1 reply to this topic

[Leedguitar]

Hello,

I have a computer that was infected with a version of that anti-virus/anti-spyware application. I initially ran Super Anti Spyware, and it seemed to fix it, but low and behold, it has come back. I have been unable to run Malwarebytes, even as a renamed exe, and have had similar problems with running Super Anti-Spyware.

I ran ComboFix in Safe Mode and this is what I came up with:

ComboFix 09-09-08.07 - Administrator 09/09/2009 11:05.1.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.805 [GMT -4:00]
Running from: c:\leon\kahdah.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\Installer\21586.msi
c:\windows\system32\41.exe
c:\windows\system32\dllcache\figaro.sys
C:\xvhu.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-09 14:29 . 2009-09-09 14:29 -------- d-----w- c:\program files\sas
2009-09-09 12:40 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-09 12:40 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-09 12:40 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-09 12:40 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-09 12:40 . 2009-09-09 12:40 -------- d-----w- c:\program files\Avira
2009-09-09 12:40 . 2009-09-09 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-09 12:05 . 2009-09-09 12:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-09 11:49 . 2009-09-09 11:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-09 11:49 . 2009-09-09 11:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-08 20:01 . 2009-09-08 20:01 -------- d-----w- c:\documents and settings\Leon Test
2009-09-08 19:54 . 2009-09-08 19:54 -------- d-----w- c:\program files\CCleaner
2009-09-08 18:37 . 2009-09-08 19:05 -------- d-----w- C:\$AVG8.VAULT$
2009-09-08 18:33 . 2009-09-08 18:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-08 18:33 . 2009-09-08 18:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-08 18:33 . 2009-09-08 18:33 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-08 18:33 . 2009-09-08 18:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-08 18:33 . 2009-09-09 12:23 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-08 18:33 . 2009-09-08 18:33 -------- d-----w- c:\program files\AVG
2009-09-08 18:33 . 2009-09-09 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-08 18:30 . 2009-09-08 18:30 -------- d-----w- c:\documents and settings\Jeremy\Application Data\Windows Search
2009-09-08 18:29 . 2009-09-08 18:29 -------- d-----w- c:\documents and settings\Jeremy\Application Data\AVG8
2009-09-08 18:23 . 2009-09-09 15:05 -------- d--h--w- c:\windows\PIF
2009-09-08 18:17 . 2009-09-08 18:17 -------- d-----w- c:\documents and settings\Jeremy\Application Data\Malwarebytes
2009-09-08 18:17 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 18:17 . 2009-09-09 14:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 18:17 . 2009-09-08 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 18:17 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 18:16 . 2009-09-09 14:21 -------- d-----w- C:\Leon
2009-09-08 13:23 . 2009-09-08 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Broderbund
2009-09-08 13:21 . 2002-05-07 05:09 274432 ----a-w- c:\windows\TLCUninstall.exe
2009-09-08 13:21 . 2009-09-08 13:21 -------- d-----w- c:\program files\Broderbund
2009-09-04 22:27 . 2009-09-04 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-04 22:26 . 2009-09-09 12:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-04 22:26 . 2009-09-04 22:26 -------- d-----w- c:\documents and settings\Jeremy\Application Data\SUPERAntiSpyware.com
2009-09-04 22:06 . 2009-09-05 05:17 -------- d-----w- c:\program files\Windows Defender
2009-09-03 15:08 . 2009-09-03 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-03 15:07 . 2009-09-03 15:07 -------- d-----w- c:\documents and settings\Jeremy\Application Data\Office Genuine Advantage
2009-08-24 15:05 . 2009-08-24 15:05 -------- d-----w- c:\program files\EA Games
2009-08-23 21:05 . 2009-08-24 15:07 717 ----a-w- c:\windows\eReg.dat
2009-08-23 02:41 . 2009-08-23 02:41 -------- d-----w- c:\documents and settings\Jeremy\Local Settings\Application Data\WMTools Downloaded Files
2009-08-15 19:57 . 2009-08-15 19:57 -------- d-----w- c:\program files\HeavenWord, Inc
2009-08-15 19:56 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-15 19:56 . 2009-08-15 19:56 -------- d-----w- c:\documents and settings\Jeremy\WINDOWS
2009-08-13 16:44 . 2009-08-13 16:44 -------- d-----w- c:\documents and settings\Jeremy\Local Settings\Application Data\Identities
2009-08-13 16:44 . 2009-08-13 16:44 -------- d-----w- c:\documents and settings\Jeremy\Application Data\Windows Desktop Search
2009-08-13 16:43 . 2009-08-15 05:03 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-13 16:43 . 2009-08-13 16:43 -------- d-----w- c:\windows\system32\GroupPolicy
2009-08-13 16:42 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-08-13 16:42 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-08-13 16:42 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-08-12 23:44 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 15:05 . 2009-04-30 21:14 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\TeamViewer
2009-09-08 20:02 . 2009-09-08 20:02 -------- d-----w- c:\documents and settings\Leon Test\Application Data\Windows Desktop Search
2009-09-05 07:03 . 2009-04-30 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-05 06:12 . 2009-06-23 20:53 -------- d-----w- c:\program files\Google
2009-09-05 05:37 . 2009-05-22 18:54 -------- d-----w- c:\documents and settings\Jeremy\Application Data\ZoomBrowser EX
2009-09-03 15:09 . 2009-04-30 22:49 98096 ----a-w- c:\documents and settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-03 15:00 . 2009-04-30 19:06 -------- d-----w- c:\program files\Microsoft Works
2009-08-28 05:13 . 2009-05-12 15:31 -------- d-----w- c:\documents and settings\Jeremy\Application Data\dvdcss
2009-08-23 21:46 . 2009-07-08 15:19 25 ----a-w- c:\windows\popcinfot.dat
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-23 03:53 . 2009-07-23 03:52 -------- d-----w- c:\program files\iTunes
2009-07-23 03:53 . 2009-07-23 03:53 -------- d-----w- c:\program files\iPod
2009-07-23 03:53 . 2009-04-30 22:06 -------- d-----w- c:\program files\Common Files\Apple
2009-07-20 02:37 . 2009-07-15 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-20 02:37 . 2009-06-04 22:51 -------- d-----w- c:\program files\Norton Security Scan
2009-07-20 02:37 . 2009-06-04 22:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-19 03:57 . 2009-07-19 03:57 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 22:01 . 2009-07-15 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-15 22:01 . 2009-07-15 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 01:08 . 2009-07-09 01:08 0 ----a-w- c:\windows\popcreg.dat
2009-07-03 17:50 . 2009-07-03 17:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-01-09 868352]
"lxdvmon.exe"="c:\program files\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]
"lxdvamon"="c:\program files\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-23 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-03 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-08 2007832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2007-04-09 19968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\sas\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\sas\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-08 18:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\WINDOWS\\system32\\lxdvcoms.exe"=
"c:\\Program Files\\Lexmark X5400 Series\\lxdvmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvjswx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvwbgw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/8/2009 2:33 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/8/2009 2:33 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\sas\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/9/2009 8:40 AM 108289]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/8/2009 2:33 PM 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/1/2009 8:04 AM 55152]
R2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdvserv.exe [4/30/2009 10:49 PM 98984]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [4/29/2009 9:17 AM 185640]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [4/30/2009 5:08 PM 33176]
S3 SASENUM;SASENUM;c:\program files\sas\SASENUM.SYS [5/26/2009 10:05 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.family.org/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\f412he4g.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 11:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\program files\sas\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\TeamViewer\Version4\tv.dll

- - - - - - - > 'explorer.exe'(2424)
c:\windows\system32\WININET.dll
c:\program files\TeamViewer\Version4\tv.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\lxctcoms.exe
c:\windows\system32\lxdvcoms.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\searchindexer.exe
c:\program files\TeamViewer\Version4\TeamViewer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-09 11:16 - machine was rebooted [Jeremy]
ComboFix-quarantined-files.txt 2009-09-09 15:16

Pre-Run: 60,326,989,824 bytes free
Post-Run: 60,327,718,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

280 --- E O F --- 2009-09-05 07:03


Any help is GREATLY appreciated...

[prairie dog]

Hi and welcome to the forum!

Log are not worked on in the general forum. Please follow the instructions below. Thanks!


Scan and post logs - read note at bottom in green
If you're having Malware related issues with your computer that you're unable to resolve.

1. Please read and follow the instructions provided here: I'm infected - What do I do now?
2. If needed please post your logs in a NEW topic here:Malware Removal - HijackThis Logs
3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.


* Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
* Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
* Using these other tools often makes the cleanup task more difficult and time consuming.
* If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
* Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
* There are often many others that require assistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review


* NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can