Internet & Other Viruses

Compaq PRESARIO
January 18, 2009 at 18:08:57
Specs: Windows XP, 512
Well, my computer has been acting odd, and now its starting to go completely to heck. I suppose the first problem is that after awhile of use the computer comes up with an error message saying that Generic Host Process for Win32 Services has encountered a problem and needs to close. This makes my entire computer shut down and restart. It was annoying, but i scanned and found nothing. Now recently things got much worse. Now, my backround got changed to a warning message saying that my computer is infected and I should run a virus scan, also when I try to open internet explorer or firefox or anything that requires the internet, it is unable to display the page or connect to the internet server. I believe the last problem is that whenever I try running a scan on AVG Free Antivirus, the program "encounters a problem and needs to close" This only interrupts the scan and the program refreshes, so I can't complete a scan. In order to try and fix these problems, I have run scans over the past few days, running in safemode. I have scanned with AVG Free Antivirus and Malwarebytes Anti-malware, catching quite a few viruses, all trojans I believe. But my computer is still not functioning properly. I am unable to connect to the internet, so I am using another computer. I will be able to post HijackThis and other reports if needed through use of this computer. Thank You very much in advance.

See More: Internet & Other Viruses

Report •


#1
January 18, 2009 at 18:22:35
This might help you get on the internet temporarily:

Click on Start, click Run, and then type devmgmt.msc and click OK
On the View menu click on Show hidden devices
Browse to Non-Plug and Play Drivers and click the + sign to the left, you should see something like TDSSserv.sys in that list.
Highlight that driver and right click on it and select DISABLE - NOT uninstall.
Now RESTART your computer.

Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#2
January 18, 2009 at 19:04:01
Hi, first off I'd just like to say how amazing it is that you are able to respond so quickly, and I appreciate it greatly. I encountered a problem: When opening the device manager and showing the hidden devices, I was unable to locate TDSSserv.sys in the list of Non-Plug and Play Drivers. But I did download HijackThis onto this computer, transfered it to the other and created a log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:43 PM, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Documents and Settings\valentin\Desktop\tools.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {980E3697-F50C-45ED-8D75-7046CFC38BBC} - C:\WINDOWS\system32\ddccDvUN.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E52B4C4F-95A2-4631-8C13-51AA460086D9} - C:\WINDOWS\system32\geBsstSj.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Plokobabuyutom] rundll32.exe "C:\WINDOWS\Jvecutero.dll",e
O4 - HKLM\..\Run: [Ujocebezudanawoz] rundll32.exe "C:\WINDOWS\esasefac.dll",e
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=laptop
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/tool...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/res...
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/res...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/Div...
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-s...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gam...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: jkkJyvSj - jkkJyvSj.dll (file missing)
O20 - Winlogon Notify: ssqNDwvS - ssqNDwvS.dll (file missing)
O20 - Winlogon Notify: yayaBqPh - yayaBqPh.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11463 bytes


Report •

#3
January 18, 2009 at 19:17:44

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":

O2 - BHO: (no name) - {980E3697-F50C-45ED-8D75-7046CFC38BBC} - C:\WINDOWS\system32\ddccDvUN.dll (file missing)


O2 - BHO: (no name) - {E52B4C4F-95A2-4631-8C13-51AA460086D9} - C:\WINDOWS\system32\geBsstSj.dll (file missing)

O20 - Winlogon Notify: jkkJyvSj - jkkJyvSj.dll (file missing)


O20 - Winlogon Notify: ssqNDwvS - ssqNDwvS.dll (file missing)


O20 - Winlogon Notify: yayaBqPh - yayaBqPh.dll (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

Exit Hijack This.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your AVG antivirus (To do this click the AVG icon in the systray bottom right of your screen)> then click exit., and any antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.


Report •

Related Solutions

#4
January 18, 2009 at 20:34:39
Alright, it took awhile but it is done. As soon as I got my computer restarted and started the antivirus program, viruses were detected. The desktop backround is gone, here's the ComboFix Log:

ComboFix 09-01-18.01 - valentin 2009-01-18 23:00:39.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.237 [GMT -5:00]
Running from: c:\documents and settings\valentin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\valentin\Application Data\gadcom
c:\windows\system32\998.exe
c:\windows\system32\aayfrldx.ini
c:\windows\system32\ahdoslre.ini
c:\windows\system32\ahtn.htm
c:\windows\system32\befvhibh.ini
c:\windows\system32\dmmqty.dll
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekakseaxxgy.sys
c:\windows\system32\fccBSJca.dll
c:\windows\system32\jStssBeg.ini
c:\windows\system32\jStssBeg.ini2
c:\windows\system32\lxloucop.ini
c:\windows\system32\ntdll64.exe
c:\windows\system32\NUvDccdd.ini
c:\windows\system32\NUvDccdd.ini2
c:\windows\system32\oubugtpo.ini
c:\windows\system32\oytrkaxc.ini
c:\windows\system32\rgvwxite.ini
c:\windows\system32\senekadf.dat
c:\windows\system32\senekahlnipptr.dat
c:\windows\system32\senekalog.dat
c:\windows\system32\senekapskrpywu.dll
c:\windows\system32\senekavkfuwxbr.dll
c:\windows\system32\senekawjfklfis.dll
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\ysbffarc.ini

[color=blue]Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe[/COLOR]

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-17 14:43 . 2009-01-17 14:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 14:43 . 2009-01-17 14:43 <DIR> d-------- c:\documents and settings\valentin\Application Data\Malwarebytes
2009-01-17 14:43 . 2009-01-17 14:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 14:43 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 14:43 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 13:55 . 2009-01-17 13:55 134,656 --a------ c:\windows\esasefac.dll
2009-01-17 13:42 . 2009-01-17 13:42 41,984 --a------ c:\windows\system32\chert5-998.exe
2009-01-17 13:42 . 2009-01-17 13:42 41,984 --a------ c:\windows\Jvecutero.dll
2009-01-16 23:22 . 2009-01-16 23:22 <DIR> d-------- C:\306c9107b8fb7bf964
2009-01-15 23:13 . 2009-01-15 23:13 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-01-14 17:48 . 2009-01-14 17:48 268 --ah----- C:\sqmdata09.sqm
2009-01-14 17:48 . 2009-01-14 17:48 244 --ah----- C:\sqmnoopt09.sqm
2009-01-13 21:52 . 2009-01-13 21:52 <DIR> d-------- C:\1a565da70cb7cc82259738
2009-01-12 23:41 . 2009-01-12 23:41 <DIR> d-------- c:\documents and settings\valentin\Application Data\Xilisoft Corporation
2009-01-12 23:40 . 2009-01-12 23:40 <DIR> d-------- c:\program files\Xilisoft
2009-01-07 22:26 . 2009-01-07 22:28 <DIR> d-------- C:\Crap
2008-12-25 11:47 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-25 11:47 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-25 11:46 . 2008-12-25 11:47 <DIR> d-------- c:\program files\iTunes
2008-12-25 11:46 . 2008-12-25 11:46 <DIR> d-------- c:\program files\iPod
2008-12-25 11:46 . 2008-12-25 11:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 11:43 . 2008-12-25 11:45 <DIR> d-------- c:\program files\QuickTime
2008-12-25 11:43 . 2008-12-25 11:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-25 11:40 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-25 11:33 . 2008-12-25 11:46 <DIR> d-------- c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 04:19 --------- d-----w c:\documents and settings\valentin\Application Data\OpenOffice.org2
