Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PrcViewer will not uninstall


  • Please log in to reply
9 replies to this topic

#1 DeeEgo

DeeEgo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 15 March 2009 - 09:49 PM

I was recently infected by the Heur Virus and McAfee was not able to remove it. I eventually downloaded a trial version of AVG and that seemed to take care of it. Now McAfee keeps giving me messages about uninstalling PrcViewer everytime I log onto my computer. Also, my computer is extremely slower now.

Did I get infected with ANOTHER virus!

Please help.
I attached my HijackThis log below.

Thanks in advance,
Anthony


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:16, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\YPSR\ypsr.exe
C:\Documents and Settings\A. Anthony Dee\Local Settings\Temporary Internet Files\Content.IE5\6YYD6O8K\mvtapp[1].exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn3\YTBSDK.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: (no name) - {605B3D3F-4F33-41D0-BA27-98238E1E839F} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: TBSB07396 - {D7ADF7C1-14FB-4110-B2DF-187884CAC12A} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm069YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\A1278~1.ANT\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14782 bytes

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:19 AM

Posted 21 March 2009 - 06:59 AM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

After running ComboFix, please post the ComboFix log as a reply to this

#3 DeeEgo

DeeEgo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 24 March 2009 - 12:21 AM

Lawrence,

Thank you for replying. Here is the log I received after running ComboFix:
--------------------------------------------------------------------------------------

ComboFix 09-03-22.01 - A. Anthony Dee 2009-03-23 23:58:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1305 [GMT -5:00]
Running from: c:\documents and settings\A. Anthony Dee\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\A. Anthony Dee\Application Data\FunWebProducts
c:\documents and settings\A. Anthony Dee\Application Data\inst.exe
c:\program files\Internet Explorer\msimg32.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_new_drv


((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-15 20:59 . 2009-03-15 20:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-15 19:12 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-15 19:12 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-15 00:33 . 2009-03-15 00:33 <DIR> d-------- c:\documents and settings\A. Anthony Dee\Application Data\McAfee
2009-03-13 22:15 . 2009-03-18 22:34 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-13 22:01 . 2009-03-23 15:19 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-13 22:01 . 2009-03-13 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-13 22:01 . 2009-03-13 22:01 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-13 22:01 . 2009-03-23 15:19 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-13 22:01 . 2009-03-13 22:01 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-03-13 22:01 . 2009-03-13 22:01 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-13 22:00 . 2009-03-13 22:00 <DIR> d-------- c:\program files\AVG
2009-03-13 22:00 . 2009-03-13 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-13 22:00 . 2009-03-13 22:00 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-03-13 22:00 . 2009-03-13 22:00 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-03-12 23:23 . 2009-03-12 23:23 <DIR> d-------- C:\McAfeeVS
2009-03-11 21:02 . 2009-03-11 21:02 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-11 18:22 . 2005-05-13 00:21 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-03-11 18:22 . 2005-05-13 01:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2009-03-11 18:22 . 2005-05-13 01:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba
2009-03-11 18:22 . 2005-05-13 01:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit
2009-03-11 18:22 . 2005-05-13 00:38 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterTrust
2009-03-11 18:22 . 2005-12-13 06:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel
2009-03-11 18:22 . 2005-08-18 19:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2009-03-11 18:22 . 2009-03-13 22:01 <DIR> d-------- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 04:07 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\U3
2009-03-12 02:02 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-28 10:07 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\uTorrent
2009-02-21 22:21 --------- d-----w c:\program files\America Online 9.0a
2009-02-18 18:48 --------- d-----w c:\program files\CCleaner
2009-02-13 02:24 --------- d-----w c:\program files\Google
2009-02-04 12:55 --------- d-----w c:\documents and settings\LocalService\Application Data\Roxio
2009-02-04 12:55 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\Roxio
2009-02-04 12:51 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\Blackberry Desktop
2009-02-04 12:44 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\Research In Motion
2009-02-04 09:03 --------- d-----w c:\program files\Roxio
2009-02-04 09:02 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-02-04 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-02-04 08:54 --------- d-----w c:\program files\Research In Motion
2009-02-04 08:54 --------- d-----w c:\program files\Common Files\Research In Motion
2009-02-03 06:12 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-03 06:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-03 06:11 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\SUPERAntiSpyware.com
2009-02-01 03:43 --------- d-----w c:\program files\McAfee
2009-01-24 07:43 --------- d-----w c:\program files\Yahoo!
2008-01-04 16:39 47,360 ----a-w c:\documents and settings\A. Anthony Dee\Application Data\pcouffin.sys
2006-06-17 08:25 7,040 -c--a-w c:\documents and settings\All Users\Application Data\ypinfo.bin
2003-11-03 04:52 301,321 -c--a-w c:\documents and settings\All Users\Office 2003 Editions 60 Day Trial.exe
2008-08-11 05:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081120080812\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7ADF7C1-14FB-4110-B2DF-187884CAC12A}]
2008-05-15 16:18 1920120 --a------ c:\program files\Freeze.com Toolbar\freeze_us.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-21 615696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-13 1932568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-04-25 423184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 14:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-13 22:01 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ivimp3en"= ivimp3en.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-13 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-13 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-13 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-13 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-13 1356616]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-11-17 203280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-11-20 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-13 29208]
S1 rxp;rxp;\??\c:\windows\system32\drivers\rxp.sys --> c:\windows\system32\drivers\rxp.sys [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\A1278~1.ANT\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\A1278~1.ANT\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-13 29208]
S3 PALPROCT;PALPROCT;c:\progra~1\PCPAL\GTACTION\TRIGGERS\PALPROCT.sys [2006-11-09 4864]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4778f5e0-cef2-11dd-8e07-00038a000015}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e492637b-b7e8-11db-8d24-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-18 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 19:12]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2009-03-09 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2009-03-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{605B3D3F-4F33-41D0-BA27-98238E1E839F} - (no file)


