Sign In
Create Account
1
Hi guys, i am new here so i would really appreciate your help. My computer got infected a few days back by the windows police spyware or something and i have tried running avg, mbam, spybot and everyother spyware i could think of but they would not start at all. I tried reinstalling mbam and it would give me an error message saying:
"windows cannot access the specified path..."
I installed hijack this but it would not start as well!!! I do not know what to do next. I would reaalllly appreciate your help in this matter. THanks!
Also, I am currently working from the safe mode and it still does not work! Kaspersky online scanner is also not working out. help!!!!
Back to top
#3
Posted 15 September 2009 - 11:22 PM
-
- Experts
-
- 4,051 posts
Forum Deity
- Gender:Male
- Location:Florida
Hello ipod01
Welcome to Malwarebytes.
Let me know if you maybe see a black Command prompt window when you run the second program.
=====================
Please download DDS and save it to your desktop.
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt.
================
Download This file. Note its name and save it to your root folder, such as C:\.
Welcome to Malwarebytes.
Let me know if you maybe see a black Command prompt window when you run the second program.
=====================
Please download DDS and save it to your desktop.
- Disable any script blocking protection
- Double click dds.scr to run the tool.
- When done, DDS.txt will open.
- Click Yes at the next prompt for Optional Scan.
- Save both reports to your desktop.
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt.
================
Download This file. Note its name and save it to your root folder, such as C:\.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
- Click on this link to see a list of programs that should be disabled.
- Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
- Allow the driver to load if asked.
- You may be prompted to scan immediately if it detects rootkit activity.
- If you are prompted to scan your system click "Yes" to begin the scan.
- If not prompted, click the "Rootkit/Malware" tab.
- On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
- Select all drives that are connected to your system to be scanned.
- Click the Scan button to begin. (Please be patient as it can take some time to complete)
- When the scan is finished, click Save to save the scan results to your Desktop.
- Save the file as Results.log and copy/paste the contents in your next reply.
- Exit the program and re-enable all active protection when done.
If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.
My help is always free, however, if you would like to make a donation to me for the help I have provided please click here
My help is always free, however, if you would like to make a donation to me for the help I have provided please click here
#4
Posted 16 September 2009 - 12:53 AM
-
- Members
-
- 9 posts
New Member
Ok I was able to run Combofix and the log result is as follows:
ComboFix 09-09-14.02 - HP_Administrator 09/15/2009 20:13.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.565 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\99328116.ini
c:\documents and settings\HP_Administrator\Application Data\inst.exe
c:\program files\SafetyCenter
c:\program files\SafetyCenter\main.ico
c:\program files\SafetyCenter\new.exe
c:\program files\SafetyCenter\protector.exe
c:\program files\SafetyCenter\sound.wav
c:\program files\SafetyCenter\start.exe
c:\program files\SafetyCenter\uninstall.exe
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\Installer\17edc83.msp
c:\windows\Installer\1e43a38.msi
c:\windows\Installer\1f54783.msp
c:\windows\Installer\35e2ec.msp
c:\windows\Installer\8b6359.msi
c:\windows\Installer\b0351.msi
c:\windows\kb913800.exe
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\~.exe
c:\windows\system32\bennuar.old
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\ddDEsot.dll
c:\windows\system32\desote.exe
c:\windows\system32\drivers\SKYNEToiyxwtky.sys
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\onhelp.htm
c:\windows\system32\SKYNETiqaaqbdw.dat
c:\windows\system32\SKYNETtyqxhkdk.dll
c:\windows\system32\SKYNETubqpvllt.dll
c:\windows\system32\SKYNETupxejjix.dll
c:\windows\system32\SKYNETutrkrgkq.dat
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\wisdstr.exe
c:\windows\system32\wispex.html
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Temp\~3A.dll
c:\windows\wpd99.drv
D:\Autorun.inf
c:\windows\system32\drivers\beep.sys . . . is infected!!
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNEThorvdbqq
-------\Legacy_SKYNEThorvdbqq
-------\Legacy_ANTIPPRO2009_100
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_AntipPro2009_100
((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.