2009-01-19 03:42 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-19 03:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-14 05:18 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-13 04:24 --------- d-----w c:\documents and settings\valentin\Application Data\Apple Computer
2009-01-13 04:22 --------- d-----w c:\program files\MediaCoder
2009-01-09 20:54 --------- d-----w c:\program files\Lightside - Legend Ragnarok
2009-01-05 05:44 --------- d-----w c:\program files\Dl_cats
2008-12-27 05:11 --------- d-----w c:\documents and settings\valentin\Application Data\LimeWire
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 02:57 --------- d-----w c:\program files\Java
2008-12-07 01:05 --------- d-----w c:\documents and settings\valentin\Application Data\AVGTOOLBAR
2008-12-07 00:43 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-06 19:46 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-06 19:41 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2008-11-29 22:55 --------- d-----w c:\program files\Common Files\INCA Shared
2008-11-29 22:49 --------- d--h--w c:\documents and settings\valentin\Application Data\ijjigame
2008-11-29 22:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 22:38 --------- d-----w c:\program files\NHN USA
2008-11-23 21:00 --------- d-----w c:\documents and settings\valentin\Application Data\Ventrilo
2008-11-23 18:29 --------- d-----w c:\program files\Ventrilo
2008-11-23 18:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-13 00:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091220080913\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 360448]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-06 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"Plokobabuyutom"="c:\windows\Jvecutero.dll" [2009-01-17 41984]
"Ujocebezudanawoz"="c:\windows\esasefac.dll" [2009-01-17 134656]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\valentin\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-09-05 65588]
Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2008-05-26 29184]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Sonic Shared\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Roxio\\Creator Classic 9\\Creator9.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Sonic Shared\\RoxioUpnpService9.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14962:TCP"= 14962:TCP:BitComet 14962 TCP
"14962:UDP"= 14962:UDP:BitComet 14962 UDP
"135:TCP"= 135:TCP:DCOM(135)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-06 97928]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-17 38496]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2006-10-02 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 13:04]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{520A545E-7CD6-477F-AFAA-D40883D69FEA} - c:\windows\system32\wincm77.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
FF - ProfilePath - c:\documents and settings\valentin\Application Data\Mozilla\Firefox\Profiles\1r977h39.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 23:18:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????P??|?P???? ???B?????????????hLC? ??????
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
r Running Proce
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Sonic Shared\RoxioUpnpService9.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\fxssvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\program files\Lexmark 2200 Series\lxbvbmon.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\windows\system32\dlcccoms.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Apoint2K\ApntEx.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2009-01-18 23:23:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-19 04:23:07
ComboFix2.txt 2008-10-22 03:17:20

