Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty sure I have some form of malware...


  • This topic is locked This topic is locked
1 reply to this topic

#1 Glliw

Glliw

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 22 September 2009 - 07:05 PM

Hey guys, hate to ask for help on my first post, but kinda in a bind here. My computer is running fine from what I can tell, but I was going to do a hijackthis log but it would only load, start the scan, and then crash and seemingly uninstall. I figured this might have been a configuration issue with my computer, so i tried using malwarebytes, runscanner, and rsit. All with the same result. AVG, ccleaner, avira, and avast work fine though, but don't come up with anything.

Kinda at a loss here as to what might be causing this...hoping you guys could help.

Thanks, Will

EDIT: I was able to get a combofix log done thanks to some help on another forum..here's that if it helps.

ComboFix 09-09-22.02 - Administrator 09/22/2009 20:22.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2736 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\HijackThis.exe
c:\program files\driver
c:\windows\msa.exe
c:\windows\msb.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))
.

2009-09-22 22:12 . 2009-09-22 22:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Runscanner.net
2009-09-22 22:11 . 2009-09-22 22:12 -------- d-----w- C:\Runscanner
2009-09-22 22:10 . 2009-09-22 22:10 -------- d-----w- C:\rsit
2009-09-22 21:26 . 2009-09-22 21:29 -------- d-----w- c:\program files\Darkest of Days
2009-09-22 21:23 . 2009-09-22 21:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-22 21:23 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 21:23 . 2009-09-22 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-22 21:23 . 2009-09-22 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 21:23 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 19:18 . 2009-09-22 19:18 -------- d-----w- c:\program files\fumble
2009-09-22 19:14 . 2009-09-22 22:10 -------- d-----w- c:\program files\Trend Micro
2009-09-22 16:26 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-22 16:26 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-22 16:26 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-22 16:26 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-22 16:26 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-22 16:26 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-22 16:26 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-22 16:26 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-22 16:26 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-22 16:26 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-22 16:26 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-09-22 16:26 . 2009-09-22 16:26 -------- d-----w- c:\program files\Alwil Software
2009-09-22 16:23 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-22 16:23 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-22 16:23 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-22 16:23 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-22 16:23 . 2009-09-22 16:23 -------- d-----w- c:\program files\Avira
2009-09-22 16:23 . 2009-09-22 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-22 16:17 . 2009-09-22 16:17 -------- d-----w- c:\program files\CCleaner
2009-09-22 16:08 . 2009-09-22 16:08 105400 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-22 15:55 . 2009-09-22 15:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-09-22 03:48 . 2009-09-22 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\SolidWorks
2009-09-22 03:37 . 2009-09-22 03:37 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-22 03:37 . 2009-09-22 03:37 -------- d-----w- C:\Solidworks Data