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm069YYUS
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: antimalwareguard.com
Trusted Zone: antispyexpert.com
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: spyguardpro.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusremover2008.com
Trusted Zone: virusschlacht.com
Trusted Zone: yahoo.com
Trusted Zone: antimalwareguard.com
Trusted Zone: antispyexpert.com
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: spyguardpro.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusremover2008.com
Trusted Zone: virusschlacht.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 00:07:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1257585048-356672946-3724109966-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8CD53FE-1A8B-0288-97B6-95E5471FEBB7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhbnfekpeidpccioblakcgkobfomngfbn"=hex:61,61,00,00
"bbhbnfekpeidpcciobabhhlcglpdbennnldl"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1368)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3204)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\progra~1\McAfee\VirusScan\mcsysmon.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2009-03-24 0:13:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-24 05:13:07

Pre-Run: 28,196,048,896 bytes free
Post-Run: 28,184,764,416 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

310 --- E O F --- 2009-03-23 20:20:54


--------------------------------------------------------------------------------------
Thanks,
Anthony

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:19 AM

Posted 24 March 2009 - 07:56 AM

First,


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O15 - Trusted Zone: antimalwareguard.com
O15 - Trusted Zone: antispyexpert.com
O15 - Trusted Zone: avsystemcare.com
O15 - Trusted Zone: gomyhit.com
O15 - Trusted Zone: imageservr.com
O15 - Trusted Zone: internet
O15 - Trusted Zone: mcafee.com
O15 - Trusted Zone: onerateld.com
O15 - Trusted Zone: safetydownload.com
O15 - Trusted Zone: spyguardpro.com
O15 - Trusted Zone: storageguardsoft.com
O15 - Trusted Zone: trustedantivirus.com
O15 - Trusted Zone: virusremover2008.com
O15 - Trusted Zone: virusschlacht.com
O15 - Trusted Zone: yahoo.com
O15 - Trusted Zone: antimalwareguard.com
O15 - Trusted Zone: antispyexpert.com
O15 - Trusted Zone: avsystemcare.com
O15 - Trusted Zone: gomyhit.com
O15 - Trusted Zone: imageservr.com
O15 - Trusted Zone: onerateld.com
O15 - Trusted Zone: safetydownload.com
O15 - Trusted Zone: spyguardpro.com
O15 - Trusted Zone: storageguardsoft.com
O15 - Trusted Zone: trustedantivirus.com
O15 - Trusted Zone: virusremover2008.com
O15 - Trusted Zone: virusschlacht.com

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.