Pre-Run: 28,334,850,048 bytes free
Post-Run: 28,285,775,872 bytes free

258 --- E O F --- 2009-01-14 05:19:01


Report •

#5
January 18, 2009 at 21:01:53
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\esasefac.dll
c:\windows\Jvecutero.dll
c:\windows\system32\chert5-998.exe
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Plokobabuyutom"=-
"Ujocebezudanawoz"=-

DIRLOOK::
C:\306c9107b8fb7bf964
C:\1a565da70cb7cc82259738

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Post a new Combofix log following the previous directions.


Report •

#6
January 18, 2009 at 21:30:22
Well, my internet is now successfully working, and everything seems to be running fairly smoothly, here is the log:

ComboFix 09-01-18.01 - valentin 2009-01-19 0:13:43.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.170 [GMT -5:00]
Running from: c:\documents and settings\valentin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\valentin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
c:\windows\esasefac.dll
c:\windows\Jvecutero.dll
c:\windows\system32\chert5-998.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata09.sqm
C:\sqmnoopt09.sqm
c:\windows\esasefac.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-17 14:43 . 2009-01-17 14:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 14:43 . 2009-01-17 14:43 <DIR> d-------- c:\documents and settings\valentin\Application Data\Malwarebytes
2009-01-17 14:43 . 2009-01-17 14:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 14:43 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 14:43 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-16 23:22 . 2009-01-16 23:22 <DIR> d-------- C:\306c9107b8fb7bf964
2009-01-15 23:13 . 2009-01-15 23:13 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-01-13 21:52 . 2009-01-13 21:52 <DIR> d-------- C:\1a565da70cb7cc82259738
2009-01-12 23:41 . 2009-01-12 23:41 <DIR> d-------- c:\documents and settings\valentin\Application Data\Xilisoft Corporation
2009-01-12 23:40 . 2009-01-12 23:40 <DIR> d-------- c:\program files\Xilisoft
2009-01-07 22:26 . 2009-01-07 22:28 <DIR> d-------- C:\Crap
2008-12-25 11:47 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-25 11:47 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-25 11:46 . 2008-12-25 11:47 <DIR> d-------- c:\program files\iTunes
2008-12-25 11:46 . 2008-12-25 11:46 <DIR> d-------- c:\program files\iPod
2008-12-25 11:46 . 2008-12-25 11:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 11:43 . 2008-12-25 11:45 <DIR> d-------- c:\program files\QuickTime
2008-12-25 11:43 . 2008-12-25 11:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-25 11:40 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-25 11:33 . 2008-12-25 11:46 <DIR> d-------- c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 04:19 --------- d-----w c:\documents and settings\valentin\Application Data\OpenOffice.org2
2009-01-19 03:42 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-19 03:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-14 05:18 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-13 04:24 --------- d-----w c:\documents and settings\valentin\Application Data\Apple Computer
2009-01-13 04:22 --------- d-----w c:\program files\MediaCoder
2009-01-09 20:54 --------- d-----w c:\program files\Lightside - Legend Ragnarok
2009-01-05 05:44 --------- d-----w c:\program files\Dl_cats
2008-12-27 05:11 --------- d-----w c:\documents and settings\valentin\Application Data\LimeWire
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 02:57 --------- d-----w c:\program files\Java
2008-12-07 01:05 --------- d-----w c:\documents and settings\valentin\Application Data\AVGTOOLBAR
2008-12-07 00:43 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-06 19:46 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-06 19:41 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2008-11-29 22:55 --------- d-----w c:\program files\Common Files\INCA Shared
2008-11-29 22:49 --------- d--h--w c:\documents and settings\valentin\Application Data\ijjigame
2008-11-29 22:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 22:38 --------- d-----w c:\program files\NHN USA
2008-11-23 21:00 --------- d-----w c:\documents and settings\valentin\Application Data\Ventrilo
2008-11-23 18:29 --------- d-----w c:\program files\Ventrilo
2008-11-23 18:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-13 00:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091220080913\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\1a565da70cb7cc82259738 ----

2009-01-13 21:52 788 --ah----- c:\1a565da70cb7cc82259738\$shtdwn$.req
2008-08-26 13:28 47224 --a------ c:\1a565da70cb7cc82259738\mrtstub.exe
2008-08-26 13:28 16208504 --a------ c:\1a565da70cb7cc82259738\mrt.exe

---- Directory of C:\306c9107b8fb7bf964 ----

2009-01-16 23:22 788 --ah----- c:\306c9107b8fb7bf964\$shtdwn$.req
2008-08-26 13:28 47224 --a------ c:\306c9107b8fb7bf964\mrtstub.exe
2008-08-26 13:28 16208504 --a------ c:\306c9107b8fb7bf964\mrt.exe


((((((((((((((((((((((((((((( snapshot@2009-01-18_23.21.57.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
- 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
- 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
- 2004-08-04 08:00:00 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2006-11-07 08:26:44 71,680 -c--a-w c:\windows\ie7\admparse.dll
- 2004-08-11 08:45:04 28,672 -c--a-w c:\windows\ie7\custsat.dll
+ 2006-11-08 02:03:36 33,792 -c--a-w c:\windows\ie7\custsat.dll
- 2004-08-04 08:00:00 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2008-04-14 00:11:54 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
- 2006-10-23 11:00:41 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2008-04-14 00:12:22 18,432 -c--a-w c:\windows\ie7\iedw.exe
- 2006-10-23 15:17:52 251,392 -c--a-w c:\windows\ie7\iepeers.dll
+ 2006-11-08 02:03:36 191,488 -c--a-w c:\windows\ie7\iepeers.dll
+ 2006-11-08 02:03:36 287,744 -c--a-w c:\windows\ie7\ieproxy.dll
- 2004-08-04 08:00:00 62,976 -c--a-w c:\windows\ie7\iesetup.dll
+ 2006-11-07 08:26:42 55,296 -c--a-w c:\windows\ie7\iesetup.dll
+ 2006-11-08 02:03:36 180,736 -c--a-w c:\windows\ie7\ieui.dll
- 2004-08-04 08:00:00 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2008-04-14 00:12:22 93,184 -c--a-w c:\windows\ie7\iexplore.exe
- 2004-08-04 08:00:00 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2006-10-17 16:57:58 36,352 -c--a-w c:\windows\ie7\imgutil.dll
- 2006-10-23 15:17:52 96,256 -c--a-w c:\windows\ie7\inseng.dll
+ 2006-11-07 08:26:24 92,672 -c--a-w c:\windows\ie7\inseng.dll
- 2004-08-04 08:00:00 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2006-10-17 17:05:10 40,960 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2006-10-17 16:58:32 12,288 -c--a-w c:\windows\ie7\msfeedssync.exe
- 2004-08-04 08:00:00 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2006-10-17 16:56:10 45,568 -c--a-w c:\windows\ie7\mshta.exe
- 2004-08-04 08:00:00 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2006-10-17 16:28:56 48,128 -c--a-w c:\windows\ie7\mshtmler.dll
- 2004-08-04 08:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2006-11-08 02:03:36 156,160 -c--a-w c:\windows\ie7\msls31.dll
- 2006-11-08 02:04:18 31,856 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-08-13 23:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
- 2006-11-08 02:01:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2007-08-13 23:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
- 2006-09-06 21:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 22:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
- 2006-09-06 21:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2006-09-06 22:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2006-10-17 17:05:58 206,336 -c--a-w c:\windows\ie7\winfxdocobj.exe
- 2006-11-07 08:26:44 71,680 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-13 23:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2006-11-07 08:26:44 71,680 ----a-w c:\windows\system32\dllcache\admparse.dll
+ 2007-08-13 23:39:20 71,680 ----a-w c:\windows\system32\dllcache\admparse.dll
+ 2006-09-23 18:12:50 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll
+ 2007-08-13 23:42:54 17,408 ------w c:\windows\system32\dllcache\corpol.dll
- 2006-11-08 02:03:36 33,792 ----a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 23:54:10 33,792 ----a-w c:\windows\system32\dllcache\custsat.dll
- 2008-04-14 00:11:54 38,912 ----a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 23:18:02 60,416 ----a-w c:\windows\system32\dllcache\hmmapi.dll
- 2008-04-14 00:12:22 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 23:44:02 69,120 ----a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 23:45:18 78,336 ------w c:\windows\system32\dllcache\ieencode.dll
- 2006-11-08 02:03:36 191,488 ----a-w c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 23:54:10 191,488 ----a-w c:\windows\system32\dllcache\iepeers.dll
- 2006-11-07 08:26:42 55,296 ----a-w c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 23:39:12 55,296 ----a-w c:\windows\system32\dllcache\iesetup.dll
- 2008-04-14 00:12:22 93,184 ----a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
- 2006-10-17 16:57:58 36,352 ----a-w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 23:36:06 36,352 ----a-w c:\windows\system32\dllcache\imgutil.dll
- 2006-11-07 08:26:24 92,672 ----a-w c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 23:39:02 92,672 ----a-w c:\windows\system32\dllcache\inseng.dll
- 2006-10-17 17:05:10 40,960 ----a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 ----a-w c:\windows\system32\dllcache\licmgr10.dll
- 2006-10-17 16:56:10 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 23:32:30 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
- 2006-10-17 16:28:56 48,128 ----a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 ----a-w c:\windows\system32\dllcache\mshtmler.dll
- 2006-11-08 02:03:36 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 23:54:10 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
+ 2006-09-23 18:12:50 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll
+ 2006-09-23 18:12:50 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
- 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2006-11-08 02:03:36 191,488 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-13 23:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2006-11-07 08:26:42 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 23:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
- 2006-11-08 02:03:36 180,736 ----a-w c:\windows\system32\ieui.dll
+ 2007-08-13 23:54:10 180,736 ----a-w c:\windows\system32\ieui.dll
- 2006-10-17 16:57:58 36,352 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-13 23:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
- 2006-11-07 08:26:24 92,672 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-13 23:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2006-10-17 17:05:10 40,960 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
- 2008-08-26 18:28:14 16,208,504 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-09 22:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
- 2006-10-17 16:58:32 12,288 ----a-w c:\windows\system32\msfeedssync.exe
+ 2007-08-13 23:36:40 12,288 ----a-w c:\windows\system32\msfeedssync.exe
- 2006-10-17 16:56:10 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-13 23:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2006-10-17 16:28:56 48,128 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2006-11-08 02:03:36 156,160 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-13 23:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2006-10-17 17:05:58 206,336 ----a-w c:\windows\system32\WinFXDocObj.exe
+ 2007-08-13 23:45:16 206,336 ----a-w c:\windows\system32\WinFXDocObj.exe
- 2009-01-19 04:17:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_768.dat
+ 2009-01-19 05:18:40 16,384 ----atw c:\windows\temp\Perflib_Perfdata_768.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 221184]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2004-05-17 360448]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-06 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\valentin\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-09-05 65588]
Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2008-05-26 29184]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Sonic Shared\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Roxio\\Creator Classic 9\\Creator9.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Sonic Shared\\RoxioUpnpService9.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14962:TCP"= 14962:TCP:BitComet 14962 TCP
"14962:UDP"= 14962:UDP:BitComet 14962 UDP
"135:TCP"= 135:TCP:DCOM(135)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-06 97928]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-01-17 38496]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2006-10-02 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 13:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
FF - ProfilePath - c:\documents and settings\valentin\Application Data\Mozilla\Firefox\Profiles\1r977h39.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 00:19:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????P??|?????? ???B?????????????hLC? ??????
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
r Running Proce
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Sonic Shared\RoxioUpnpService9.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\fxssvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Lexmark 2200 Series\lxbvbmon.exe
c:\windows\system32\dlcccoms.exe
c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-19 0:26:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-19 05:26:14
ComboFix2.txt 2009-01-19 04:23:13
ComboFix3.txt 2008-10-22 03:17:20

Pre-Run: 27,970,174,976 bytes free
Post-Run: 27,974,762,496 bytes free

344 --- E O F --- 2009-01-19 05:06:15


Report •

#7
January 19, 2009 at 03:41:05
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •

#8
January 19, 2009 at 14:23:35
Alright, the scan took about 4 hours but its done:

----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, January 19, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, January 19, 2009 16:08:10
Records in database: 1648601
----------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 81288
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 04:45:25


File name / Threat name / Threats count
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.


Report •

#9
January 19, 2009 at 18:08:19
Your computer appears to be clean


Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Go to start> control panel> add/remove programs and uninstall these programs:

Hijack This

Malwarebytes

Kaspersky

You should keep AFT Cleaner and run it weekly.


You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?


Report •

#10
January 19, 2009 at 18:18:45
The computer is running well, there seems to be no problems. But if you don't mind me asking, why am I uninstalling Malwarebytes?

Report •

#11
January 19, 2009 at 18:56:48
If you want to keep if go right ahead, many posters ask how to remove the tools we used to clean their computers.

Glad we can help.


Report •


Ask Question