Antivir Pro nightmare

View previous topic View next topic Go down

Antivir Pro nightmare

Post by stratman on 6th August 2010, 6:51 pm

I have become infected with the antivir pro nightmare and can't get rid of it. I have managed to stop it using task manager and ending process long enough to look at the registry to try and delete the associated file but I have searched for al the files listed on various help sites and I cannot locvate the files in my registry. I have also klost internet connection so can't even download anything to the infected PC. i AM DOING THIS FROM A LAPTOP NOT CONNECTED TO THE INFECTED PC. I also can't downmload the diagnostic programme you recommend because of the lack of internet connection. Pleas ehelp I am desperate to solve this horrendous nightmare. Thanks in advance. Stratman

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by Sneakyone on 6th August 2010, 7:21 pm

Hi, Welcome to GeekPolice.net!

Could you please go into Safe Mode with Networking and run this:

To get into Safe Mode with Networking please restart your computer and rapidly tap F8 until it asks what mode you want to boot into, please choose Safe Mode with Networking, then download and run the following:

(If you cannot download in Safe Mode, please try transferring it over to in the infected machine with a USB Drive.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 6th August 2010, 7:51 pm

OK I have transferred Combofix via a usb drive to infected PC as I cannot get an internet connection on it since the infection. I disabled AVG in the tray but when I tried to run combi.exe it said it was still running which it wasn't. I tried typing in the % etc in the run command box bt it didn't like that either so I just ran the exe file. When done I will transfer to my laptop and post to you. Cheers for your assistance, it is much appreciated.

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 6th August 2010, 8:26 pm

Combofix log as requested.

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 6th August 2010, 8:35 pm

I know appear to have internet connection after running combofix.

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by Sneakyone on 6th August 2010, 9:30 pm

Hi.

Did you post the ComboFix log? I don't see it.

Try copy and pasting it in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 7th August 2010, 2:17 am

I know have internet connection and ran combofix again. I disabled AVG in my start up but combofix still flashed up errors saying it was still running. It then tried to download some microsoft file but then saidit couldn't so carried on and ran combofix anyway. This file is from the second time of running combofix. Thanks for your help.

ComboFix 10-08-06.01 - Alan 07/08/2010 2:51.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.766.442 [GMT 1:00]
Running from: c:\documents and settings\Alan\Desktop\commy.exe.exe
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.

2010-07-24 19:18 . 2010-07-24 19:18 -------- d-----w- c:\program files\iPod
2010-07-24 19:18 . 2010-07-24 19:19 -------- d-----w- c:\program files\iTunes
2010-07-14 08:55 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 21:24 . 2008-11-04 20:33 -------- d-----w- c:\documents and settings\Alan\Application Data\BitTorrent
2010-07-26 19:56 . 2008-09-10 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-07-26 19:55 . 2010-01-25 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-26 19:54 . 2008-06-06 19:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-26 06:46 . 2010-02-17 16:30 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-26 06:46 . 2010-02-17 16:27 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-24 19:24 . 2009-02-26 22:04 -------- d-----w- c:\documents and settings\Alan\Application Data\Spotify
2010-07-24 19:18 . 2008-06-18 20:07 -------- d-----w- c:\program files\Common Files\Apple
2010-07-24 19:13 . 2010-07-24 19:13 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-18 08:55 . 2008-07-17 15:19 -------- d-----w- c:\program files\Safari
2010-07-18 08:53 . 2010-07-18 08:53 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-07-14 17:25 . 2010-01-30 17:56 1 ----a-w- c:\documents and settings\Alan\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-03 18:37 . 2009-08-22 16:39 -------- d-----w- c:\documents and settings\Alan\Application Data\Skype
2010-07-03 16:33 . 2010-03-23 16:33 -------- d-----w- c:\program files\HyperCam Toolbar
2010-07-03 16:33 . 2008-12-23 18:32 -------- d-----w- c:\program files\IsoBuster
2010-06-30 15:05 . 2009-08-22 16:42 -------- d-----w- c:\documents and settings\Alan\Application Data\skypePM
2010-06-22 19:33 . 2010-06-22 19:33 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1FF.tmp.exe
2010-06-21 21:30 . 2010-06-21 21:30 -------- d-----w- c:\program files\Bonjour
2010-06-14 14:31 . 2008-06-06 18:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 07:57 . 2009-02-23 16:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-25 19:27 . 2010-05-25 19:27 348160 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-11fcdffb-n\msvcr71.dll
2010-05-25 19:27 . 2010-05-25 19:27 503808 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-11fcdffb-n\msvcp71.dll
2010-05-25 19:27 . 2010-05-25 19:27 499712 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-11fcdffb-n\jmc.dll
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 16:07 . 2010-05-12 16:07 655360 ----a-w- c:\documents and settings\Alan\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-12 16:07 . 2010-05-12 16:07 282624 ----a-w- c:\documents and settings\Alan\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-12 16:07 . 2010-05-12 16:07 208896 ----a-w- c:\documents and settings\Alan\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2008-12-23 23:30 . 2008-12-23 23:30 604 ---ha-w- c:\program files\STLL Notifier
2009-12-08 19:22 . 2009-12-08 19:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2010-05-16 18:24 2515552 ----a-w- c:\program files\IsoBuster\tbIso0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2010-05-30 20:11 2515552 ----a-w- c:\program files\ooVoo_Chat\tbooV0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso0.dll" [2010-05-16 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Chat\tbooV0.dll" [2010-05-30 2515552]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIso0.dll" [2010-05-16 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}"= "c:\program files\ooVoo_Chat\tbooV0.dll" [2010-05-30 2515552]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-21 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-06-19 195072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-07 09:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARaid.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk
backup=c:\windows\pss\SATARaid.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 14:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2010-07-09 07:09 2048352 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2009-12-28 18:21 1758536 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-08 19:22 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-21 07:22 133104 ----atw- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-23 00:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 15:18 241664 ----a-w- c:\program files\Hp\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-12-05 15:41 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-04 14:21 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2004-05-05 05:17 491520 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2004-04-01 10:33 49152 ----a-w- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-04-30 14:39 5472016 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 10:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-30 17:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-26 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-23 21:55 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [18/04/2009 09:32 12552]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [11/06/2008 19:53 89610]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/04/2009 09:32 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/04/2009 09:32 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18/04/2009 09:32 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [24/04/2009 09:16 1370488]
R2 CollinsPrimary;Collins Primary;j:\deb\School\Documents\literacy stuff\collins y3\Collins Primary\Apache\bin\Apache.exe [04/10/2007 13:57 20541]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [18/04/2009 09:31 29208]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [17/12/2008 18:08 33792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 09:27 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [18/04/2009 09:31 29208]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/06/2008 13:39 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 08:27]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 08:27]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-2025429265-682003330-1003Core.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 07:22]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-2025429265-682003330-1003UA.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 07:22]

2010-08-06 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 10:33]

2010-08-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]

2010-08-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\0wie39ak.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-07 03:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE0F1352-1B8D-85F8-44A1-C7E97D500A60}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"gajjfpngekjokj"=hex:61,63,65,70,62,64,65,67,61,6f,68,6a,6b,6b,61,66,63,63,65,
6e,62,69,67,6c,70,6c,62,6d,6c,61,6e,6e,6a,6e,62,65,67,70,6f,6d,65,67,6b,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1448)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-07 03:09:57
ComboFix-quarantined-files.txt 2010-08-07 02:09
ComboFix2.txt 2010-08-06 20:23

Pre-Run: 33,372,360,704 bytes free
Post-Run: 33,389,355,008 bytes free

- - End Of File - - 0D3BFB68EAB1CB3E7A925F4A157B8ECE

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by Sneakyone on 7th August 2010, 3:40 am

Hi.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:


    KillAll::

    File::
    c:\windows\system32\drivers\lvuvc.hs
    c:\windows\system32\drivers\logiflt.iad

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:6522

    ReglockDel::
    [HKEY_USERS\S-1-5-21-1960408961-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE0F1352-1B8D-85F8-44A1-C7E97D500A60}*]
    "gajjfpngekjokj"=-

    Reboot::



  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 7th August 2010, 8:09 am

Okay I did all that. When it got to the bit about not having the microsoft recovery console installed and attempted to download it I got the following error:

"failed to download required files. Aborting... shall continue scanning for malware"

Also the log I posted last time was the first log not the second one as I stated previously. I forgot that it saved the log in c:\ and took the one from my desktop.