2009-09-14 23:29 . 2009-09-14 23:29 -------- d-----w- c:\program files\Trend Micro
2009-09-11 16:07 . 2009-09-11 16:07 2198 ----a-w- C:\wus.bat
2009-09-11 04:15 . 2009-09-11 04:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-09 22:40 . 2009-09-09 22:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-09 02:05 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 02:05 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 01:43 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-09 01:43 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-09 01:43 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-09 01:42 . 2009-09-09 01:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-09 01:42 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-09 01:42 . 2009-09-09 01:45 -------- d-----w- c:\program files\Spyware Doctor
2009-09-09 01:42 . 2009-09-09 01:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PC Tools
2009-09-09 01:42 . 2009-09-09 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-09 00:02 . 2009-09-14 23:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 23:47 . 2009-09-08 23:47 -------- d-----w- c:\program files\Windows Defender
2009-09-08 22:09 . 2009-09-08 22:09 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 00:27 . 2007-06-23 19:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-16 00:10 . 2008-04-18 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-15 23:18 . 2007-11-30 23:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-09-15 02:39 . 2009-07-20 03:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2009-09-14 22:43 . 2006-09-21 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 04:14 . 2006-05-07 03:02 -------- d-----w- c:\program files\Java
2009-09-10 22:30 . 2008-08-24 15:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 23:00 . 2009-04-20 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 02:00 . 2007-06-19 01:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2009-09-09 01:59 . 2009-07-27 02:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Spotify
2009-08-27 03:27 . 2007-09-24 02:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-08-23 04:19 . 2006-05-07 03:33 71664 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 17:02 . 2008-07-17 23:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2009-08-16 16:19 . 2007-12-28 17:38 -------- d-----w- c:\program files\Last.fm
2009-08-16 03:32 . 2007-09-24 02:59 -------- d-----w- c:\program files\LimeWire
2009-08-15 19:53 . 2009-07-21 02:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-15 19:53 . 2009-07-21 02:59 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 19:53 . 2009-07-21 02:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 10:58 . 2009-09-09 01:43 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-14 01:55 . 2008-02-08 04:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Digsby
2009-08-14 01:55 . 2008-02-08 04:07 -------- d-----w- c:\program files\Digsby
2009-08-10 02:02 . 2007-08-29 18:23 -------- d-----w- c:\program files\IZArc
2009-08-09 23:03 . 2009-08-09 23:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\tor
2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-27 02:01 . 2009-07-27 02:01 -------- d-----w- c:\program files\Spotify
2009-07-26 18:54 . 2006-05-07 03:49 -------- d-----w- c:\program files\Quicken
2009-07-21 03:02 . 2008-11-27 02:00 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-21 03:02 . 2007-01-29 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-21 03:02 . 2007-01-29 04:25 -------- d-----w- c:\program files\McAfee
2009-07-21 02:59 . 2009-07-21 02:59 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-21 02:58 . 2009-07-21 02:58 -------- d-----w- c:\program files\AVG
2009-07-21 02:58 . 2009-07-21 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-21 02:44 . 2009-07-21 02:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG8
2009-07-17 19:01 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-10 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-10 04:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-10 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-22 10:45 . 2009-06-22 10:45 93 ----a-w- c:\windows\system32\SKYNET.dat
2008-05-07 22:20 . 2007-07-25 13:31 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-19 23:14 . 2009-04-19 23:14 2 --shatr- c:\windows\winstart.bat
2007-08-29 04:01 . 2007-08-23 20:18 304672 --sha-w- c:\windows\system32\drivers\fidbox.dat
2007-08-29 03:51 . 2007-08-23 20:18 16416 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-06-20 00:51 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-06-20 00:51 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-06-20 00:51 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-07 29744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-15 2007832]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-11 149280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Desktop.lnk - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-7-25 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 19:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"18282:TCP"= 18282:TCP:BitComet 18282 TCP
"18282:UDP"= 18282:UDP:BitComet 18282 UDP
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/8/2009 9:43 PM 206256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/20/2009 10:59 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/20/2009 10:59 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/20/2009 10:58 PM 297752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/23/2008 12:11 PM 210216]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/25/2007 9:25 AM 29744]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/8/2009 9:42 PM 348752]
.
