Infected with unknown malware/virus

I used ComboFix a several times on my machines. Now I had some troubles with my laptop, so I tried to use Combofix. It crashes at the start. The little green indicator fills up and a message says something like "Cannot open the file, you might not have the permissions to it" In the blue bar stays 32788R22FWJFW\iexplore.exe or 32788R22FWJFW\Hidec.exe 32788R22FWJFW\n.pif. It pops up like a 25 times. Than it says can't open nircmd.cfxxe

I ran hijackthis checkt it on hijacthis.de, checkt for virusses with Avg, sophos online scan and Eset online scan. It removed some crap, but Combofix still doesn't work. Also Malwarebytes Antimalware will not update.

What is going on here?

Sorry for bad english

DDS Log:


DDS (Ver_09-12-01.01) - FAT32x86
Run by Dragon at 12:47:55,84 on di 02-02-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1526.669 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\FileZilla\FileZilla.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Dragon\Mijn documenten\Downloads\dds (1).scr

============== Pseudo HJT Report ===============

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {79F436C2-3CA2-45A4-A52E-694B23DFFA88} - c:\program files\tweakie 3.1\TweakIE.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://75.13.225.102:8887/img/NetCamPlayerWeb11g.ocx
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} - hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169124664890
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://cam1.east-ayrshire.gov.uk/activex/AMC.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://137.229.42.101:8080/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.erieyachtclub.org/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.hema.nl/xupload/XUpload.ocx
TCP: {FD859738-16BB-4461-A8F0-0D2FF2C7134D} = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 26088801;26088801;c:\windows\system32\drivers\26088801.sys [2010-1-26 128016]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-10 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-11 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-10 108552]
R1 setup_9.0.0.722_26.01.2010_10-24drv;setup_9.0.0.722_26.01.2010_10-24drv;c:\windows\system32\drivers\2608880.sys [2010-1-26 315408]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-26 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-26 297752]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-7-15 14976]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-6-5 10752]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-5 133104]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-6-20 1097728]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-6-21 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-6-21 8320]
S3 PEEK5;PEEK5 Protocol Driver;c:\aircra~1.6-w\PEEK5.SYS [2007-12-20 13184]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;\??\c:\program files\ufasoft\sniffer\usft_sn4.sys --> c:\program files\ufasoft\sniffer\usft_sn4.sys [?]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [2006-12-3 29152]
S3 usboebusdrv;KernelPro Virtual USB Host Controller Driver;c:\windows\system32\drivers\usboebusdrv.sys --> c:\windows\system32\drivers\usboebusdrv.sys [?]

=============== Created Last 30 ================

2010-02-02 11:32:07 0 d-----w- c:\program files\TrendMicro
2010-01-29 12:34:26 0 d-----w- c:\program files\ESET
2010-01-26 13:19:17 3836274 ----a-w- C:\ComboFix.exe
2010-01-26 08:47:22 315408 ----a-w- c:\windows\system32\drivers\2608880.sys
2010-01-26 08:47:22 128016 ----a-w- c:\windows\system32\drivers\26088801.sys
2010-01-13 08:27:41 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 08:45:28 0 d-sh--w- C:\FOUND.006

==================== Find3M ====================

2009-12-30 13:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 13:21:32 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-11 12:15:36 91950 ----a-w- c:\windows\system32\perfc013.dat
2009-12-11 12:15:36 510980 ----a-w- c:\windows\system32\perfh013.dat
2009-11-09 12:37:40 43328 ----a-w- c:\docume~1\dragon\applic~1\GDIPFONTCACHEV1.DAT
2007-03-02 14:11:00 12634222 ----a-w- c:\program files\Spyware Doctor2.rar
2007-02-11 14:59:20 13171339 ----a-w- c:\program files\Spyware Doctor.rar
2008-08-28 02:06:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 12:48:53,43 ===============

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

I ran CF from another account on my laptop and it did remove some crap, but still it isnt fixed.

DDS (Ver_09-12-01.01) - FAT32x86
Run by Dragon at 16:24:45,54 on vr 12-02-2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1526.796 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dragon\Mijn documenten\Downloads\dds (2).scr

============== Pseudo HJT Report ===============

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {79F436C2-3CA2-45A4-A52E-694B23DFFA88} - c:\program files\tweakie 3.1\TweakIE.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://75.13.225.102:8887/img/NetCamPlayerWeb11g.ocx
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} - hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169124664890
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://cam1.east-ayrshire.gov.uk/activex/AMC.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://137.229.42.101:8080/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.erieyachtclub.org/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.hema.nl/xupload/XUpload.ocx
TCP: {FD859738-16BB-4461-A8F0-0D2FF2C7134D} = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 26088801;26088801;c:\windows\system32\drivers\26088801.sys [2010-1-26 128016]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-2-3 3968]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-10 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-11 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-10 108552]
R1 setup_9.0.0.722_26.01.2010_10-24drv;setup_9.0.0.722_26.01.2010_10-24drv;c:\windows\system32\drivers\2608880.sys [2010-1-26 315408]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-26 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-26 297752]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-7-15 14976]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-6-5 10752]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-5 133104]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-6-20 1097728]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-6-21 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-6-21 8320]
S3 PEEK5;PEEK5 Protocol Driver;c:\aircra~1.6-w\PEEK5.SYS [2007-12-20 13184]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;\??\c:\program files\ufasoft\sniffer\usft_sn4.sys --> c:\program files\ufasoft\sniffer\usft_sn4.sys [?]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [2006-12-3 29152]
S3 usboebusdrv;KernelPro Virtual USB Host Controller Driver;c:\windows\system32\drivers\usboebusdrv.sys --> c:\windows\system32\drivers\usboebusdrv.sys [?]

=============== Created Last 30 ================


==================== Find3M ====================

2010-02-05 19:07:52 91950 ----a-w- c:\windows\system32\perfc013.dat
2010-02-05 19:07:52 510980 ----a-w- c:\windows\system32\perfh013.dat
2009-12-31 16:50:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:04 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:21:32 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-17 07:42:54 345600 ----a-w- c:\windows\system32\mspaint.exe
2009-12-17 07:42:54 345600 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:10:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:10:22 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-09 10:12:00 2193536 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-09 10:12:00 2070400 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-09 10:11:52 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11:52 2149888 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-09 10:11:52 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:11:52 2028544 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 09:25:46 474624 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:14:14 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14:14 1295872 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 17:14:12 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:14:12 17920 ----a-w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:10:20 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:10:20 8704 ----a-w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:10:20 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:10:20 85504 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:10:20 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:10:20 48128 ----a-w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:10:20 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:10:20 28672 ----a-w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:10:20 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:10:20 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-11-21 16:03:20 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2007-03-02 14:11:00 12634222 ----a-w- c:\program files\Spyware Doctor2.rar
2007-02-11 14:59:20 13171339 ----a-w- c:\program files\Spyware Doctor.rar
2008-08-28 02:06:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 16:25:37,46 ===============

Can you post the C:\Combofix.txt log for me please. Thanks.

What isn't fixed yet? What problems do you still have with the computer?

Let me know in your next reply.

Thanks.

My computer hangs once in a while for like 10 seconds. When I try to install something (for example I tried to install Picasa yeterday and I've no rights to instal, while having administrator right).

When Im sending email to a Live address, it could be a dangerous email.

Edited by Thomas2000, 16 February 2010 - 10:05 AM.

Hello again.

Apologize for the delay.

Let's continue with running a Script with Combofix.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
• Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
  CODE
  Driver::
  26088801
  setup_9.0.0.722_26.01.2010_10-24drv
  File::
  c:\windows\system32\drivers\26088801.sys
  c:\windows\system32\drivers\2608880.sys
  RegNull::
  [HKEY_USERS\S-1-5-21-2074355194-3429451213-3773422785-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2084B293-CF05-BC48-D3FF-D1AB481EE3BB}*]
  [HKEY_USERS\S-1-5-21-2074355194-3429451213-3773422785-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C631851D-C879-B4A4-2362-9FA708514A43}*]
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\Interface]
  Registry::
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "990:TCP"=-
  "26675:TCP"=-
  Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
  
  Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post those logs in your next reply for my review please.

Thanks.

With Regards,
Extremeboy

Hey Extremeboy,

I ran CF with the script and it fixed the problems i was having! Thanks a lot!!! Do you know what the infection was?

Best Regards

No problem. We're not done yet, let's still continue and so we can make sure your computer is clean for sure.

Continue with the rest and post the Malwarebytes log as well once it's done.

Thanks.

Mbam log, I'm sorry its in dutch. It found nothing.

Malwarebytes' Anti-Malware 1.44
Database versie: 3775
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22-2-2010 16:48:42
mbam-log-2010-02-22 (16-48-42).txt

Scan type: Snelle Scan
Objecten gescand: 144269
Verstreken tijd: 8 minute(s), 41 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

No problem. That's fine.

Let's get one last scan to confirm everything and let's cleanup.

Please follow/read the steps below to remove the tools we used and for some more information.


Uninstall ComboFix

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything assoicated with it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

• Download OTC by OldTimer and save it to your desktop.
• Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
• Then Click the big button.
• You will get a prompt saying "Being Cleanup Process". Please select Yes.
• Restart your computer when prompted.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

---

Congratulations! You now appear clean!

Now that you are clean, please follow and read some of the prevention tips below.

Preventing Infections in the Future


Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

• Miekies' prevention suggestions
• How Malware Spreads

Some of the main things you should consider to perform/read are:

• Disabling Autorun/Play on Flash-Drive/Removable Drives
• Avoid gaming sites, underground web pages, pirated software sites, and Peer to Peer Programs
• Keep Windows Updated through going to Windows Updates
• Updating Non-Microsoft Programs
• Keeping Security softwares updated

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck

---

If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks

With Regards,
Extremeboy

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad we could help
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic.

With Regards,
Extremeboy