________________________________________________________

ComboFix 10-08-06.01 - Alan 07/08/2010 8:36.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.766.356 [GMT 1:00]
Running from: c:\documents and settings\Alan\Desktop\commy.exe.exe
Command switches used :: c:\documents and settings\Alan\Desktop\cfscript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\logiflt.iad"
"c:\windows\system32\drivers\lvuvc.hs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.

2010-07-24 19:18 . 2010-07-24 19:18 -------- d-----w- c:\program files\iPod
2010-07-24 19:18 . 2010-07-24 19:19 -------- d-----w- c:\program files\iTunes
2010-07-14 08:55 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 02:32 . 2008-10-14 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 21:24 . 2008-11-04 20:33 -------- d-----w- c:\documents and settings\Alan\Application Data\BitTorrent
2010-07-26 19:56 . 2008-09-10 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-07-26 19:55 . 2010-01-25 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-26 19:54 . 2008-06-06 19:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 19:24 . 2009-02-26 22:04 -------- d-----w- c:\documents and settings\Alan\Application Data\Spotify
2010-07-24 19:18 . 2008-06-18 20:07 -------- d-----w- c:\program files\Common Files\Apple
2010-07-18 08:55 . 2008-07-17 15:19 -------- d-----w- c:\program files\Safari
2010-07-03 18:37 . 2009-08-22 16:39 -------- d-----w- c:\documents and settings\Alan\Application Data\Skype
2010-07-03 16:33 . 2010-03-23 16:33 -------- d-----w- c:\program files\HyperCam Toolbar
2010-07-03 16:33 . 2008-12-23 18:32 -------- d-----w- c:\program files\IsoBuster
2010-06-30 15:05 . 2009-08-22 16:42 -------- d-----w- c:\documents and settings\Alan\Application Data\skypePM
2010-06-21 21:30 . 2010-06-21 21:30 -------- d-----w- c:\program files\Bonjour
2010-06-14 14:31 . 2008-06-06 18:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 07:57 . 2009-02-23 16:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-12-23 23:30 . 2008-12-23 23:30 604 ---ha-w- c:\program files\STLL Notifier
2009-12-08 19:22 . 2009-12-08 19:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2010-05-16 18:24 2515552 ----a-w- c:\program files\IsoBuster\tbIso0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2010-05-30 20:11 2515552 ----a-w- c:\program files\ooVoo_Chat\tbooV0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso0.dll" [2010-05-16 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Chat\tbooV0.dll" [2010-05-30 2515552]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIso0.dll" [2010-05-16 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}"= "c:\program files\ooVoo_Chat\tbooV0.dll" [2010-05-30 2515552]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-06-19 195072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-07 09:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARaid.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk
backup=c:\windows\pss\SATARaid.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 14:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2010-07-09 07:09 2048352 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2009-12-28 18:21 1758536 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-08 19:22 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-21 07:22 133104 ----atw- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-23 00:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 15:18 241664 ----a-w- c:\program files\Hp\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-12-05 15:41 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-04 14:21 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2004-05-05 05:17 491520 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2004-04-01 10:33 49152 ----a-w- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-04-30 14:39 5472016 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 10:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-30 17:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-26 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-23 21:55 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [18/04/2009 09:32 12552]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [11/06/2008 19:53 89610]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/04/2009 09:32 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/04/2009 09:32 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18/04/2009 09:32 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [24/04/2009 09:16 1370488]
R2 CollinsPrimary;Collins Primary;j:\deb\School\Documents\literacy stuff\collins y3\Collins Primary\Apache\bin\Apache.exe [04/10/2007 13:57 20541]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [18/04/2009 09:31 29208]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [17/12/2008 18:08 33792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 09:27 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [18/04/2009 09:31 29208]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/06/2008 13:39 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 08:27]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 08:27]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-2025429265-682003330-1003Core.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 07:22]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-2025429265-682003330-1003UA.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 07:22]