2009-09-22 03:31 . 2009-09-22 19:25 0 ----a-r- c:\windows\win32k.sys
2009-09-22 03:27 . 2009-09-22 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\EDrawings
2009-09-22 03:14 . 2009-09-22 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-09-22 03:11 . 2008-02-11 19:55 586240 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-09-22 03:11 . 2009-09-22 03:11 -------- d-----w- c:\program files\Common Files\Aladdin Shared
2009-09-22 03:11 . 2008-03-19 16:30 2558464 ----a-w- c:\windows\system32\hasplms.exe
2009-09-22 03:11 . 2008-03-19 16:30 2558464 ----a-w- c:\windows\system32\aksllmtp.exe
2009-09-22 03:11 . 2008-03-18 19:09 350720 ----a-w- c:\windows\system32\drivers\aksfridge.sys
2009-09-22 03:11 . 2009-09-22 03:11 -------- d-----w- c:\windows\system32\RNBOSENT
2009-09-22 03:11 . 1999-07-20 09:38 73216 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2009-09-22 03:11 . 1999-07-20 09:38 47616 ----a-w- c:\windows\system32\SNTI386.DLL
2009-09-22 03:11 . 1999-07-20 09:38 17920 ----a-w- c:\windows\system32\RNBOVDD.DLL
2009-09-22 03:10 . 2009-09-23 00:19 -------- d-----w- c:\program files\SolidWorks SolidNetWork License Manager
2009-09-22 03:03 . 2009-09-22 03:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\DWGeditor
2009-09-22 03:03 . 2009-09-22 03:04 -------- d-----w- c:\program files\DWGeditor
2009-09-20 11:02 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-20 11:02 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-20 06:47 . 2009-09-20 06:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2009-09-20 06:45 . 2009-09-20 06:46 -------- d-----w- c:\documents and settings\Administrator\Contacts
2009-09-20 06:43 . 2009-09-20 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-09-20 06:43 . 2009-09-20 06:44 -------- d-----w- c:\program files\Windows Live
2009-09-20 06:43 . 2009-09-20 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-09-19 14:45 . 2009-09-19 14:45 -------- d-----w- c:\program files\RVL Hacker
2009-09-16 21:51 . 2009-09-17 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-14 14:53 . 2009-09-18 03:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LastPass
2009-09-13 21:29 . 2009-09-13 21:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org
2009-09-13 21:02 . 2009-09-13 21:02 -------- d-----w- c:\program files\JRE
2009-09-13 21:02 . 2009-09-13 21:02 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-13 20:59 . 2009-09-13 20:59 -------- d-----w- c:\program files\Rico Software
2009-09-13 20:30 . 2009-09-13 20:30 -------- d-----w- c:\program files\PingPlotter Standard
2009-09-10 18:32 . 2009-09-10 18:34 -------- d-----w- c:\program files\Unit Conversion Tool
2009-09-10 01:41 . 2009-09-22 21:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-10 01:41 . 2009-09-22 21:27 -------- d-----w- c:\program files\OpenAL
2009-09-10 01:41 . 2009-09-22 21:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-10 01:39 . 2009-09-10 01:39 -------- d-----w- c:\program files\Futuremark
2009-09-10 01:11 . 2009-09-10 01:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\NationRed
2009-09-10 00:51 . 2009-09-10 00:51 -------- d-----w- c:\windows\system32\Futuremark
2009-09-10 00:51 . 2009-09-10 00:51 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2009-09-10 00:51 . 2008-09-17 18:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
2009-09-09 03:19 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-01 03:31 . 2009-09-01 03:31 -------- d-----w- c:\program files\FFXiBench3
2009-08-24 15:13 . 2009-08-24 15:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\NeatImage SL
2009-08-24 15:13 . 2009-08-24 15:13 -------- d-----w- c:\program files\Neat Image

