Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Virus not letting Hijackthis open up


  • Please log in to reply
7 replies to this topic

#1 BobbyRose23

BobbyRose23

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 05 November 2009 - 01:56 AM

I am lost I got hijack this was gonna do the log and all that and it was going fine and then it shuts down hijack this and I cannot access it now... im lost plz help!

    Advertisements

Register to Remove


#2 chamber

chamber

    G2G Staff

  • Authentic Member
  • PipPip
  • 140 posts

Posted 05 November 2009 - 05:38 AM

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#3 BobbyRose23

BobbyRose23

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 05 November 2009 - 12:17 PM

Attached File  Attach.txt   6.43KB   339 downloads I tried exehelper but it says its not a proper win32 application cause I had to transfer it through aim since I cannot browse from that computer.... This is fustrating for me, sorry im a pain

#4 chamber

chamber

    G2G Staff

  • Authentic Member
  • PipPip
  • 140 posts

Posted 05 November 2009 - 04:21 PM

Do you have the other DDS log?

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#5 BobbyRose23

BobbyRose23

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 05 November 2009 - 05:03 PM

Attached File  DDS.txt   24.51KB   280 downloads this? DDS (Ver_09-10-26.01) - NTFSx86 Run by HrClothes at 13:03:03.47 on Thu 11/05/2009 Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_14 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1918.842 [GMT -5:00] AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\rundll32.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe C:\Program Files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\lxddserv.exe C:\Windows\system32\lxddcoms.exe C:\Nexon\Mabinogi\npkcmsvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Intuit\QuickBooks Cash Register Plus 2010\bin\database\CRP1DBMgr10.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\taskeng.exe c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\AIM\aim.exe C:\Program Files\BigFix\bigfix.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\wuauclt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\msa.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\HrClothes\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1108&m=et1161-05 uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html mStart Page = hxxp://www.yahoo.com/ mDefault_Page_URL = hxxp://www.yahoo.com/ mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [EPSON Stylus NX400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiega.exe /fu "c:\windows\temp\E_S6355.tmp" /EF "HKCU" uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [aliim] c:\program files\trademanager\aliim.exe uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [osCheck] "c:\program files\norton 360\osCheck.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [eRecoveryService] mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe" mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe" mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe StartupFolder: c:\users\hrclot~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: alipay.com Trusted Zone: alisoft.com Trusted Zone: taobao.com DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-3 12552] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-4 207280] R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-11-3 23832] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-3 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-3 108552] R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090219.003\IDSvix86.sys [2009-2-20 270384] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-11-3 297752] R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-11-3 1370488] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-11-4 112592] R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2008-11-13 24576] R2 Intuit Entitlement Service v5.3;Intuit Entitlement Service v5.3;c:\program files\common files\intuit\entitlement client\v5.3\server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2008-7-29 20480] R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-8-18 13088] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-17 149352] R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248] R2 QBCRPDBService2010;QBCRPDBService2010;c:\program files\intuit\quickbooks cash register plus 2010\bin\database\CRP1DBMgr10.exe [2007-9-2 131072] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-4 358600] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008] S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-11-3 908056] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-11 23888] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-18 54632] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-13 24064] =============== Created Last 30 ================ 2009-11-05 07:42:11 0 d-----w- c:\program files\Trend Micro 2009-11-04 08:33:19 234027598 ----a-w- c:\windows\MEMORY.DMP 2009-11-04 06:38:45 882 ----a-w- c:\windows\RegSDImport.xml 2009-11-04 06:38:45 880 ----a-w- c:\windows\RegISSImport.xml 2009-11-04 06:38:45 767952 ----a-w- c:\windows\BDTSupport.dll 2009-11-04 06:38:45 1636304 ----a-w- c:\windows\PCTBDCore.dll 2009-11-04 06:38:45 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-11-04 06:38:45 131 ----a-w- c:\windows\IDB.zip 2009-11-04 06:38:45 1152470 ----a-w- c:\windows\UDB.zip 2009-11-04 06:38:44 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-11-04 06:36:29 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2009-11-04 06:36:29 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-11-04 06:36:29 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-11-04 06:36:13 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-11-04 06:36:13 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2009-11-04 06:36:13 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-11-04 06:36:13 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-11-04 06:36:00 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2009-11-04 06:36:00 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-11-04 06:35:55 0 d-----w- c:\users\hrclot~1\appdata\roaming\PC Tools 2009-11-04 06:35:55 0 d-----w- c:\programdata\PC Tools 2009-11-04 06:35:55 0 d-----w- c:\program files\Spyware Doctor 2009-11-04 06:35:55 0 d-----w- c:\program files\common files\PC Tools 2009-11-04 03:57:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2009-11-04 03:31:01 0 d-----w- c:\programdata\AVG Security Toolbar 2009-11-04 03:30:30 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys 2009-11-04 03:30:30 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-03 18:08:05 0 d--h--w- C:\$AVG8.VAULT$ 2009-11-03 18:03:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-03 18:03:41 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-11-03 18:03:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-03 18:03:36 0 d-----w- c:\windows\system32\drivers\Avg 2009-11-03 18:03:27 0 d-----w- c:\program files\AVG 2009-11-03 18:03:26 0 d-----w- c:\programdata\avg8 2009-11-03 04:05:20 5 ----a-w- c:\windows\system32\Band4 2009-11-03 04:05:17 7 ----a-w- c:\windows\system32\Class13 2009-11-03 02:18:57 177664 ----a-w- c:\windows\msa.exe 2009-11-03 02:18:17 0 ----a-w- c:\windows\win32k.sys 2009-10-30 03:31:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_SmjVirtualPortDriverTsp100u_01_00_00.Wdf 2009-10-30 03:22:41 0 d-----w- c:\program files\CITIZEN 2009-10-30 03:20:31 0 d-----w- c:\program files\CITIZEN SYSTEMS JAPAN 2009-10-28 02:16:52 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 02:16:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-14 02:18:55 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-14 02:16:28 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-14 02:16:27 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-14 02:14:52 61440 ----a-w- c:\windows\system32\msasn1.dll 2009-10-14 02:14:49 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-14 02:14:45 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-13 23:23:54 0 d-----w- c:\program files\common files\Software Update Utility 2009-10-13 23:23:24 0 d-----w- c:\programdata\AIM 2009-10-13 23:23:07 0 d-----w- c:\program files\AIM 2009-10-07 09:27:02 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-07 09:26:36 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-07 09:26:11 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-07 09:26:11 171608 ----a-w- c:\windows\system32\wuwebv.dll ==================== Find3M ==================== 2009-11-04 03:32:04 51200 ----a-w- c:\windows\inf\infpub.dat 2009-11-04 03:32:04 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-11-04 03:32:02 86016 ----a-w- c:\windows\inf\infstor.dat 2009-09-04 17:17:00 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe 2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-18 03:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-14 16:29:41 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 16:29:41 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 14:16:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 14:16:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 14:16:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 14:16:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 14:16:50 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 14:16:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 14:16:49 10240 ----a-w- c:\windows\system32\finger.exe 2008-10-29 02:27:46 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-07-13 01:58:31 16384 --sha-w- c:\windows\temp\cookies\index.dat 2009-07-13 01:58:31 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat 2009-07-13 01:58:31 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 13:05:23.36 ===============