2010-08-07 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 10:33]

2010-08-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]

2010-08-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\0wie39ak.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

AddRemove-Steinberg Cubase SX v3.1.1.944 - c:\progra~1\STEINB~1\CUBASE~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-07 08:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE0F1352-1B8D-85F8-44A1-C7E97D500A60}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"gajjfpngekjokj"=hex:61,63,65,70,62,64,65,67,61,6f,68,6a,6b,6b,61,66,63,63,65,
6e,62,69,67,6c,70,6c,62,6d,6c,61,6e,6e,6a,6e,62,65,67,70,6f,6d,65,67,6b,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4632)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\AVG\AVG8\avgscanx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-08-07 09:03:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-07 08:03
ComboFix2.txt 2010-08-06 20:23

Pre-Run: 33,224,884,224 bytes free
Post-Run: 33,221,607,424 bytes free

- - End Of File - - DCE8FA62734B690DB5D90DF1A1A7D28D

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by Sneakyone on 7th August 2010, 2:02 pm

Hi.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:


    KillAll::

    ReglockDel::
    [HKEY_USERS\S-1-5-21-1960408961-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE0F1352-1B8D-85F8-44A1-C7E97D500A60}*]
    "gajjfpngekjokj"=hex:61,63,65,70,62,64,65,67,61,6f,68,6a,6b,6b,61,66,63,63,65,
    6e,62,69,67,6c,70,6c,62,6d,6c,61,6e,6e,6a,6e,62,65,67,70,6f,6d,65,67,6b,68,\

    Reboot::



  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 7th August 2010, 4:50 pm

ComboFix 10-08-06.01 - Alan 07/08/2010 15:58:20.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.766.448 [GMT 1:00]
Running from: c:\documents and settings\Alan\Desktop\commy.exe.exe
Command switches used :: c:\documents and settings\Alan\Desktop\cfscript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.