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 21:28 . 2009-07-14 16:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-22 21:28 . 2009-07-14 20:41 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-22 21:26 . 2009-07-14 16:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 20:45 . 2009-07-14 21:33 -------- d-----w- c:\program files\Steam
2009-09-22 19:41 . 2009-08-07 12:46 -------- d-----w- c:\program files\SolidWorks
2009-09-22 19:39 . 2009-08-07 12:46 -------- d-----w- c:\program files\Common Files\eDrawings2009
2009-09-22 19:39 . 2009-08-07 12:46 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2009-09-22 16:46 . 2009-07-14 22:12 138064 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-22 16:46 . 2009-07-14 22:12 189184 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-22 16:44 . 2009-07-14 20:39 36192 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 03:14 . 2009-07-15 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-13 21:02 . 2009-08-04 00:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 08:30 . 2009-09-13 20:30 44 ---h--w- c:\program files\7d737e76.tmp
2009-08-29 18:30 . 2009-07-14 21:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 18:30 . 2009-07-14 21:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 18:30 . 2009-07-14 21:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 14:37 . 2009-08-06 02:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-08-22 06:32 . 2009-08-22 06:32 -------- d-----w- c:\program files\MSBuild
2009-08-22 06:32 . 2009-08-22 06:32 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 19:32 . 2009-08-07 19:32 -------- d-----w- c:\program files\MSXML 4.0
2009-08-06 02:38 . 2009-08-06 02:38 -------- d-----w- c:\program files\uTorrent
2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 23:12 . 2009-08-04 00:49 -------- d-----w- c:\program files\Java
2009-08-04 03:11 . 2009-08-04 03:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore
2009-08-04 03:11 . 2009-08-04 03:10 -------- d-----w- c:\program files\AIM6
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\program files\Viewpoint
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\program files\Common Files\AOL
2009-08-04 02:59 . 2009-08-04 02:58 -------- d-----w- c:\program files\QuickTime
2009-08-04 02:58 . 2009-08-04 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-04 02:58 . 2009-08-04 02:58 -------- d-----w- c:\program files\Apple Software Update
2009-08-04 02:58 . 2009-08-04 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-04 00:48 . 2009-08-04 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-01 05:10 . 2009-08-01 05:10 -------- d-----w- c:\program files\Electronic Arts
2009-07-30 03:05 . 2009-07-30 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Wayward Gamers
2009-07-27 22:04 . 2009-07-19 22:18 -------- d-----w- c:\program files\FFXIP
2009-07-26 23:26 . 2009-07-26 23:26 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-07-21 17:50 . 2009-07-14 22:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-21 00:24 . 2009-07-21 00:24 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-20 13:34 . 2009-07-20 13:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-19 21:11 . 2009-07-19 21:11 4096 ----a-w- c:\windows\d3dx.dat
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 22:12 . 2009-07-14 22:12 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2009-07-14 22:12 . 2009-07-14 22:12 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-14 21:54 . 2009-07-14 21:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-14 16:56 . 2009-07-14 16:56 0 ----a-w- c:\windows\nsreg.dat
2009-07-14 16:02 . 2009-07-14 16:02 315392 ----a-w- c:\windows\HideWin.exe
2009-07-14 15:46 . 2009-07-14 15:46 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-12 16:21 . 2009-07-14 20:36 233472 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 14:49 . 2009-07-14 21:20 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-03 14:49 . 2009-07-23 21:44 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-26 16:50 . 2003-03-31 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2009-07-14 20:36 81920 ------w- c:\windows\system32\ieencode.dll
2004-07-22 14:51 . 2004-07-22 14:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-20 02:58 . 2004-07-20 02:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-20 02:53 . 2004-07-20 02:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 18:17 . 2004-07-09 18:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 13:13 . 2004-07-09 13:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 13:13 . 2004-07-09 13:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 08:08 . 2004-07-09 08:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 08:08 . 2004-07-09 08:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 07:03 . 2004-07-09 07:03 62976 ----a-w- c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2009-07-14 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-29 2007832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-13 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 18:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\glliw\\insurgency\\hl2.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\nation red demo\\NationRed.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\baboinvasion_trial\\BaboInvasionTrial.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/14/2009 5:20 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/22/2009 12:26 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/14/2009 5:54 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/14/2009 5:54 PM 108552]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [7/14/2009 11:58 AM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/14/2009 10:54 PM 17024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/22/2009 12:23 PM 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/22/2009 12:26 PM 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/29/2009 2:30 PM 297752]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;c:\program files\SolidWorks SolidNetWork License Manager\lmgrd.exe [5/11/2007 1:08 PM 1372160]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/3/2009 11:10 PM 24652]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/29/2009 2:30 PM 908056]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 AODDriver;AODDriver;c:\program files\AMD\OverDrive\i386\AODDriver.sys [8/4/2008 7:48 AM 6656]
S3 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7/14/2009 12:57 PM 12672]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9to7dqw9.default\
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9to7dqw9.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9to7dqw9.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 20:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AODService]
"ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\hasplms.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
.
**************************************************************************
.
Completion time: 2009-09-23 20:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-23 00:32

Pre-Run: 374,288,011,264 bytes free
Post-Run: 374,377,152,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

337 --- E O F --- 2009-09-21 00:23

Edited by Glliw, 22 September 2009 - 07:34 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:30 AM

Posted 23 September 2009 - 10:11 AM

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I Infected forum.
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users