Edited by chamber, 06 November 2009 - 01:58 AM.
pasted in log


#6 chamber

chamber

    G2G Staff

  • Authentic Member
  • PipPip
  • 140 posts

Posted 06 November 2009 - 02:02 AM

Yes, thats the one.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

#7 BobbyRose23

BobbyRose23

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 07 November 2009 - 02:48 AM

I got not get the question to continue Getting rid of it... and AVG will not get out of my comp system, I cannot get rid of it or Delete it, that program will not get out of my comp..... here my log from combo fix... but I can go on a browser now!

ComboFix 09-11-06.03 - HrClothes 11/07/2009 3:10.2.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1918.1054 [GMT -5:00]
Running from: c:\users\HrClothes\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cngaudit.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 08:24 . 2009-11-07 08:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-05 07:42 . 2009-11-05 07:42 -------- d-----w- c:\program files\Trend Micro
2009-11-04 03:30 . 2009-11-04 03:30 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-11-04 03:30 . 2009-11-04 03:30 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-03 18:08 . 2009-11-04 05:54 -------- d-----w- C:\$AVG8.VAULT$
2009-11-03 18:03 . 2009-11-04 03:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 18:03 . 2009-11-04 03:30 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-03 18:03 . 2009-11-04 03:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-03 18:03 . 2009-11-06 21:50 4096 d-----w- c:\windows\system32\drivers\Avg
2009-11-03 18:03 . 2009-11-04 03:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-03 18:03 . 2009-11-03 18:03 -------- d-----w- c:\program files\AVG
2009-11-03 18:03 . 2009-11-07 02:27 4096 d-----w- c:\programdata\avg8
2009-11-03 07:56 . 2009-11-04 04:12 1356 ----a-w- c:\users\HrClothes\AppData\Local\d3d9caps.dat
2009-11-03 02:18 . 2009-11-07 03:29 0 ----a-r- c:\windows\win32k.sys
2009-10-30 03:22 . 2009-10-30 03:22 49152 ----a-r- c:\users\HrClothes\AppData\Roaming\Microsoft\Installer\{7658436D-C2DA-4E5B-BCA7-47DA42188FFA}\ARPPRODUCTICON.exe
2009-10-30 03:22 . 2009-10-30 03:22 -------- d-----w- c:\program files\CITIZEN
2009-10-30 03:20 . 2009-11-03 08:05 -------- d-----w- c:\program files\CITIZEN SYSTEMS JAPAN
2009-10-28 02:16 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 02:16 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-14 02:18 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 02:16 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 02:16 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 02:14 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 02:14 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 02:14 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 23:23 . 2009-10-13 23:23 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-10-13 23:23 . 2009-10-13 23:23 -------- d-----w- c:\programdata\AIM
2009-10-13 23:23 . 2009-10-13 23:23 8192 d-----w- c:\program files\AIM
2009-10-13 11:01 . 2009-10-13 23:24 -------- d-----w- c:\users\HrClothes\AppData\Local\AIM
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

2009-11-07 03:26 . 2009-06-02 07:11 4096 d-----w- c:\users\HrClothes\AppData\Roaming\Skype
2009-11-04 03:31 . 2009-11-04 03:31 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-11-03 18:03 . 2009-11-04 03:31 10520 ----a-w- c:\programdata\avg8\update\backup\avgrsstx.dll
2009-11-03 08:12 . 2009-01-24 03:58 32768 d-----w- c:\users\HrClothes\AppData\Roaming\uTorrent
2009-11-03 08:12 . 2009-08-23 01:50 40960 d-----w- c:\program files\trademanager
2009-10-30 03:40 . 2008-12-29 02:46 81800 ----a-w- c:\users\HrClothes\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-30 03:37 . 2009-01-19 02:08 4096 d-----w- c:\program files\Common Files\Intuit
2009-10-30 03:36 . 2009-01-19 02:08 4096 d-----w- c:\programdata\Intuit
2009-10-30 03:36 . 2009-01-19 02:08 -------- d-----w- c:\program files\Intuit
2009-10-30 03:31 . 2009-10-30 03:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_SmjVirtualPortDriverTsp100u_01_00_00.Wdf
2009-10-30 03:16 . 2009-01-19 01:52 4096 d-----w- c:\users\HrClothes\AppData\Roaming\Download Manager
2009-10-14 11:22 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-14 07:03 . 2008-10-29 02:59 8192 d-----w- c:\programdata\Microsoft Help
2009-10-13 23:24 . 2009-06-17 15:02 4096 d-----w- c:\program files\AIM Toolbar
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Application Data\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-30 18:58 . 2008-02-17 20:38 9576 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-18 17:54 . 2009-09-18 17:46 -------- d-----w- c:\program files\Microsoft
2009-09-18 17:54 . 2009-09-18 17:46 4096 d-----w- c:\program files\Windows Live
2009-09-18 17:52 . 2009-09-18 17:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-18 17:49 . 2009-09-18 17:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-18 17:46 . 2009-09-18 17:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-18 17:37 . 2009-09-18 17:37 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-17 08:22 . 2009-01-21 01:11 16384 d-----w- c:\program files\Zune
2009-09-13 16:08 . 2009-09-13 16:08 -------- d-----w- c:\users\HrClothes\AppData\Roaming\Acoustica
2009-09-13 16:08 . 2009-09-13 16:04 8192 d-----w- c:\program files\Acoustica Mixcraft 4
2009-09-13 16:07 . 2009-09-13 16:07 8192 d-----w- c:\program files\Acoustica Shared Effects
2009-09-13 16:04 . 2009-09-13 16:04 -------- d-----w- c:\programdata\Acoustica
2009-09-13 16:04 . 2009-09-13 16:04 -------- d-----w- c:\program files\VST
2009-09-09 07:12 . 2009-02-04 01:17 4096 d-----w- c:\program files\Microsoft Silverlight
2009-09-04 17:17 . 2009-09-04 17:17 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\Application Data\Application Data\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\Application Data\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 17:30 . 2009-08-28 17:30 102400 ----a-w- c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-08-28 12:39 . 2009-09-04 23:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-04 23:14 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-11-03 10:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-11-03 10:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-11-03 10:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-11-03 10:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Application Data\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Application Data\Application Data\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-26 00:43 . 2009-08-26 00:43 471664 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtbABDB.tmp.exe
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-09 01:55 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 01:55 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 01:55 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 01:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 01:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 01:55 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 01:55 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 01:55 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 01:55 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 01:55 10240 ----a-w- c:\windows\system32\finger.exe
.

