Winpc Antivirus

View previous topic View next topic Go down

Winpc Antivirus

Post by neilman89 on Wed May 27, 2009 9:58 am

I'm sturggling to get rid of this virus, it's driving me crazy. Yesterday I followed instructions and used ComboFix and it seemed to do the job, but today it is live on my system again. I used combofix today and it hasn't removed it, here is the log Combofix gave me. Please help me get rid of this Sad tearing

ComboFix 09-05-26.02 - User 27/05/2009 10:42.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.201 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-26 09:40 . 2009-05-26 09:40 177 ----a-w c:\documents and settings\User\Application Data\asd.bat
2009-05-26 08:58 . 2009-05-26 08:58 1097728 ----a-w c:\documents and settings\User\Application Data\winav.exe
2009-05-25 18:34 . 2009-05-25 18:34 -------- d-----w c:\program files\System Search Dispatcher
2009-05-25 18:34 . 2009-05-13 06:39 2979493 -c--a-w c:\documents and settings\All Users\Application Data\{58F311C4-1C02-4CE2-9461-983B1A71BBB6}\Setup.exe
2009-05-25 18:32 . 2009-05-25 18:32 -------- d-----w c:\documents and settings\User\Local Settings\Application Data\DoubleD
2009-05-21 12:39 . 2009-05-27 09:30 -------- d-----w C:\Poker
2009-05-19 10:13 . 2009-05-15 09:00 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 10:13 . 2009-05-15 09:00 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 10:13 . 2009-05-15 09:00 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 10:13 . 2009-05-15 08:59 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 10:13 . 2009-05-15 08:59 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 10:13 . 2009-05-15 08:59 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 10:13 . 2009-05-15 09:00 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 10:12 . 2009-05-15 08:58 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-19 10:12 . 2009-05-15 08:58 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 09:32 . 2007-07-09 17:28 -------- d-----w c:\program files\Bit Che
2009-05-27 09:30 . 2009-05-27 09:30 -------- d-----w c:\documents and settings\User\Application Data\Malwarebytes
2009-05-27 09:18 . 2007-06-23 19:48 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-27 09:17 . 2007-06-27 22:38 -------- d-----w c:\program files\MSN Messenger
2009-05-25 18:34 . 2009-05-25 18:33 -------- dc-h--w c:\documents and settings\All Users\Application Data\{58F311C4-1C02-4CE2-9461-983B1A71BBB6}
2009-03-06 15:43 . 2009-03-06 15:43 79144 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe
2009-03-06 14:22 . 2002-09-03 16:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2002-09-03 17:12 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SmileyApp"="c:\program files\DoubleD\GamingHarbor Toolbar\3.10.3.13450\stbapp.exe" [2009-05-13 598296]
"AVScan"="c:\documents and settings\User\Application Data\winav.exe" [2009-05-26 1097728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-15 1947928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-16 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0a\aoltray.exe [2008-7-12 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-15 09:00 11952 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/06/2008 10:58 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/06/2008 10:58 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [14/07/2008 10:49 AM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [14/07/2008 10:49 AM 298776]
S3 glausb;GlobeSpan USB ADSL LAN Modem;c:\windows\system32\drivers\glausb.sys [22/06/2007 10:26 PM 267672]
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]

2009-05-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-23 21:36]

2009-05-23 c:\windows\Tasks\Norton Security Scan for User.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 20:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\tk7tzm3j.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\DoubleD\GamingHarbor Toolbar\3.10.3.13450\FFToolbar\components\SmileyCore.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-27 10:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-573735546-682003330-1004\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:0c,42,46,f6,23,bc,3e,2d,7a,2e,97,ca,8b,29,77,15,40,84,c8,7a,
1b,e0,bf,94,1f,90,16,e0,3a,99,33,1e,b4,68,30,89,52,49,58,50,88,88,82,88,9d,\
.
Completion time: 2009-05-27 10:48
ComboFix-quarantined-files.txt 2009-05-27 09:47
ComboFix2.txt 2009-05-27 09:29
ComboFix3.txt 2009-05-26 12:46

Pre-Run: 39,442,612,224 bytes free
Post-Run: 39,544,872,960 bytes free

149 --- E O F --- 2009-05-13 23:38

neilman89
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-05-27
OS OS : XP
Points Points : 27493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Winpc Antivirus

Post by Origin on Thu May 28, 2009 12:57 am

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31473
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum