:\program files\java\jre6\bin\jusched.exe
c:\program files\microsoft location finder\locationfinder.exe
c:\program files\microsoft office\office12\groovemonitor.exe
c:\program files\protector suite ql\launcher.exe
c:\program files\research in motion\blackberry\desktopmgr.exe
c:\program files\toshiba\power saver\tpwrmain.exe
c:\program files\toshiba\smoothview\smoothview.exe
c:\program files\toshiba\toscdspd\toscdspd.exe
c:\program files\windows defender\msascui.exe
c:\users\luis goyeneche\appdata\local\google\update\googleupdate.exe
c:\windows\ehome\ehtray.exe
c:\windows\system32\avgrsstx.dll
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxdev.dll
c:\windows\system32\igfxpers.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\mswsock.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\psqlpwd.dll
c:\windows\system32\thpsrv.exe
c:\windows\system32\winrnr.dll


Browser plugins
---------------
c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll
c:\program files\avg\avg8\avgssie.dll
c:\program files\divx\divx player\npdivxplayerplugin.dll
c:\program files\divx\divx web player\npdivx32.dll
c:\program files\google\google updater\2.4.1368.5602\npcidetect13.dll
c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
c:\program files\java\jre6\bin\jp2ssv.dll
c:\program files\microsoft office\office12\grooveshellextensions.dll
c:\program files\microsoft silverlight\2.0.40115.0\npctrl.dll
c:\program files\mozilla firefox\plugins\np-mswmp.dll
c:\program files\mozilla firefox\plugins\npdeploytk.dll
c:\program files\mozilla firefox\plugins\npdivx32.dll
c:\program files\mozilla firefox\plugins\npdivxplayerplugin.dll
c:\program files\mozilla firefox\plugins\npnul32.dll
c:\program files\mozilla firefox\plugins\npoff12.dll
c:\program files\mozilla firefox\plugins\nppdf32.dll
c:\program files\picasa2\nppicasa2.dll
c:\program files\yahoo!\common\npyaxmpb.dll
c:\windows\downloaded program files\axloader.dll
c:\windows\downloaded program files\dwusplay.dll
c:\windows\downloaded program files\dwusplay.exe
c:\windows\downloaded program files\isusweb.dll
c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\npwpf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\macromed\flash\npswf32.dll


Missing files
-------------
File not found: c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
referenced in: HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32\(default)

File not found: mscoree.dll
referenced in: HKCR\CLSID\{D5233FCD-D258-4903-89B8-FB1568E7413D}\InprocServer32\(default)