------- Sigcheck -------

[-] 2006-11-02 09:46 . !HASH: COULD NOT OPEN FILE !!!!! . 61952 . . [------] . . c:\windows\System32\cngaudit.dll

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.
*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-25 988512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 92704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-14 24064]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-28 185872]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-07-16 283792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-04 2028312]
"combofix"="c:\combofix\CF23694.exe" [2009-11-07 318976]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-23 6183456]

c:\users\HrClothes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-10-28 2342912]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-12-9 984352]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-19 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"


R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [11/3/2009 1:03 PM 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [11/3/2009 10:30 PM 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [11/3/2009 1:03 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/3/2009 10:30 PM 108552]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090219.003\IDSvix86.sys [2/20/2009 4:36 PM 270384]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/3/2009 10:30 PM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [11/3/2009 10:30 PM 1370488]
R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [11/13/2008 8:08 PM 24576]
R2 Intuit Entitlement Service v5.3;Intuit Entitlement Service v5.3;c:\program files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [7/29/2008 10:26 AM 20480]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [8/18/2008 5:55 PM 13088]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/17/2008 3:37 PM 149352]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxddserv.exe [5/25/2007 9:41 AM 99248]
R2 QBCRPDBService2010;QBCRPDBService2010;c:\program files\Intuit\QuickBooks Cash Register Plus 2010\bin\database\CRP1DBMgr10.exe [9/2/2007 6:08 PM 131072]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/12/2009 3:26 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 6:18 PM 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 11:31 AM 41008]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/3/2009 10:30 PM 908056]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/11/2008 10:32 PM 23888]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9/18/2009 12:54 PM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/13/2008 8:07 PM 24064]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1108&m=et1161-05
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 03:29
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(620)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------

c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxddcoms.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\servicing\TrustedInstaller.exe
.

**************************************************************************

.
Completion time: 2009-11-07 3:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 08:40

Pre-Run: 69,842,857,984 bytes free
Post-Run: 69,391,507,456 bytes free

- - End Of File - - 984460E0D5F66694981AF1283577DCCF

Attached Files

  • Attached File  log.txt   26.69KB   271 downloads

Edited by chamber, 07 November 2009 - 04:34 AM.


#8 chamber

chamber

    G2G Staff

  • Authentic Member
  • PipPip
  • 140 posts

Posted 07 November 2009 - 04:43 AM

Hi,

Can you copy and paste the logs in for me please, it's a lot easier to read them. :thumbup:

You have some leftover traces of Norton antivirus left in your system. We will remove them now.

Please visit HERE, determine the version of the Symantec product that is installed. (To determine the version, click Help and About.)

Select the appropriate link for the product that you want to uninstall and then run the tool.

Follow the on-screen instructions.

Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

1) CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\win32k.sys

Folder::
c:\users\HrClothes\AppData\Roaming\uTorrent

Registry::

Driver::

MIA::
c:\windows\system32\cngaudit.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


2) OTL


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

In your reply I would like to see copied and pasted,

1) ComboFix log
2) OTL logs

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU

If I have helped you, please consider a donation to help continue the fight against malware. Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users