Contents of the 'Scheduled Tasks' folder
2009-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 15:27]
2009-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2797609097-3116072469-3799256-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:42]
2009-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2797609097-3116072469-3799256-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j5metiej.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: XUL Cache: {563A0E1E-CAC5-4A69-AE67-85CBE4171CB9} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{563A0E1E-CAC5-4A69-AE67-85CBE4171CB9}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Mozilla Firefox (2.0.0.11) - n:\portableapps\FirefoxPortable\App\firefox\uninstall\helper.exe
AddRemove-Win Police Pro - c:\program files\Windows Police Pro\AntiSpyware_Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 20:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2797609097-3116072469-3799256-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,b6,bd,0c,cc,8c,9c,b5,8d,08,01,51,39,dc,c3,85,7d,45,a3,91,75,25,04,
c1,62,bb,a1,24,af,c3,03,29,a5,f1,f4,40,c7,08,60,8f,df,30,a4,0b,a8,da,d1,7f,\
"??"=hex:9a,79,d7,be,31,d1,b7,a8,1d,55,98,fc,76,89,7c,09
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(432)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Dropbox\DropboxExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-16 20:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-16 00:41
Pre-Run: 83,855,425,536 bytes free
Post-Run: 84,788,658,176 bytes free
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
385 --- E O F --- 2009-09-16 00:36
Do I still need to run DDS?? Thanks for your help.
ComboFix 09-09-14.02 - HP_Administrator 09/15/2009 20:13.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.565 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\99328116.ini
c:\documents and settings\HP_Administrator\Application Data\inst.exe
c:\program files\SafetyCenter
c:\program files\SafetyCenter\main.ico
c:\program files\SafetyCenter\new.exe
c:\program files\SafetyCenter\protector.exe
c:\program files\SafetyCenter\sound.wav
c:\program files\SafetyCenter\start.exe
c:\program files\SafetyCenter\uninstall.exe
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\Installer\17edc83.msp
c:\windows\Installer\1e43a38.msi
c:\windows\Installer\1f54783.msp
c:\windows\Installer\35e2ec.msp
c:\windows\Installer\8b6359.msi
c:\windows\Installer\b0351.msi
c:\windows\kb913800.exe
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\~.exe
c:\windows\system32\bennuar.old
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\ddDEsot.dll
c:\windows\system32\desote.exe
c:\windows\system32\drivers\SKYNEToiyxwtky.sys
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\onhelp.htm
c:\windows\system32\SKYNETiqaaqbdw.dat
c:\windows\system32\SKYNETtyqxhkdk.dll
c:\windows\system32\SKYNETubqpvllt.dll
c:\windows\system32\SKYNETupxejjix.dll
c:\windows\system32\SKYNETutrkrgkq.dat
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\wisdstr.exe
c:\windows\system32\wispex.html
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Temp\~3A.dll
c:\windows\wpd99.drv
D:\Autorun.inf
c:\windows\system32\drivers\beep.sys . . . is infected!!
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNEThorvdbqq
-------\Legacy_SKYNEThorvdbqq
-------\Legacy_ANTIPPRO2009_100
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_AntipPro2009_100
((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.
2009-09-14 23:29 . 2009-09-14 23:29 -------- d-----w- c:\program files\Trend Micro
2009-09-11 16:07 . 2009-09-11 16:07 2198 ----a-w- C:\wus.bat
2009-09-11 04:15 . 2009-09-11 04:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-09 22:40 . 2009-09-09 22:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-09 02:05 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 02:05 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 01:43 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-09 01:43 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-09 01:43 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-09 01:42 . 2009-09-09 01:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-09 01:42 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-09 01:42 . 2009-09-09 01:45 -------- d-----w- c:\program files\Spyware Doctor
2009-09-09 01:42 . 2009-09-09 01:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PC Tools
2009-09-09 01:42 . 2009-09-09 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-09 00:02 . 2009-09-14 23:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 23:47 . 2009-09-08 23:47 -------- d-----w- c:\program files\Windows Defender
2009-09-08 22:09 . 2009-09-08 22:09 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 00:27 . 2007-06-23 19:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-16 00:10 . 2008-04-18 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-15 23:18 . 2007-11-30 23:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-09-15 02:39 . 2009-07-20 03:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2009-09-14 22:43 . 2006-09-21 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 04:14 . 2006-05-07 03:02 -------- d-----w- c:\program files\Java
2009-09-10 22:30 . 2008-08-24 15:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 23:00 . 2009-04-20 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 02:00 . 2007-06-19 01:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2009-09-09 01:59 . 2009-07-27 02:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Spotify
2009-08-27 03:27 . 2007-09-24 02:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-08-23 04:19 . 2006-05-07 03:33 71664 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 17:02 . 2008-07-17 23:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2009-08-16 16:19 . 2007-12-28 17:38 -------- d-----w- c:\program files\Last.fm