Scan
----
Unknown file: C:\Program Files\ACT\ACT for Windows\Plugins\Act.UI.InternetExplorer.Plugins.AttachFile.dll
Unknown file: C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Shared.Utilities\9.1.162.0__ebf6b2ff4d0a08aa\Act.Shared.Utilities.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Shared\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll
Unknown file: C:\Program Files\ACT\ACT for Windows\Act.Office.Addin.dll
Unknown file: C:\Program Files\ACT\ACT for Windows\Interop.Excel.dll
Unknown file: C:\Windows\system32\spool\DRIVERS\W32X86\3\KOBZVJBC.DLL
Unknown file: C:\Windows\system32\spool\DRIVERS\W32X86\3\KOBZVJBS.DLL
Unknown file: C:\Windows\system32\spool\DRIVERS\W32X86\3\KOBZVJBG.DLL
Unknown file: C:\Windows\system32\spool\DRIVERS\W32X86\3\KOBZVJBX.DLL
Unknown file: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Inter#\3efa43295072cd46369e6a69638ee5fe\Act.Framework.Interop.ni.dll
Unknown file: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\dac7a3d12882c6e0f64e6697cc6b3861\Act.Shared.Diagnostics.ni.dll
Unknown file: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\e29c71e79fe033a95004b2fbb75fa520\Act.Shared.Utilities.ni.dll
Unknown file: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Config\093f2cacb8a66c9a1e558a2be0379a10\Act.Shared.Config.ni.dll
Unknown file: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Collecti#\d35d46561b35a7d604abca81bfa84081\Act.Shared.Collections.ni.dll
Unknown file: C:\Windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1Spell\f22e8cf773056b4c9289165cb1b1824d\C1.Win.C1Spell.ni.dll
Unknown file: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Data\09ae0dac7cabb303313fd193ffc0570f\Act.Data.ni.dll
Unknown file: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Licensing\2ffd8a80bbbb87682c70175f792f7aa3\Act.Shared.Licensing.ni.dll
Unknown file: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Data.ActDb\baa65b831a2bec583a3b91c96fe62035\Act.Data.ActDb.ni.dll
Unknown file: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Data.Resources\3b67b170ec84ed76dbde93d605a1e541\Act.Data.Resources.ni.dll
Unknown file: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Win32\3a6100641a5eda90e8c01f479a444053\Act.Shared.Win32.ni.dll
Unknown file: C:\Program Files\ACT\Act for Windows\ActSage.exe
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Shared.Diagnostics\9.1.162.0__ebf6b2ff4d0a08aa\Act.Shared.Diagnostics.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.Email\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Email.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Application.Interop\9.1.162.0__ebf6b2ff4d0a08aa\Act.Application.Interop.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.Core\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Core.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.Updater\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Updater.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.Activities.Views.Shared\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Activities.Views.Shared.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.Designer.Layout\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Designer.Layout.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.PickList\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.PickList.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.Designer.Controls\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Designer.Controls.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.LookupsResources\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.LookupsResources.dll
Unknown file: C:\Program Files\ACT\Act for Windows\Plugins\AccountingLinkConversion.dll
Unknown file: C:\Program Files\ACT\Act for Windows\Plugins\Act.Devices.UI.Plugin.dll
Unknown file: C:\Program Files\ACT\Act for Windows\Plugins\Act.UI.InternetServices.Plugins.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Shared.Collections\9.1.162.0__ebf6b2ff4d0a08aa\Act.Shared.Collections.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.Dialogs\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Dialogs.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.Widgets\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Widgets.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Framework.Interop\9.1.162.0__ebf6b2ff4d0a08aa\Act.Framework.Interop.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.Designer.Conversion\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Designer.Conversion.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Framework.ComponentModel\9.1.162.0__ebf6b2ff4d0a08aa\Act.Framework.ComponentModel.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Infragistics.Act.Win.UltraWinSchedule\9.1.162.0__ebf6b2ff4d0a08aa\Infragistics.Act.Win.UltraWinSchedule.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Devices.Plugin\9.1.162.0__ebf6b2ff4d0a08aa\Act.Devices.Plugin.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Framework.Messaging\9.1.162.0__ebf6b2ff4d0a08aa\Act.Framework.Messaging.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Shared.Messaging\9.1.162.0__ebf6b2ff4d0a08aa\Act.Shared.Messaging.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.Remoting.Common\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Remoting.Common.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.ActivityViews.Widgets.TimeSelector\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.ActivityViews.Widgets.TimeSelector.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.UI.Calendar.Views\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Calendar.Views.dll
Unknown file: C:\Windows\assembly\GAC\Infralution.Controls.VirtualTree\2.3.0.0__3e7e8e3744a5c13f\Infralution.Controls.VirtualTree.dll
Unknown file: C:\Windows\assembly\GAC\Infralution.Controls\2.3.0.0__3e7e8e3744a5c13f\Infralution.Controls.dll
Unknown file: C:\Windows\assembly\GAC\Infralution.Common\2.3.0.0__3e7e8e3744a5c13f\Infralution.Common.dll
Unknown file: C:\Windows\assembly\GAC_MSIL\Act.Shared.Windows.Forms.NotificationItem\9.1.162.0__ebf6b2ff4d0a08aa\Act.Shared.Windows.Forms.NotificationItem.dll
Upload started - 55 unknown file(s)
Upload: C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe - 9728 bytes, hash: bd7f84c3d8f4c541e678fd87789ebc8a
Upload: C:\Program Files\ACT\Act for Windows\ActSage.exe - 1015808 bytes, hash: 9dfc1776e73652e5676e59f32d437817
Upload: C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll - 9728 bytes, hash: 8ec468ab4bb36a39a08285ccea0c4cf8
Upload: C:\Windows\system32\spool\DRIVERS\W32X86\3\KOBZVJBG.DLL - 14848 bytes, hash: dd7cd7c9596cb9ba27ebf00e4185ad39
Upload: C:\Windows\assembly\GAC_MSIL\Act.Framework.Messaging\9.1.162.0__ebf6b2ff4d0a08aa\Act.Framework.Messaging.dll - 20480 bytes, hash: bac1cfa984ad4032b5e6106e52bcfe01
Upload: C:\Windows\assembly\GAC_MSIL\Act.Devices.Plugin\9.1.162.0__ebf6b2ff4d0a08aa\Act.Devices.Plugin.dll - 20480 bytes, hash: 33c0b9af62fc609bdc95d6ca85226ddb
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.Dialogs\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Dialogs.dll - 20480 bytes, hash: 0d141ecf59b6d20e3393392049e8cc23
Upload: C:\Program Files\ACT\Act for Windows\Plugins\Act.Devices.UI.Plugin.dll - 20480 bytes, hash: ff7c92f30fd1840e9eab7e35ee28a36d
Upload: C:\Program Files\ACT\ACT for Windows\Plugins\Act.UI.InternetExplorer.Plugins.AttachFile.dll - 24576 bytes, hash: 24e06819ea52aae10185e42c53623533
Upload: C:\Windows\assembly\GAC_MSIL\Act.Shared.Messaging\9.1.162.0__ebf6b2ff4d0a08aa\Act.Shared.Messaging.dll - 24576 bytes, hash: 70f132c1d1872b2e2354cda86aa973a0
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.Remoting.Common\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Remoting.Common.dll - 24576 bytes, hash: 6eb8e89000a24c9ef13cbac5e33b182d
Upload: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Licensing\2ffd8a80bbbb87682c70175f792f7aa3\Act.Shared.Licensing.ni.dll - (highly recommended) 24576 bytes, hash: d1be72475349a93eba5512d3a5d6b042
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.LookupsResources\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.LookupsResources.dll - 24576 bytes, hash: dbbf826930c7f38b42ffac50a8fb8ae9
Upload: C:\Windows\assembly\GAC_MSIL\Act.Shared.Diagnostics\9.1.162.0__ebf6b2ff4d0a08aa\Act.Shared.Diagnostics.dll - 28672 bytes, hash: 0c13392abe05e1c9b9752ba669b8f54b
Upload: C:\Windows\assembly\GAC\Infralution.Common\2.3.0.0__3e7e8e3744a5c13f\Infralution.Common.dll - 28672 bytes, hash: 2ef505eb7fbfa9ca34bc40ba699faf02
Upload: C:\Program Files\ACT\Act for Windows\Plugins\AccountingLinkConversion.dll - 28672 bytes, hash: 56dab87b768559c7313c720b8363fc38
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.Email\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Email.dll - 36864 bytes, hash: c2e2bc932924945a3a5725fd6d3b78c1
Upload: C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll - 40960 bytes, hash: 17baa4f3567f6ba12d5bdabe0f138072
Upload: C:\Windows\assembly\GAC_MSIL\Act.Shared.Utilities\9.1.162.0__ebf6b2ff4d0a08aa\Act.Shared.Utilities.dll - 40960 bytes, hash: fc46f4d05af2f496400220020abc828d
Upload: C:\Windows\assembly\GAC_MSIL\Act.Application.Interop\9.1.162.0__ebf6b2ff4d0a08aa\Act.Application.Interop.dll - 40960 bytes, hash: 09828dab655d28fa779266db6125c4b8
Upload: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\dac7a3d12882c6e0f64e6697cc6b3861\Act.Shared.Diagnostics.ni.dll - (highly recommended) 43008 bytes, hash: f39e0567f8ae18b053606c1d14a6b677
Upload: C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Shared\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll - 49152 bytes, hash: d9c0ce0963fc6c3836e7c1464ef29aac
Upload: C:\Windows\assembly\GAC_MSIL\Act.Framework.Interop\9.1.162.0__ebf6b2ff4d0a08aa\Act.Framework.Interop.dll - 53248 bytes, hash: 8c1347d6d368bf456a378d3e12bf7e39
Upload: C:\Windows\assembly\GAC_MSIL\Act.Shared.Collections\9.1.162.0__ebf6b2ff4d0a08aa\Act.Shared.Collections.dll - 57344 bytes, hash: 020efb5effae6dc1be6df345d31c6dbc
Upload: C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\9.1.162.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll - 61440 bytes, hash: f4fed5b7d624b94ce01f80d6a9553f6e
Upload: C:\Windows\assembly\GAC_MSIL\Act.Shared.Windows.Forms.NotificationItem\9.1.162.0__ebf6b2ff4d0a08aa\Act.Shared.Windows.Forms.NotificationItem.dll - 61440 bytes, hash: 7db4fffee272e8a0667780fcb5000f25
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.Updater\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Updater.dll - 77824 bytes, hash: 172f3ed0e21298188079911ab5ce1fb4
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.ActivityViews.Widgets.TimeSelector\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.ActivityViews.Widgets.TimeSelector.dll - 77824 bytes, hash: a38ea8a51cf596e1842c05213645c1e5
Upload: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Config\093f2cacb8a66c9a1e558a2be0379a10\Act.Shared.Config.ni.dll - (highly recommended) 78848 bytes, hash: 0b6ae901ede798d164e2d787eb04992e
Upload: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\e29c71e79fe033a95004b2fbb75fa520\Act.Shared.Utilities.ni.dll - (highly recommended) 79360 bytes, hash: a03745dc8a436415beb1e33fac8b465a
Upload: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Data.ActDb\baa65b831a2bec583a3b91c96fe62035\Act.Data.ActDb.ni.dll - (highly recommended) 87040 bytes, hash: 80ac3902e7b299245e6417f6bb4c38c6
Upload: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Data\09ae0dac7cabb303313fd193ffc0570f\Act.Data.ni.dll - (highly recommended) 101888 bytes, hash: 04815cd8abedee66fe4197d0fdf3cc10
Upload: C:\Program Files\ACT\ACT for Windows\Act.Office.Addin.dll - 114688 bytes, hash: 4b25ad925362e35fd4bfcfa3d07ff001
Upload: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Collecti#\d35d46561b35a7d604abca81bfa84081\Act.Shared.Collections.ni.dll - (highly recommended) 115712 bytes, hash: 07a73baffdf68be349f79d939c3277dc
Upload: C:\Windows\system32\spool\DRIVERS\W32X86\3\KOBZVJBS.DLL - 128512 bytes, hash: c986c90ba3e1c259c7d7e59bbf2beae8
Upload: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Inter#\3efa43295072cd46369e6a69638ee5fe\Act.Framework.Interop.ni.dll - (highly recommended) 139776 bytes, hash: d52f759b59b86cbbf639c7013ec33e04
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.Activities.Views.Shared\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Activities.Views.Shared.dll - 151552 bytes, hash: ee8dea2e6d97ff77258742077a4e546a
Upload: C:\Windows\assembly\GAC\Infralution.Controls\2.3.0.0__3e7e8e3744a5c13f\Infralution.Controls.dll - 172032 bytes, hash: 3ee6a1aada85df5e5b085b70c5dc5329
Upload: C:\Program Files\ACT\Act for Windows\Plugins\Act.UI.InternetServices.Plugins.dll - 270336 bytes, hash: 6def9239f8f5817f844d1161069150eb
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.Designer.Controls\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Designer.Controls.dll - 290816 bytes, hash: 30ac3fbbe65ddf14290668a174b3ad5c
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.Designer.Conversion\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Designer.Conversion.dll - 311296 bytes, hash: a1af54f7312e126c786c3e205452dd18
Upload: C:\Windows\system32\spool\DRIVERS\W32X86\3\KOBZVJBC.DLL - 329216 bytes, hash: 4ba6928b780a2519dd54e61bcb372c9f
Upload: C:\Windows\assembly\GAC\Infralution.Controls.VirtualTree\2.3.0.0__3e7e8e3744a5c13f\Infralution.Controls.VirtualTree.dll - 356352 bytes, hash: 8d18ede90d2b81bf2d45c3a70b0918fa
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.Calendar.Views\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Calendar.Views.dll - 389120 bytes, hash: 8cc05873726c510978a1c911c42327df
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.Widgets\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Widgets.dll - 405504 bytes, hash: a396bb973ee5d94a4d60e564ac0a326a
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.PickList\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.PickList.dll - 430080 bytes, hash: 5c83e420e760716624ae4931aa663648
Upload: C:\Windows\assembly\GAC_MSIL\Act.Framework.ComponentModel\9.1.162.0__ebf6b2ff4d0a08aa\Act.Framework.ComponentModel.dll - 446464 bytes, hash: 1be4ef0a81f4b34ab0f0bc3a05b30c64
Upload: C:\Windows\system32\spool\DRIVERS\W32X86\3\KOBZVJBX.DLL - 565760 bytes, hash: c4bc341f00cb2e82610e03fb57aa51bd
Upload: C:\Windows\assembly\NativeImages_v2.0.50727_32\C1.Win.C1Spell\f22e8cf773056b4c9289165cb1b1824d\C1.Win.C1Spell.ni.dll - (highly recommended) 585216 bytes, hash: 4840b0f6cae48ec27c99107966d385b5
Upload: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Win32\3a6100641a5eda90e8c01f479a444053\Act.Shared.Win32.ni.dll - (highly recommended) 699392 bytes, hash: 0861f0489e38811e1dfce57ff9441fa4
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.Core\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Core.dll - 704512 bytes, hash: 593727d9d5b769ab018138f2d34842e4
Upload: C:\Windows\assembly\GAC_MSIL\Act.UI.Designer.Layout\9.1.162.0__ebf6b2ff4d0a08aa\Act.UI.Designer.Layout.dll - 733184 bytes, hash: a877730060a81133792d2099422f3d76
Upload: C:\Windows\assembly\GAC_MSIL\Infragistics.Act.Win.UltraWinSchedule\9.1.162.0__ebf6b2ff4d0a08aa\Infragistics.Act.Win.UltraWinSchedule.dll - 868352 bytes, hash: 0339e419b2e20414546fd583c066d6b6
Upload: C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Data.Resources\3b67b170ec84ed76dbde93d605a1e541\Act.Data.Resources.ni.dll - (highly recommended) 945664 bytes, hash: 43cd19d46e9b6c24390fda2f12b84953
Upload: C:\Program Files\ACT\ACT for Windows\Interop.Excel.dll - 946176 bytes, hash: 4f840249171b488082de1c92f7a7a35f
Upload speed - 33 KB/s
Upload finished - 55 uploaded, 0 failed


No infection found.











Malwarebytes' Anti-Malware 1.34
Database version: 1845
Windows 6.0.6001 Service Pack 1

3/13/2009 1:07:33 PM
mbam-log-2009-03-13 (13-07-33).txt

Scan type: Quick Scan
Objects scanned: 73514
Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:25 AM

Posted 13 March 2009 - 02:41 PM

I need you to go to the administration tools in XP. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side and click on System. Then up at the top click on Action and then click on Save Events As, type in system as the file name, make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name, make sure file type EVT is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 luiben

luiben
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 13 March 2009 - 03:09 PM

I'm running Vista.

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:25 AM

Posted 13 March 2009 - 06:57 PM

Sorry about that. The instructions are the same, except save the file as an evtx
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 luiben

luiben
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 14 March 2009 - 07:35 PM

i could not run a report the on System as requested but i took a screen shot and included in this post.

please advise

#8 luiben

luiben
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 14 March 2009 - 09:41 PM

forgot to upload

Attached Files


Edited by luiben, 14 March 2009 - 09:41 PM.


#9 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:25 AM

Posted 16 March 2009 - 04:18 PM

I am sorry to have left you hanging this weekend. I am having a cat5e cable problem. I have a real ugly fix right now so I can do some catch up and let people know I didn't abandon them intentionally. I won't be able to post again until March 17 at about 5PM East Coast USA time (UCT -4).

Sorry for any inconvenience.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#10 luiben

luiben
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 March 2009 - 08:01 AM

ComboFix 09-03-15.01 - Luis Goyeneche 2009-03-17 8:33:54.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.350 [GMT -4:00]
Running from: c:\users\Luis Goyeneche\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.

2009-03-16 07:53 . 2009-03-16 07:53 <DIR> d--hs---- C:\found.004
2009-03-13 12:51 . 2009-03-13 12:51 <DIR> d-------- c:\users\Luis Goyeneche\AppData\Roaming\Malwarebytes
2009-03-13 12:51 . 2009-03-13 12:51 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-13 12:51 . 2009-03-13 12:51 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-13 12:51 . 2009-03-13 12:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 12:51 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-13 12:51 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-11 11:06 . 2008-06-19 21:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-11 11:06 . 2008-06-19 21:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-11 11:06 . 2008-06-19 21:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-11 11:06 . 2008-06-19 21:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-11 11:06 . 2008-06-19 21:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-11 11:06 . 2008-06-19 21:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-11 11:05 . 2008-06-19 21:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-11 11:05 . 2008-06-19 21:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-11 10:51 . 2008-07-27 14:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-11 10:51 . 2008-07-27 14:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-11 10:51 . 2008-07-27 14:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-11 10:50 . 2008-07-27 14:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-11 10:50 . 2008-07-27 14:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-11 09:07 . 2008-12-16 01:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 09:06 . 2008-12-15 23:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 09:06 . 2009-02-08 23:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 09:06 . 2008-11-27 00:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 09:06 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 09:06 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-05 14:01 . 2009-03-05 14:01 <DIR> d-------- c:\users\Luis Goyeneche\AppData\Roaming\Ulead Systems
2009-02-26 13:13 . 2009-02-26 13:13 <DIR> d-------- c:\users\Luis Goyeneche\AppData\Roaming\Research In Motion
2009-02-26 13:00 . 2009-02-26 13:01 <DIR> d-------- c:\program files\Roxio
2009-02-26 13:00 . 2009-02-26 13:06 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2009-02-26 12:53 . 2009-02-26 12:53 <DIR> d-------- c:\program files\Research In Motion
2009-02-26 12:53 . 2009-02-26 12:54 <DIR> d-------- c:\program files\Common Files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 12:06 --------- d-----w c:\programdata\Google Updater
2009-03-11 15:46 --------- d-----w c:\program files\Windows Mail
2009-03-11 15:27 --------- d-----w c:\program files\Microsoft SQL Server
2009-03-11 14:49 --------- d-----w c:\programdata\Microsoft Help
2009-03-06 13:01 --------- d-----w c:\program files\Java
2009-02-26 17:06 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-02-26 17:02 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-02-26 17:01 --------- d-----w c:\programdata\Roxio
2009-02-26 16:03 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 18:26 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-12 17:53 --------- d-----w c:\programdata\Avg8
2009-02-06 16:46 16 ---h--w c:\users\Luis Goyeneche\SyncToy_25860451-f17c-46bb-a165-7e27a137d6ae.dat
2009-02-06 16:44 --------- d-----w c:\program files\SyncToy 2.0
2009-02-06 16:43 --------- d-----w c:\program files\Microsoft Sync Framework
2009-01-20 15:20 --------- d-----w c:\users\Luis Goyeneche\AppData\Roaming\Blackberry Desktop
2008-12-16 15:12 61,224 ----a-w c:\users\Luis Goyeneche\GoToAssistDownloadHelper.exe
2008-05-29 15:33 174 --sha-w c:\program files\desktop.ini
2008-04-03 15:44 952 --sha-w c:\users\All Users\KGyGaAvL.sys
2008-04-03 15:44 952 --sha-w c:\programdata\KGyGaAvL.sys
2008-03-24 14:46 88 --sh--r c:\users\All Users\1BD664DF3C.sys
2008-03-24 14:46 88 --sh--r c:\programdata\1BD664DF3C.sys
2006-12-01 19:54 262,144 ----a-w c:\programdata\ntuser.dat
2007-11-21 14:29 131,584 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-12-04 00:58 864,768 ----a-w c:\program files\mozilla firefox\components\pbgk1_8.dll
2007-07-19 23:11 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-07-19 23:11 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-19 23:11 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-11-15 14:49 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-15 14:49 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-15 14:49 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-04-08 17:57 88 --sh--r c:\windows\System32\1BD664DF3C.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 21:03 2854912 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 21:03 2854912 --a------ c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Google Update"="c:\users\Luis Goyeneche\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-02 409264]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-11-20 446128]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 316728]
"Act.Outlook.Service"="c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe" [2007-03-28 9728]
"Act! Preloader"="c:\program files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 1015808]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-12 1601304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-08-26 25214]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-10-02 1283608]
QuickBooks Database Server Manager.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe [2008-10-22 156960]
QuickBooks Web Connector.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe [2008-02-15 300320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 20:50 90112 c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AE2932DB-D085-4250-8310-C2DC7E8DAA2C}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{53C6FBED-4242-42DA-8F75-2A2D401E2ACE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F5CE9506-E110-453A-A812-4895E3AD222D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ADF6937F-B833-4FC1-AD27-73492880E4AB}"= UDP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{E2AFBBDA-C934-4868-91C2-630D400927E1}"= TCP:c:\program files\Grisoft\AVG Free\avginet.exe:avginet.exe
"{3041526F-CE46-4872-9EF9-4B43A51A00CB}"= UDP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{5E5B6446-5B2D-4F48-867E-B0A78D1F5709}"= TCP:c:\program files\Grisoft\AVG Free\avgamsvr.exe:avgamsvr.exe
"{9948DF88-AA9F-494D-98D2-5EC197ABB8B6}"= UDP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{D5EAA57B-3356-4D73-9C28-96CF8DDCFC43}"= TCP:c:\program files\Grisoft\AVG Free\avgcc.exe:avgcc.exe
"{03EF680B-7C83-4306-9EEE-BC9D54E9C244}"= UDP:c:\windows\System32\lxdccoms.exe:Lexmark Communications System
"{CD0CCDDC-AAAC-49A5-9AB4-24C671A41872}"= TCP:c:\windows\System32\lxdccoms.exe:Lexmark Communications System
"{A1EE666D-10EA-4477-9403-D3C1832C9534}"= UDP:c:\program files\Lexmark 1300 Series\lxdcamon.exe:Lexmark Device Monitor
"{9AB11639-B2FD-40DC-9352-C09ABF71B564}"= TCP:c:\program files\Lexmark 1300 Series\lxdcamon.exe:Lexmark Device Monitor
"{7DCAC162-F455-4A45-A6BC-545FC5A884C2}"= UDP:c:\program files\Lexmark 1300 Series\App4R.exe:Lexmark Imaging Studio
"{D0E1E792-B0F5-4F1F-A942-2E2F6125351D}"= TCP:c:\program files\Lexmark 1300 Series\App4R.exe:Lexmark Imaging Studio
"{1DE26337-92AD-455B-A558-C6CBE9AE1756}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdctime.exe:
"{1E62F902-195F-4EEA-8231-59BE22D77D55}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdctime.exe:
"{78AEC138-AD55-4740-A307-0CE3BA6BFDD5}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdcpswx.exe:
"{C25F1CCA-263F-4DEC-9B50-7161C35D3559}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdcpswx.exe:
"TCP Query User{D995C60A-FB66-4AAD-8D57-CE693AB460C8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{78DE8897-711E-490A-B371-ACE3B843F01E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{733F60AE-9E41-446F-925A-C6344BAB1730}"= UDP:c:\windows\System32\lxdccoms.exe:1300 Series Server
"{2CB6C4C2-597F-45E7-822E-ABF0788E0918}"= TCP:c:\windows\System32\lxdccoms.exe:1300 Series Server
"TCP Query User{5A9AC256-6521-4761-9984-89D82477E9EE}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= UDP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"UDP Query User{DDEE61C4-2AE9-49A8-82D6-83865BD15B25}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= TCP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"TCP Query User{AE3EE7A9-551A-4DD5-8052-9265769D6604}c:\\program files\\act\\act for windows\\actsage.exe"= UDP:c:\program files\act\act for windows\actsage.exe:ACT! by Sage
"UDP Query User{339847E2-C867-4F87-B0E2-C5996F301FA8}c:\\program files\\act\\act for windows\\actsage.exe"= TCP:c:\program files\act\act for windows\actsage.exe:ACT! by Sage
"{EC5CDF60-681E-4BF2-981B-38622DC10A2A}"= UDP:c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:sqlservr
"{E5DC0CFD-D4C3-4924-B505-49B8675F2E1C}"= TCP:c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:sqlservr
"{25F965A3-F523-4DBF-8A69-F2DA789BBB90}"= UDP:c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:sqlbrowser
"{58F6AF68-4614-46EC-96B6-D5D270B8D5BA}"= TCP:c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:sqlbrowser
"{01834A45-5E9C-4951-9818-CB037CF7EDE7}"= UDP:c:\program files\ACT\Act for Windows\Act9.exe:Act9
"{C0265EF8-059E-418D-8280-FD1BB4A3C7D1}"= TCP:c:\program files\ACT\Act for Windows\Act9.exe:Act9
"{9A024DB8-9C4A-435C-8070-7A0723CDFE9F}"= UDP:c:\program files\TOSHIBA\Utilities\TACSPROP.exe:Accessibility
"{ED88D031-4DED-4F5C-A1D1-FF0B8784CA59}"= TCP:c:\program files\TOSHIBA\Utilities\TACSPROP.exe:Accessibility
"{9FD5B25C-F943-4EDC-9212-F56E9165906A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{F6827153-CF7E-4891-AF73-C3316CD8F892}c:\\users\\luis goyeneche\\appdata\\local\\temp\\lmi8c5f.tmp\\lmi_rescue.exe"= UDP:c:\users\luis goyeneche\appdata\local\temp\lmi8c5f.tmp\lmi_rescue.exe:LogMeIn Rescue
"UDP Query User{ACD693CF-BFA2-4436-B0E7-85CF8FA8C808}c:\\users\\luis goyeneche\\appdata\\local\\temp\\lmi8c5f.tmp\\lmi_rescue.exe"= TCP:c:\users\luis goyeneche\appdata\local\temp\lmi8c5f.tmp\lmi_rescue.exe:LogMeIn Rescue
"TCP Query User{174729AE-CB8E-49FB-83B4-DADB62D1AAC6}c:\\users\\luis goyeneche\\appdata\\local\\temp\\lmi281f.tmp\\lmi_rescue.exe"= UDP:c:\users\luis goyeneche\appdata\local\temp\lmi281f.tmp\lmi_rescue.exe:lmi_rescue.exe
"UDP Query User{4CE72981-6AA1-4667-8AAA-759162FCCD71}c:\\users\\luis goyeneche\\appdata\\local\\temp\\lmi281f.tmp\\lmi_rescue.exe"= TCP:c:\users\luis goyeneche\appdata\local\temp\lmi281f.tmp\lmi_rescue.exe:lmi_rescue.exe
"{4A7814BC-71A0-457B-BCD6-5E4C15DD34D4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F47C054-B0F2-4C01-B160-35CB660336DF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A09DFF78-01B4-496A-A9C9-6505EB7559B0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6334CFBD-B91C-49A4-BE7E-84622C5048AC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B4E7C7C2-155D-4BF9-8732-B34F36E789BE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3046DE6C-027C-4D0D-9530-DF1E8B4FC730}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\System32\drivers\Thpdrv.sys [2007-02-08 16896]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\System32\drivers\Thpevm.sys [2007-02-07 6528]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-05-28 325128]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-12 298264]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1.0\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1.0\QBDBMgrN.exe -hvQuickBooksDB17 [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-04-17 810320]
R3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2);c:\windows\System32\drivers\idcphid.sys [2008-12-11 16256]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-12-01 29744]
S3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\System32\drivers\ser2rs.sys [2007-06-25 76288]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28b0bc59-71ab-11dc-82fe-0015b7993252}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac42540d-f91b-11dd-ae51-0015b7993252}]
\shell\AutoRun\command - g:\win\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1906704147-3469129245-2465860851-1000.job
- c:\users\Luis Goyeneche\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-11 08:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Luis Goyeneche\AppData\Roaming\Mozilla\Firefox\Profiles\izqsbc06.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\Luis Goyeneche\AppData\Roaming\Mozilla\Firefox\Profiles\izqsbc06.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\BDQScan.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\users\Luis Goyeneche\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\users\Luis Goyeneche\AppData\Roaming\Mozilla\Firefox\Profiles\izqsbc06.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 08:48:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(4972)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\System32\lxdccoms.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\Intuit\QUICKB~1.0\QBDBMgrN.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\System32\ThpSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\ThpSrv.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-03-17 8:53:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-17 12:53:16

Pre-Run: 95,278,444,544 bytes free
Post-Run: 94,913,425,408 bytes free

285 --- E O F --- 2009-03-13 15:18:30

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:25 AM

Posted 17 March 2009 - 10:48 AM

Go to the start button and then to the run command and type in sfc /scannow You may need to insert your windows XP disk for the repair to finish.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 luiben

luiben
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 March 2009 - 11:14 AM

I'm running Vista.

I typed sfc /scannow in the command line. I don't think anything happened.

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:25 AM

Posted 17 March 2009 - 11:27 AM

1/ Click the Start button

2/ From the Start Menu, Click All programs followed by Accessories

3/ In the Accessories menu, Right Click on the Command Prompt option

4/ From the drop down menu that appears, Click on the 'Run as administrator' option

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter

7/ A message will appear stating that 'the system scan will begin'

8/ Be patient because the scan may take some time

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue

10/ If everything is okay you should, after the scan, see the following message "Windows resource protection did not find any integrity violations"

11/ After the scan has completed, Close the command prompt window
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#14 luiben

luiben
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 March 2009 - 01:28 PM

Windows resource protection did not find any integrity violations

#15 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:25 AM

Posted 17 March 2009 - 03:58 PM

Go back into the event viewer as above, and right click on each of the viewer logs on the left and select clear log. Then when that is done, close the event viewer and go to the run command and type in msconfig. When the window pops up, select selective startup, and then uncheck the button for startup programs, then click apply then reboot. While windows is rebooting, disconnect your internet physically. Then after the computer has restarted, check to see if you can startup and scan with AVG, as well as check how the computer is responding. Then run msconfig again and click full startup. Reconnect the internet while its rebooting, and then let me know how it is running. Both with the startup programs not running, and then again with them on again.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users