2010-07-24 19:18 . 2010-07-24 19:18 -------- d-----w- c:\program files\iPod
2010-07-24 19:18 . 2010-07-24 19:19 -------- d-----w- c:\program files\iTunes
2010-07-14 08:55 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 02:32 . 2008-10-14 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 21:24 . 2008-11-04 20:33 -------- d-----w- c:\documents and settings\Alan\Application Data\BitTorrent
2010-07-26 19:56 . 2008-09-10 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-07-26 19:55 . 2010-01-25 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-26 19:54 . 2008-06-06 19:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 19:24 . 2009-02-26 22:04 -------- d-----w- c:\documents and settings\Alan\Application Data\Spotify
2010-07-24 19:18 . 2008-06-18 20:07 -------- d-----w- c:\program files\Common Files\Apple
2010-07-24 19:13 . 2010-07-24 19:13 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-18 08:55 . 2008-07-17 15:19 -------- d-----w- c:\program files\Safari
2010-07-18 08:53 . 2010-07-18 08:53 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-07-14 17:25 . 2010-01-30 17:56 1 ----a-w- c:\documents and settings\Alan\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-03 18:37 . 2009-08-22 16:39 -------- d-----w- c:\documents and settings\Alan\Application Data\Skype
2010-07-03 16:33 . 2010-03-23 16:33 -------- d-----w- c:\program files\HyperCam Toolbar
2010-07-03 16:33 . 2008-12-23 18:32 -------- d-----w- c:\program files\IsoBuster
2010-06-30 15:05 . 2009-08-22 16:42 -------- d-----w- c:\documents and settings\Alan\Application Data\skypePM
2010-06-22 19:33 . 2010-06-22 19:33 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1FF.tmp.exe
2010-06-21 21:30 . 2010-06-21 21:30 -------- d-----w- c:\program files\Bonjour
2010-06-14 14:31 . 2008-06-06 18:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-25 19:27 . 2010-05-25 19:27 348160 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-11fcdffb-n\msvcr71.dll
2010-05-25 19:27 . 2010-05-25 19:27 503808 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-11fcdffb-n\msvcp71.dll
2010-05-25 19:27 . 2010-05-25 19:27 499712 ----a-w- c:\documents and settings\Alan\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-11fcdffb-n\jmc.dll
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 16:07 . 2010-05-12 16:07 655360 ----a-w- c:\documents and settings\Alan\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-12 16:07 . 2010-05-12 16:07 282624 ----a-w- c:\documents and settings\Alan\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-12 16:07 . 2010-05-12 16:07 208896 ----a-w- c:\documents and settings\Alan\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2008-12-23 23:30 . 2008-12-23 23:30 604 ---ha-w- c:\program files\STLL Notifier
2009-12-08 19:22 . 2009-12-08 19:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2010-05-16 18:24 2515552 ----a-w- c:\program files\IsoBuster\tbIso0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2010-05-30 20:11 2515552 ----a-w- c:\program files\ooVoo_Chat\tbooV0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso0.dll" [2010-05-16 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Chat\tbooV0.dll" [2010-05-30 2515552]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIso0.dll" [2010-05-16 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}"= "c:\program files\ooVoo_Chat\tbooV0.dll" [2010-05-30 2515552]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-06-19 195072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-07 09:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARaid.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk
backup=c:\windows\pss\SATARaid.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 14:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2010-07-09 07:09 2048352 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2009-12-28 18:21 1758536 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-08 19:22 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-21 07:22 133104 ----atw- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-23 00:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 15:18 241664 ----a-w- c:\program files\Hp\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-12-05 15:41 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-04 14:21 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2004-05-05 05:17 491520 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2004-04-01 10:33 49152 ----a-w- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-04-30 14:39 5472016 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 10:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-30 17:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-26 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-23 21:55 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [18/04/2009 09:32 12552]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [11/06/2008 19:53 89610]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/04/2009 09:32 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/04/2009 09:32 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18/04/2009 09:32 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [24/04/2009 09:16 1370488]
R2 CollinsPrimary;Collins Primary;j:\deb\School\Documents\literacy stuff\collins y3\Collins Primary\Apache\bin\Apache.exe [04/10/2007 13:57 20541]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [18/04/2009 09:31 29208]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [17/12/2008 18:08 33792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 09:27 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [18/04/2009 09:31 29208]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/06/2008 13:39 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 08:27]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 08:27]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-2025429265-682003330-1003Core.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 07:22]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-2025429265-682003330-1003UA.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 07:22]

2010-08-07 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 10:33]

2010-08-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]

2010-08-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\0wie39ak.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-07 16:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE0F1352-1B8D-85F8-44A1-C7E97D500A60}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"gajjfpngekjokj"=hex:61,63,65,70,62,64,65,67,61,6f,68,6a,6b,6b,61,66,63,63,65,
6e,62,69,67,6c,70,6c,62,6d,6c,61,6e,6e,6a,6e,62,65,67,70,6f,6d,65,67,6b,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5220)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2010-08-07 16:41:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-07 15:41
ComboFix2.txt 2010-08-07 08:03
ComboFix3.txt 2010-08-06 20:23

Pre-Run: 32,920,346,624 bytes free
Post-Run: 32,916,832,256 bytes free

- - End Of File - - 8C10E63169C2DB7F37DA6FFBEFE51E39

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by Sneakyone on 8th August 2010, 2:59 am

Hi.