2009-08-16 03:32 . 2007-09-24 02:59 -------- d-----w- c:\program files\LimeWire
2009-08-15 19:53 . 2009-07-21 02:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-15 19:53 . 2009-07-21 02:59 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 19:53 . 2009-07-21 02:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 10:58 . 2009-09-09 01:43 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-14 01:55 . 2008-02-08 04:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Digsby
2009-08-14 01:55 . 2008-02-08 04:07 -------- d-----w- c:\program files\Digsby
2009-08-10 02:02 . 2007-08-29 18:23 -------- d-----w- c:\program files\IZArc
2009-08-09 23:03 . 2009-08-09 23:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\tor
2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-27 02:01 . 2009-07-27 02:01 -------- d-----w- c:\program files\Spotify
2009-07-26 18:54 . 2006-05-07 03:49 -------- d-----w- c:\program files\Quicken
2009-07-21 03:02 . 2008-11-27 02:00 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-21 03:02 . 2007-01-29 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-21 03:02 . 2007-01-29 04:25 -------- d-----w- c:\program files\McAfee
2009-07-21 02:59 . 2009-07-21 02:59 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-21 02:58 . 2009-07-21 02:58 -------- d-----w- c:\program files\AVG
2009-07-21 02:58 . 2009-07-21 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-21 02:44 . 2009-07-21 02:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG8
2009-07-17 19:01 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-10 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-10 04:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-10 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-22 10:45 . 2009-06-22 10:45 93 ----a-w- c:\windows\system32\SKYNET.dat
2008-05-07 22:20 . 2007-07-25 13:31 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-19 23:14 . 2009-04-19 23:14 2 --shatr- c:\windows\winstart.bat
2007-08-29 04:01 . 2007-08-23 20:18 304672 --sha-w- c:\windows\system32\drivers\fidbox.dat
2007-08-29 03:51 . 2007-08-23 20:18 16416 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-06-20 00:51 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-06-20 00:51 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-06-20 00:51 143360 ----a-w- c:\program files\Dropbox\DropboxExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-07 29744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-15 2007832]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-11 149280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Desktop.lnk - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-7-25 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 19:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"18282:TCP"= 18282:TCP:BitComet 18282 TCP
"18282:UDP"= 18282:UDP:BitComet 18282 UDP
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/8/2009 9:43 PM 206256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/20/2009 10:59 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/20/2009 10:59 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/20/2009 10:58 PM 297752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/23/2008 12:11 PM 210216]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/25/2007 9:25 AM 29744]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/8/2009 9:42 PM 348752]
.
Contents of the 'Scheduled Tasks' folder
2009-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 15:27]
2009-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2797609097-3116072469-3799256-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:42]
2009-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2797609097-3116072469-3799256-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\j5metiej.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: XUL Cache: {563A0E1E-CAC5-4A69-AE67-85CBE4171CB9} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{563A0E1E-CAC5-4A69-AE67-85CBE4171CB9}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Mozilla Firefox (2.0.0.11) - n:\portableapps\FirefoxPortable\App\firefox\uninstall\helper.exe
AddRemove-Win Police Pro - c:\program files\Windows Police Pro\AntiSpyware_Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 20:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2797609097-3116072469-3799256-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,b6,bd,0c,cc,8c,9c,b5,8d,08,01,51,39,dc,c3,85,7d,45,a3,91,75,25,04,
c1,62,bb,a1,24,af,c3,03,29,a5,f1,f4,40,c7,08,60,8f,df,30,a4,0b,a8,da,d1,7f,\
"??"=hex:9a,79,d7,be,31,d1,b7,a8,1d,55,98,fc,76,89,7c,09
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(432)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Dropbox\DropboxExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-16 20:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-16 00:41
Pre-Run: 83,855,425,536 bytes free
Post-Run: 84,788,658,176 bytes free
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
385 --- E O F --- 2009-09-16 00:36
Do I still need to run DDS?? Thanks for your help.
#5
Posted 16 September 2009 - 11:59 AM
-
- Experts
-
- 4,051 posts
Forum Deity
- Gender:Male
- Location:Florida
I never asked you to run Combofix.
If you are not going to follow instructions then I am not going to continue to help.
Because I would be wasting my time.
I still need to see the previous logs I asked for.
If you are not going to follow instructions then I am not going to continue to help.
Because I would be wasting my time.
I still need to see the previous logs I asked for.
If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.
My help is always free, however, if you would like to make a donation to me for the help I have provided please click here
My help is always free, however, if you would like to make a donation to me for the help I have provided please click here
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