Next,

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

Anything elated to Freeze.com
Freeze.com Toolbar

According to siteadvisor.com they are know for bundling adware with their products.

Finally,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Suspect::[3]
c:\documents and settings\All Users\Application Data\ypinfo.bin

Driver::
SessionLauncher

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]


RegLock::
[HKEY_USERS\S-1-5-21-1257585048-356672946-3724109966-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8CD53FE-1A8B-0288-97B6-95E5471FEBB7}*]


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#5 DeeEgo

DeeEgo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 25 March 2009 - 12:01 AM

Lawrence,

Here the latest combofix file

_______________________________

ComboFix 09-03-22.01 - A. Anthony Dee 2009-03-24 23:35:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1357 [GMT -5:00]
Running from: c:\documents and settings\A. Anthony Dee\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\A. Anthony Dee\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SESSIONLAUNCHER
-------\Service_SessionLauncher


((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-15 20:59 . 2009-03-15 20:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-15 19:12 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-15 19:12 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-15 00:33 . 2009-03-15 00:33 <DIR> d-------- c:\documents and settings\A. Anthony Dee\Application Data\McAfee
2009-03-13 22:15 . 2009-03-18 22:34 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-13 22:01 . 2009-03-24 14:35 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-13 22:01 . 2009-03-13 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-13 22:01 . 2009-03-13 22:01 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-13 22:01 . 2009-03-23 15:19 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-13 22:01 . 2009-03-13 22:01 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-03-13 22:01 . 2009-03-13 22:01 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-13 22:00 . 2009-03-13 22:00 <DIR> d-------- c:\program files\AVG
2009-03-13 22:00 . 2009-03-13 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-13 22:00 . 2009-03-13 22:00 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-03-13 22:00 . 2009-03-13 22:00 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-03-12 23:23 . 2009-03-12 23:23 <DIR> d-------- C:\McAfeeVS
2009-03-11 21:02 . 2009-03-11 21:02 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-11 18:22 . 2005-05-13 00:21 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-03-11 18:22 . 2005-05-13 01:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2009-03-11 18:22 . 2005-05-13 01:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba
2009-03-11 18:22 . 2005-05-13 01:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit
2009-03-11 18:22 . 2005-05-13 00:38 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterTrust
2009-03-11 18:22 . 2005-12-13 06:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel
2009-03-11 18:22 . 2005-08-18 19:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2009-03-11 18:22 . 2009-03-13 22:01 <DIR> d-------- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 23:01 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\uTorrent
2009-03-13 04:07 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\U3
2009-03-12 02:02 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-21 22:21 --------- d-----w c:\program files\America Online 9.0a
2009-02-18 18:48 --------- d-----w c:\program files\CCleaner
2009-02-13 02:24 --------- d-----w c:\program files\Google
2009-02-04 12:55 --------- d-----w c:\documents and settings\LocalService\Application Data\Roxio
2009-02-04 12:55 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\Roxio
2009-02-04 12:51 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\Blackberry Desktop
2009-02-04 12:44 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\Research In Motion
2009-02-04 09:03 --------- d-----w c:\program files\Roxio
2009-02-04 09:02 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-02-04 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-02-04 08:54 --------- d-----w c:\program files\Research In Motion
2009-02-04 08:54 --------- d-----w c:\program files\Common Files\Research In Motion
2009-02-03 06:12 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-03 06:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-03 06:11 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\SUPERAntiSpyware.com
2009-02-01 03:43 --------- d-----w c:\program files\McAfee
2008-01-04 16:39 47,360 ----a-w c:\documents and settings\A. Anthony Dee\Application Data\pcouffin.sys
2006-06-17 08:25 7,040 -c--a-w c:\documents and settings\All Users\Application Data\ypinfo.bin
2003-11-03 04:52 301,321 -c--a-w c:\documents and settings\All Users\Office 2003 Editions 60 Day Trial.exe
2008-08-11 05:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081120080812\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-24_ 0.11.46.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-24 04:56:45 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-25 00:01:14 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-24 04:56:45 32,768 -c----w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-25 00:01:14 32,768 -c----w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-24 04:56:45 32,768 -c----w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-25 00:01:14 32,768 -c----w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-21 615696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-13 1932568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-04-25 423184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 14:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-13 22:01 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ivimp3en"= ivimp3en.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-13 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-13 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-13 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-13 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-13 1356616]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-11-17 203280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-11-20 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-13 29208]
S1 rxp;rxp;\??\c:\windows\system32\drivers\rxp.sys --> c:\windows\system32\drivers\rxp.sys [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-13 29208]
S3 PALPROCT;PALPROCT;c:\progra~1\PCPAL\GTACTION\TRIGGERS\PALPROCT.sys [2006-11-09 4864]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4778f5e0-cef2-11dd-8e07-00038a000015}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a711f1a-0f84-11de-8e3e-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a5d3224-f901-11da-ab9a-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e492637b-b7e8-11db-8d24-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-18 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 19:12]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2009-03-09 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2009-03-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm069YYUS
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: yahoo.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 23:45:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1257585048-356672946-3724109966-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8CD53FE-1A8B-0288-97B6-95E5471FEBB7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhbnfekpeidpccioblakcgkobfomngfbn"=hex:61,61,00,00
"bbhbnfekpeidpcciobabhhlcglpdbennnldl"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1368)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\progra~1\McAfee\MSC\mcupdmgr.exe
.
**************************************************************************
.
Completion time: 2009-03-24 23:50:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-25 04:50:11
ComboFix2.txt 2009-03-24 05:13:22

Pre-Run: 27,973,742,592 bytes free
Post-Run: 28,007,395,328 bytes free

278 --- E O F --- 2009-03-24 19:46:17


_________________________________________
Thanks,
Anthony

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:19 AM

Posted 25 March 2009 - 08:50 AM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Regnull::
[HKEY_USERS\S-1-5-21-1257585048-356672946-3724109966-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8CD53FE-1A8B-0288-97B6-95E5471FEBB7}*]


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#7 DeeEgo

DeeEgo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 25 March 2009 - 02:57 PM

Lawrence,

Here the latest combofox file:
________________________________________


ComboFix 09-03-23.01 - A. Anthony Dee 2009-03-25 14:46:52.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1367 [GMT -5:00]
Running from: c:\documents and settings\A. Anthony Dee\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\A. Anthony Dee\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-15 20:59 . 2009-03-15 20:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-15 19:12 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-15 19:12 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-15 00:33 . 2009-03-15 00:33 <DIR> d-------- c:\documents and settings\A. Anthony Dee\Application Data\McAfee
2009-03-13 22:15 . 2009-03-18 22:34 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-13 22:01 . 2009-03-25 14:37 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-13 22:01 . 2009-03-13 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-13 22:01 . 2009-03-13 22:01 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-13 22:01 . 2009-03-23 15:19 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-13 22:01 . 2009-03-13 22:01 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-03-13 22:01 . 2009-03-13 22:01 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-13 22:00 . 2009-03-13 22:00 <DIR> d-------- c:\program files\AVG
2009-03-13 22:00 . 2009-03-13 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-13 22:00 . 2009-03-13 22:00 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-03-13 22:00 . 2009-03-13 22:00 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-03-12 23:23 . 2009-03-12 23:23 <DIR> d-------- C:\McAfeeVS
2009-03-11 21:02 . 2009-03-11 21:02 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-11 18:22 . 2005-05-13 00:21 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-03-11 18:22 . 2005-05-13 01:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2009-03-11 18:22 . 2005-05-13 01:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba
2009-03-11 18:22 . 2005-05-13 01:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit
2009-03-11 18:22 . 2005-05-13 00:38 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterTrust
2009-03-11 18:22 . 2005-12-13 06:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel
2009-03-11 18:22 . 2005-08-18 19:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2009-03-11 18:22 . 2009-03-13 22:01 <DIR> d-------- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 19:36 --------- d-----w c:\documents and settings\NetworkService\Application Data\SACore
2009-03-24 23:01 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\uTorrent
2009-03-13 04:07 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\U3
2009-03-12 02:02 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-21 22:21 --------- d-----w c:\program files\America Online 9.0a
2009-02-18 18:48 --------- d-----w c:\program files\CCleaner
2009-02-13 02:24 --------- d-----w c:\program files\Google
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\win32k.sys
2009-02-04 12:55 --------- d-----w c:\documents and settings\LocalService\Application Data\Roxio
2009-02-04 12:55 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\Roxio
2009-02-04 12:51 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\Blackberry Desktop
2009-02-04 12:44 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\Research In Motion
2009-02-04 09:03 --------- d-----w c:\program files\Roxio
2009-02-04 09:02 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-02-04 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2009-02-04 08:54 --------- d-----w c:\program files\Research In Motion
2009-02-04 08:54 --------- d-----w c:\program files\Common Files\Research In Motion
2009-02-03 06:12 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-03 06:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-03 06:11 --------- d-----w c:\documents and settings\A. Anthony Dee\Application Data\SUPERAntiSpyware.com
2009-02-01 03:43 --------- d-----w c:\program files\McAfee
2008-01-04 16:39 47,360 ----a-w c:\documents and settings\A. Anthony Dee\Application Data\pcouffin.sys
2006-06-17 08:25 7,040 -c--a-w c:\documents and settings\All Users\Application Data\ypinfo.bin
2003-11-03 04:52 301,321 -c--a-w c:\documents and settings\All Users\Office 2003 Editions 60 Day Trial.exe
2008-08-11 05:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081120080812\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-24_ 0.11.46.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-24 04:56:45 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-25 19:40:57 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-24 04:56:45 32,768 -c----w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-25 19:40:57 32,768 -c----w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-21 615696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-13 1932568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-04-25 423184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 14:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-13 22:01 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ivimp3en"= ivimp3en.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-13 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-13 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-13 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-13 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-13 1356616]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-11-17 203280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-11-20 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-13 29208]
S1 rxp;rxp;\??\c:\windows\system32\drivers\rxp.sys --> c:\windows\system32\drivers\rxp.sys [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-13 29208]
S3 PALPROCT;PALPROCT;c:\progra~1\PCPAL\GTACTION\TRIGGERS\PALPROCT.sys [2006-11-09 4864]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4778f5e0-cef2-11dd-8e07-00038a000015}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a711f1a-0f84-11de-8e3e-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a5d3224-f901-11da-ab9a-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e492637b-b7e8-11db-8d24-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-18 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 19:12]

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2009-03-09 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2009-03-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm069YYUS
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: yahoo.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 14:50:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1368)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2009-03-25 14:53:24
ComboFix-quarantined-files.txt 2009-03-25 19:53:20
ComboFix2.txt 2009-03-25 04:50:19
ComboFix3.txt 2009-03-24 05:13:22

Pre-Run: 27,871,449,088 bytes free
Post-Run: 27,853,180,928 bytes free

239 --- E O F --- 2009-03-25 19:39:13

________________________________________________
Thanks,
Anthony

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:19 AM

Posted 25 March 2009 - 03:33 PM

Looks good. Are you still getting the error message?

#9 DeeEgo

DeeEgo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 25 March 2009 - 03:40 PM

so far everything seems to be fine. Thank you for all of your help Lawrence.

Kindest regard,
Anthony

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:19 AM

Posted 25 March 2009 - 03:48 PM

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here for your particular Windows Version:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

or

Windows Vista System Restore Guide


Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


I am closing this topic. Please message a moderator if you need it reopened.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users