Please wait a second, I need to ask my colleagues about this.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 8th August 2010, 8:45 am

I don't know if this is related to a virus but my hard disk is continually grinding away even when I am not using the PC. Also it takes forever to boot up in the first place and to settle to enable me to open a program. I have AVG as an antivirus firewall which seems to use a lot of memory (98,232 K) is this the problem? Should I not use AVG? I probably need to disable it and see if it boots up quicker. I realise this is another issue to the Anti Vir Pro that you are dealing with and I don't want to take advantage of your time.

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by Sneakyone on 8th August 2010, 7:36 pm

Hi.

I will provide some recommendations for Antiviruses at the end, it shouldn't be causing your hard drive to grind while it is off though, that is probably the malware.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:


    KillAll::

    RegNULL::
    [HKEY_USERS\S-1-5-21-1960408961-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE0F1352-1B8D-85F8-44A1-C7E97D500A60}*]
    "gajjfpngekjokj"=hex:61,63,65,70,62,64,65,67,61,6f,68,6a,6b,6b,61,66,63,63,65,
    6e,62,69,67,6c,70,6c,62,6d,6c,61,6e,6e,6a,6e,62,65,67,70,6f,6d,65,67,6b,68,\

    Reboot::

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 9th August 2010, 6:47 pm

ComboFix 10-08-06.01 - Alan 09/08/2010 18:47:27.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.766.415 [GMT 1:00]
Running from: c:\documents and settings\Alan\Desktop\commy.exe.exe
Command switches used :: c:\documents and settings\Alan\Desktop\cfscript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-07-24 19:18 . 2010-07-24 19:18 -------- d-----w- c:\program files\iPod
2010-07-24 19:18 . 2010-07-24 19:19 -------- d-----w- c:\program files\iTunes
2010-07-14 08:55 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 19:39 . 2008-07-17 15:19 -------- d-----w- c:\program files\Safari
2010-08-07 02:32 . 2008-10-14 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 21:24 . 2008-11-04 20:33 -------- d-----w- c:\documents and settings\Alan\Application Data\BitTorrent
2010-07-26 19:56 . 2008-09-10 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-07-26 19:55 . 2010-01-25 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-26 19:54 . 2008-06-06 19:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 19:24 . 2009-02-26 22:04 -------- d-----w- c:\documents and settings\Alan\Application Data\Spotify
2010-07-24 19:18 . 2008-06-18 20:07 -------- d-----w- c:\program files\Common Files\Apple
2010-07-03 18:37 . 2009-08-22 16:39 -------- d-----w- c:\documents and settings\Alan\Application Data\Skype
2010-07-03 16:33 . 2010-03-23 16:33 -------- d-----w- c:\program files\HyperCam Toolbar
2010-07-03 16:33 . 2008-12-23 18:32 -------- d-----w- c:\program files\IsoBuster
2010-06-30 15:05 . 2009-08-22 16:42 -------- d-----w- c:\documents and settings\Alan\Application Data\skypePM
2010-06-21 21:30 . 2010-06-21 21:30 -------- d-----w- c:\program files\Bonjour
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-12-23 23:30 . 2008-12-23 23:30 604 ---ha-w- c:\program files\STLL Notifier
2009-12-08 19:22 . 2009-12-08 19:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2010-05-16 18:24 2515552 ----a-w- c:\program files\IsoBuster\tbIso0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2010-05-30 20:11 2515552 ----a-w- c:\program files\ooVoo_Chat\tbooV0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso0.dll" [2010-05-16 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Chat\tbooV0.dll" [2010-05-30 2515552]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIso0.dll" [2010-05-16 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}"= "c:\program files\ooVoo_Chat\tbooV0.dll" [2010-05-30 2515552]

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-06-19 195072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-07 09:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0 HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARaid.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk
backup=c:\windows\pss\SATARaid.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 14:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2010-07-09 07:09 2048352 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BSDAppUpdater]
2009-12-28 18:21 1758536 ----a-w- c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-08 19:22 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-21 07:22 133104 ----atw- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-23 00:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 15:18 241664 ----a-w- c:\program files\Hp\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-12-05 15:41 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-04 14:21 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2004-05-05 05:17 491520 ----a-w- c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2004-04-01 10:33 49152 ----a-w- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-04-30 14:39 5472016 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-05-08 10:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-30 17:50 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-26 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-23 21:55 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [18/04/2009 09:32 12552]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [11/06/2008 19:53 89610]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/04/2009 09:32 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/04/2009 09:32 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18/04/2009 09:32 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [24/04/2009 09:16 1370488]
R2 CollinsPrimary;Collins Primary;j:\deb\School\Documents\literacy stuff\collins y3\Collins Primary\Apache\bin\Apache.exe [04/10/2007 13:57 20541]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [18/04/2009 09:31 29208]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [17/12/2008 18:08 33792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 09:27 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [18/04/2009 09:31 29208]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15/06/2008 13:39 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 08:27]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 08:27]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-2025429265-682003330-1003Core.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 07:22]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-2025429265-682003330-1003UA.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 07:22]

2010-08-09 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 10:33]

2010-08-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]

2010-08-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\0wie39ak.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-09 19:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4676)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2010-08-09 19:15:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-09 18:15
ComboFix2.txt 2010-08-07 15:41
ComboFix3.txt 2010-08-07 08:03
ComboFix4.txt 2010-08-06 20:23

Pre-Run: 32,233,922,560 bytes free
Post-Run: 32,308,867,072 bytes free

- - End Of File - - 6C4DD56091987218C44384CDC8E3ADA2

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by Sneakyone on 9th August 2010, 9:32 pm

Hi.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 10th August 2010, 3:23 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4412

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/08/2010 16:22:53
mbam-log-2010-08-10 (16-22-53).txt

Scan type: Quick scan
Objects scanned: 163884
Time elapsed: 16 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by Sneakyone on 10th August 2010, 8:37 pm

Hi.

Please run [You must be registered and logged in to see this link.] online scan.

  • Click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 10th August 2010, 9:00 pm

I keep getting "sorry updating is incomplete due to an error" when it tries to install activescan 2.0 update and it won't go any further.

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 10th August 2010, 9:11 pm

sorry, it is doing it now.

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 10th August 2010, 9:29 pm

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-08-10 22:28:05
PROTECTIONS: 1
MALWARE: 36
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus plus Firewall 8.5 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@tribalfusion[2].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@ccbill[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@ccbill[2].txt
00162900 Cookie/MediaTickets TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@kinghost[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@xiti[1].txt
00167706 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@counter3.sextracker[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@statcounter[1].txt
00167759 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@counter9.sextracker[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@counter.hitslink[1].txt
00167761 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@counter8.sextracker[1].txt
00167764 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@counter7.sextracker[1].txt
00167765 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@hg1.hitbox[2].txt
00167770 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@counter15.sextracker[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@ad.yieldmanager[2].txt
00168058 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@counter4.sextracker[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@bs.serving-sys[1].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@888[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@[You must be registered and logged in to see this link.]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@server.iad.liveperson[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@media.adrevolver[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@ads.pointroll[2].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@int.sitestat[2].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@int.sitestat[3].txt
00180154 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@counter16.sextracker[2].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@phg.hitbox[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@adultfriendfinder[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@adultfriendfinder[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@adultfriendfinder[3].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@go[3].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@go[1].txt
00206953 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@counter14.sextracker[1].txt
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@www2.addfreestats[1].txt
00251542 Cookie/Sextracker TrackingCookie No 0 Yes No c:\documents and settings\alan\cookies\alan@counter5.sextracker[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by Sneakyone on 10th August 2010, 10:17 pm

Hi, how is your computer running now?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by stratman on 11th August 2010, 4:36 pm

Well the viruses and malware seem to have gone but it is still running like a donkey. It sounds to me as if the hard disk is continually being paged. I have removed most of the unwanted programs from start up to try and free up memory and I have 30Gb free on a 120Gb hard drive. Everything seems to take ages to load.

stratman
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-08-06
OS OS : xp
Points Points : 23476
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir Pro nightmare

Post by Sneakyone on 11th August 2010, 8:55 pm

Hi.

One more check

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum