Virus won't let me run scans such as malwarebytes... HELP!!!!!!

Started by Chouse, September 08, 2009, 03:33:00 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Chouse

September 08, 2009, 03:33:00 AM
Hello,
I have read previous entries and have similar problems.  I have a virus that will redirect me to other websites and it is frustrating me and im worried it is going to do more.  I downloaded Combofix like was suggested on previous posts.  Here is my combofix.txt.  Can you PLEASE help me! Thank You.


ComboFix 09-09-07.03 - Chris House 09/07/2009 21:16.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1983.1356 [GMT -6:00]
Running from: c:\documents and settings\Chris House\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
ADS - system32: deleted 12 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris House\Application Data\inst.exe
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\msc.exe
c:\windows\system\Winaspi.dll
c:\windows\system\Wowpost.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\B4FM.dll
c:\windows\system32\oem20.inf

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\eventlog.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


(((((((((((((((((((((((((   Files Created from 2009-08-08 to 2009-09-08  )))))))))))))))))))))))))))))))
.

2009-09-08 02:56 . 2009-09-08 02:56   102664   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2009-09-08 02:56 . 2009-09-08 02:56   --------   d-----w-   c:\documents and settings\Chris House\.housecall6.6
2009-09-08 02:42 . 2009-08-03 19:36   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 02:42 . 2009-09-08 02:42   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-09-08 02:42 . 2009-08-03 19:36   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-09-07 20:01 . 2009-09-07 20:02   --------   d-----w-   c:\program files\AoA Audio Extractor
2009-09-07 19:55 . 2009-09-07 19:55   --------   d-----w-   c:\program files\Xvid
2009-09-07 19:55 . 2009-06-07 22:24   180224   ----a-w-   c:\windows\system32\xvidvfw.dll
2009-09-07 19:55 . 2009-06-07 22:16   819200   ----a-w-   c:\windows\system32\xvidcore.dll
2009-09-05 22:58 . 2009-09-05 22:58   --------   d-----w-   c:\windows\Logs
2009-09-04 19:55 . 2009-09-04 19:55   --------   d-----w-   c:\documents and settings\Chris House\Local Settings\Application Data\Thinstall
2009-09-04 19:55 . 2009-09-04 19:55   --------   d-----w-   c:\documents and settings\Chris House\Application Data\Thinstall
2009-09-04 19:09 . 2009-09-04 19:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\vsosdk
2009-09-04 18:22 . 2009-09-05 21:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2009-08-26 22:02 . 2009-09-07 17:17   --------   d-----w-   c:\program files\Burn4Free
2009-08-25 19:57 . 2009-08-25 20:33   --------   d-----w-   c:\program files\CommViewWiFi
2009-08-25 16:47 . 2009-08-25 16:47   --------   d-----w-   c:\documents and settings\Chris House\Local Settings\Application Data\Identities
2009-08-24 14:17 . 2009-08-24 14:17   --------   d-----w-   c:\documents and settings\Chris House\Application Data\dvdcss
2009-08-24 14:16 . 2009-08-24 14:16   --------   d-----w-   c:\program files\Xilisoft
2009-08-24 13:54 . 2009-04-02 10:13   45056   ----a-w-   c:\windows\system32\WNASPI32.DLL
2009-08-24 13:54 . 2009-04-02 10:13   16512   ----a-w-   c:\windows\system32\drivers\ASPI32.SYS
2009-08-23 05:04 . 2009-08-23 05:04   --------   d-----w-   c:\program files\ConvertHelper
2009-08-23 05:02 . 2009-08-23 05:02   --------   d-----w-   c:\documents and settings\Chris House\dwhelper
2009-08-14 22:33 . 2009-08-14 22:33   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-08-14 22:04 . 2009-08-14 22:04   --------   d-----w-   c:\program files\Vstplugins
2009-08-14 21:47 . 2009-09-03 23:55   --------   d-----w-   C:\ConverterOutput
2009-08-14 21:47 . 2009-07-01 20:16   94854   ----a-w-   c:\windows\system32\HKCU_GNU.reg
2009-08-14 21:47 . 2009-02-26 21:34   2004   ----a-w-   c:\windows\system32\HKLM_GNU.reg
2009-08-14 21:47 . 2008-06-15 15:01   60273   ----a-w-   c:\windows\system32\pthreadGC2.dll
2009-08-14 21:47 . 2008-06-15 15:01   258352   ----a-w-   c:\windows\system32\unicows.dll
2009-08-14 21:47 . 2009-08-12 21:48   270336   ----a-w-   c:\windows\system32\cdg.dll
2009-08-14 21:47 . 2006-09-27 22:46   348160   ----a-w-   c:\windows\system32\cdga.dll
2009-08-14 21:47 . 2006-07-18 02:42   14909   ----a-w-   c:\windows\system32\A_reg.reg
2009-08-14 21:47 . 2009-08-14 21:47   --------   d-----w-   c:\program files\Cucusoft
2009-08-14 21:43 . 2009-08-14 21:46   --------   d-----w-   c:\documents and settings\Chris House\Application Data\GetRightToGo
2009-08-14 19:09 . 2005-05-18 16:52   1212416   ----a-w-   c:\windows\system32\NCTAudioInformation2.dll
2009-08-14 19:09 . 2005-05-17 17:37   1986560   ----a-w-   c:\windows\system32\NCTAudioFile2.dll
2009-08-14 19:09 . 2005-04-25 18:01   458752   ----a-w-   c:\windows\system32\NCTAudioRecord2.dll
2009-08-14 19:09 . 2005-04-25 18:01   458752   ----a-w-   c:\windows\system32\NCTAudioPlayer2.dll
2009-08-14 19:09 . 2005-04-15 17:08   880640   ----a-w-   c:\windows\system32\NCTAudioEditor2.dll
2009-08-14 19:09 . 2005-04-04 22:21   602112   ----a-w-   c:\windows\system32\NCTAudioTransform2.dll
2009-08-14 19:09 . 2005-04-04 20:06   348160   ----a-w-   c:\windows\system32\NCTWMAFile2.dll
2009-08-14 19:09 . 2005-03-29 12:57   2084864   ----a-w-   c:\windows\system32\NCTAudioDesign2.dll
2009-08-14 19:09 . 2005-03-28 20:56   417792   ----a-w-   c:\windows\system32\NCTAudioDisplay2.dll
2009-08-14 19:09 . 2005-03-28 20:54   479232   ----a-w-   c:\windows\system32\NCTAudioVisualization2.dll
2009-08-14 19:09 . 2004-11-04 18:31   835584   ----a-w-   c:\windows\system32\NCTAudioCDGrabber2.dll
2009-08-14 19:09 . 2009-08-14 19:10   --------   d-----w-   c:\program files\Audio Editor Gold
2009-08-14 19:06 . 2009-03-19 21:32   23400   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-14 19:06 . 2008-04-17 17:12   107368   ----a-w-   c:\windows\system32\GEARAspi.dll
2009-08-14 19:05 . 2009-08-14 19:05   --------   d-----w-   c:\program files\iPod
2009-08-14 19:05 . 2009-08-14 19:06   --------   d-----w-   c:\program files\iTunes
2009-08-14 19:05 . 2009-08-14 19:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-14 19:05 . 2009-08-14 19:05   --------   d-----w-   c:\program files\Bonjour
2009-08-14 19:05 . 2009-08-14 19:05   --------   d-----w-   c:\program files\Common Files\Apple
2009-08-14 19:01 . 2009-08-31 21:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\NCH Software
2009-08-14 19:01 . 2009-09-01 22:00   --------   d-----w-   c:\documents and settings\Chris House\Application Data\NCH Software
2009-08-14 19:01 . 2009-08-31 21:43   --------   d-----w-   c:\program files\NCH Software
2009-08-14 14:31 . 2009-08-14 14:04   --------   d-----w-   c:\program files\Cylekx
2009-08-14 14:23 . 2009-08-14 14:24   --------   d-----w-   c:\program files\3D Flash Slideshow Maker
2009-08-14 13:36 . 2009-08-14 13:36   --------   d-----w-   c:\documents and settings\Chris House\Application Data\Publish Providers
2009-08-14 13:36 . 2009-08-14 22:50   --------   d-----w-   c:\documents and settings\Chris House\Application Data\Sony
2009-08-14 13:36 . 2009-08-14 22:50   --------   d-----w-   c:\documents and settings\Chris House\Local Settings\Application Data\Sony
2009-08-14 13:35 . 2009-08-14 22:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sony
2009-08-14 13:35 . 2009-08-14 22:48   --------   d-----w-   c:\program files\Sony
2009-08-14 13:34 . 2009-08-14 22:31   --------   d-----w-   c:\program files\Sony Setup
2009-08-14 08:00 . 2008-04-14 12:00   221184   ----a-w-   c:\windows\system32\wmpns.dll
2009-08-11 18:35 . 2009-08-14 13:15   --------   d-----w-   c:\documents and settings\Chris House\Local Settings\Application Data\WMTools Downloaded Files
2009-08-10 15:34 . 2005-03-30 15:40   60416   ----a-w-   c:\windows\system32\dsetup.dll
2009-08-09 08:04 . 2009-08-09 08:04   --------   d-----w-   c:\windows\system32\XPSViewer
2009-08-09 08:04 . 2009-08-09 08:04   --------   d-----w-   c:\program files\MSBuild
2009-08-09 08:04 . 2009-08-09 08:04   --------   d-----w-   c:\program files\Reference Assemblies
2009-08-09 08:03 . 2008-07-06 12:06   89088   -c----w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 08:03 . 2008-07-06 12:06   575488   -c----w-   c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 08:03 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2009-08-09 08:03 . 2008-07-06 12:06   1676288   -c----w-   c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 08:03 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2009-08-09 08:03 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2009-08-09 08:03 . 2008-07-06 10:50   597504   -c----w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 08:03 . 2009-08-09 08:04   --------   d-----w-   C:\4a52ea70d48148db7f9def

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 02:43 . 2009-07-15 19:48   --------   d-----w-   c:\program files\FlashGet
2009-09-08 02:36 . 2009-07-15 18:23   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-09-07 20:03 . 2009-07-15 19:15   --------   d-----w-   c:\documents and settings\Chris House\Application Data\Vso
2009-09-05 22:59 . 2009-09-05 22:59   --------   d-----w-   c:\program files\Codemasters
2009-08-26 17:49 . 2009-07-15 19:19   --------   d-----w-   c:\program files\Java
2009-08-24 13:16 . 2009-07-15 18:55   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-08-24 13:16 . 2009-07-15 18:55   335240   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-08-24 13:16 . 2009-07-15 18:55   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-08-15 03:12 . 2009-07-15 19:20   --------   d-----w-   c:\documents and settings\Chris House\Application Data\LimeWire
2009-08-14 19:06 . 2009-08-06 06:25   --------   d-----w-   c:\documents and settings\Chris House\Application Data\Apple Computer
2009-08-14 19:05 . 2009-07-30 15:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-10 15:41 . 2009-07-15 17:11   42752   ----a-w-   c:\documents and settings\Chris House\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 21:22 . 2009-08-06 07:29   --------   d-----w-   c:\documents and settings\Chris House\Application Data\DivX
2009-08-06 07:34 . 2009-08-06 07:26   --------   d-----w-   c:\program files\DivX
2009-08-06 07:26 . 2009-08-06 07:26   --------   d-----w-   c:\program files\Common Files\DivX Shared
2009-08-06 04:12 . 2009-08-06 04:10   --------   d-----w-   c:\program files\WinMPG VideoConvert
2009-08-05 09:01 . 2008-04-14 12:00   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-08-04 05:05 . 2009-07-15 20:06   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-07-31 17:14 . 2009-07-31 17:13   --------   d-----w-   c:\program files\Common Files\Adobe
2009-07-31 15:29 . 2009-07-31 15:29   --------   d-----w-   c:\program files\MSXML 4.0
2009-07-30 22:46 . 2009-07-30 22:43   --------   d-----w-   c:\documents and settings\Chris House\Application Data\U3
2009-07-30 15:21 . 2009-07-30 15:21   --------   d-----w-   c:\program files\QuickTime
2009-07-30 15:21 . 2009-07-30 15:21   --------   d-----w-   c:\program files\Apple Software Update
2009-07-30 15:21 . 2009-07-30 15:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2009-07-26 21:07 . 2009-07-26 21:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\WEBREG
2009-07-26 21:06 . 2009-07-26 21:01   139671   ------w-   c:\windows\hpoins15.dat
2009-07-26 21:06 . 2009-07-26 21:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-07-26 21:03 . 2009-07-26 21:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-07-26 21:03 . 2009-07-26 21:02   --------   d-----w-   c:\program files\HP
2009-07-26 21:03 . 2009-07-26 21:03   --------   d-----w-   c:\documents and settings\Chris House\Application Data\HPAppData
2009-07-26 21:03 . 2009-07-26 21:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\HP
2009-07-26 21:02 . 2009-07-26 21:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-26 21:02 . 2009-07-26 21:02   --------   d-----w-   c:\program files\Common Files\HP
2009-07-26 21:02 . 2009-07-26 21:02   --------   d-----w-   c:\program files\Common Files\Hewlett-Packard
2009-07-25 10:23 . 2009-07-15 19:20   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-07-17 21:08 . 2009-07-17 21:08   --------   d-----w-   c:\program files\RealArcade
2009-07-17 19:01 . 2008-04-14 12:00   58880   ----a-w-   c:\windows\system32\atl.dll
2009-07-15 22:36 . 2009-07-15 22:35   --------   d-----w-   c:\program files\Fast AVI MPEG Joiner
2009-07-15 22:28 . 2009-07-15 22:28   --------   d-----w-   c:\documents and settings\Chris House\Application Data\Seven Zip
2009-07-15 21:30 . 2009-07-15 21:30   --------   d-----w-   c:\program files\NCH Swift Sound
2009-07-15 21:09 . 2009-07-15 21:09   --------   d-----w-   c:\program files\Microsoft ActiveSync
2009-07-15 21:07 . 2009-07-15 21:07   --------   d-----w-   c:\program files\Microsoft.NET
2009-07-15 21:05 . 2009-07-15 21:03   --------   d-----w-   c:\documents and settings\Chris House\Application Data\ImgBurn
2009-07-15 20:58 . 2009-07-15 20:58   --------   d-----w-   c:\program files\ImgBurn
2009-07-15 20:43 . 2009-07-15 20:43   --------   d-----w-   c:\documents and settings\Chris House\Application Data\Malwarebytes
2009-07-15 20:43 . 2009-07-15 20:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-15 20:06 . 2009-07-15 19:58   --------   d-----w-   c:\program files\Windows Live
2009-07-15 20:05 . 2009-07-15 20:05   --------   d-----w-   c:\program files\Microsoft
2009-07-15 20:05 . 2009-07-15 19:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-07-15 20:05 . 2009-07-15 20:05   --------   d-----w-   c:\program files\Windows Live SkyDrive
2009-07-15 20:02 . 2009-07-15 20:02   --------   d-----w-   c:\program files\Common Files\Windows Live
2009-07-15 19:58 . 2009-07-15 19:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\WLInstaller
2009-07-15 19:47 . 2009-07-15 19:36   --------   d-----w-   c:\program files\TuneUp Utilities 2009
2009-07-15 19:46 . 2009-07-15 19:46   604416   ----a-w-   c:\windows\system32\TUProgSt.exe
2009-07-15 19:46 . 2009-07-15 19:46   361216   ----a-w-   c:\windows\system32\TuneUpDefragService.exe
2009-07-15 19:46 . 2009-07-15 19:36   --------   d-sh--w-   c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-15 19:36 . 2009-07-15 19:36   --------   d-----w-   c:\documents and settings\Chris House\Application Data\TuneUp Software
2009-07-15 19:36 . 2009-07-15 19:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-15 19:31 . 2009-07-15 19:31   --------   d-----w-   c:\program files\LimeWire
2009-07-15 19:27 . 2009-07-15 19:27   --------   d-----w-   c:\program files\CONEXANT
2009-07-15 19:24 . 2009-07-15 19:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-15 19:22 . 2009-07-15 19:22   87328   ----a-w-   c:\windows\system32\bcmwlcoi.dll
2009-07-15 19:22 . 2009-07-15 17:14   1294200   ----a-w-   c:\windows\system32\drivers\BCMWL5.SYS
2009-07-15 19:22 . 2009-07-15 19:22   --------   d-----w-   c:\program files\Synaptics
2009-07-15 19:22 . 2009-07-15 18:17   --------   d-----w-   c:\program files\Common Files\InstallShield
2009-07-15 19:21 . 2009-07-15 19:21   --------   d-----w-   c:\program files\HP 1.3MP Webcam
2009-07-15 19:21 . 2009-07-15 17:14   --------   d-----w-   c:\program files\Hewlett-Packard
2009-07-15 19:19 . 2009-07-15 19:19   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-15 19:19 . 2009-07-15 19:19   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-07-15 19:18 . 2009-07-15 18:47   --------   d-----w-   c:\program files\DIFX
2009-07-15 19:16 . 2009-07-15 18:57   --------   d-----w-   c:\program files\Common Files\BitDefender
2009-07-15 19:15 . 2009-07-15 19:01   81984   ----a-w-   c:\windows\system32\bdod.bin
2009-07-15 19:15 . 2009-07-15 19:15   47360   ----a-w-   c:\windows\system32\drivers\pcouffin.sys
2009-07-15 19:15 . 2009-07-15 19:15   47360   ----a-w-   c:\documents and settings\Chris House\Application Data\pcouffin.sys
2009-07-15 19:15 . 2009-07-15 19:15   --------   d-----w-   c:\program files\VSO
2009-07-15 18:56 . 2009-07-15 18:56   --------   d-----w-   c:\program files\7-Zip
2009-07-15 18:55 . 2009-07-15 18:55   108552   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-07-15 18:55 . 2009-07-15 18:55   --------   d-----w-   c:\program files\AVG
2009-07-15 18:55 . 2009-07-15 18:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2009-07-15 18:52 . 2009-07-15 18:52   0   ----a-w-   c:\windows\nsreg.dat
2009-07-15 18:49 . 2009-07-15 18:31   --------   d-----w-   c:\program files\My Drivers
2009-07-15 18:44 . 2009-07-15 18:44   --------   d-----w-   c:\program files\XP Codec Pack
2009-07-15 18:41 . 2009-07-15 18:41   --------   d-----w-   c:\program files\AC3Filter
2009-07-15 18:22 . 2009-07-15 18:22   --------   d-----w-   c:\program files\PC Drivers HeadQuarters
2009-07-15 18:22 . 2009-07-15 18:22   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-15 17:14 . 2009-07-15 17:14   --------   d-----w-   c:\program files\Broadcom
2009-07-15 17:14 . 2009-07-15 17:14   --------   d-----w-   c:\documents and settings\Chris House\Application Data\InstallShield
2009-07-15 17:04 . 2009-07-15 17:04   --------   d-----w-   c:\program files\microsoft frontpage
2009-07-15 17:01 . 2009-07-15 17:01   21640   ----a-w-   c:\windows\system32\emptyregdb.dat
2009-07-14 19:52 . 2001-08-17 20:37   77891   ----a-w-   c:\windows\system32\usrmlnka.exe
2009-07-14 19:41 . 2009-07-14 19:41   1291264   ----a-w-   c:\windows\system32\quartz.dll
2009-07-14 19:41 . 2009-07-14 19:41   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-07-14 19:41 . 2009-07-14 19:41   81920   ----a-w-   c:\windows\system32\fontsub.dll
2009-07-14 19:41 . 2009-07-14 19:41   585216   ----a-w-   c:\windows\system32\rpcrt4.dll
2009-07-14 19:40 . 2009-07-14 19:40   1847808   ----a-w-   c:\windows\system32\win32k.sys
2009-07-14 19:39 . 2009-07-14 19:39   346112   ----a-w-   c:\windows\system32\localspl.dll
2009-07-14 19:39 . 2009-07-14 19:39   354304   ----a-w-   c:\windows\system32\winhttp.dll
2009-07-14 19:37 . 2009-07-14 19:37   2560   ----a-w-   c:\windows\system32\xpsp4res.dll
2009-07-14 19:37 . 2009-07-14 19:37   90112   ----a-w-   c:\windows\system32\wshext.dll
2009-07-14 19:37 . 2009-07-14 19:37   155648   ----a-w-   c:\windows\system32\wscript.exe
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-21 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-21 86016]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-24 2007832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-21 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-27 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-24 13:16   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/15/2009 12:55 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/15/2009 12:55 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/24/2009 7:15 AM 297752]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/15/2009 1:46 PM 604416]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/15/2009 1:18 PM 193840]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/24/2009 7:15 AM 908056]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [8/24/2009 7:54 AM 16512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 20:37]

2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-07-16 03:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Chris House\Application Data\Mozilla\Firefox\Profiles\4pow1i84.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-09-08 21:24 - machine was rebooted
ComboFix-quarantined-files.txt  2009-09-08 03:24

Pre-Run: 48,326,201,344 bytes free
Post-Run: 52,762,554,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

325   --- E O F ---   2009-09-02 08:00

Frands

#1
September 21, 2009, 08:38:20 PM
Hi Chouse :)
First of all welcome to LandzDown :) . As far as I can see you have two Antivirus programs installed on your pc. Please uninstall one of them. Two Antivirus programs installed is never a good idea because they will make some conflicts with eachother. Next..please remove Limeware from your pc. Limeware and similar programs will often gives you problems with virus and other crap. There is probably more things to see in the logs but please be patient until you get some more help.
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Corrine

#2
September 21, 2009, 11:13:47 PM
Hi, Chouse,

As stealthzone indicated, you have two antivirus programs installed.  Since BitDefender is indicated as out of date, unless you are going to renew the license and remove AVG, go to add/remove programs and uninstall BitDefender.  Following that, run the removal tool for BitDefender, which you can find linked here: Antivirus Product Removal Tools ~ Security Garden

It is not advised to follow instructions that were provided to others, even though they may appear to be a solution to your problem.  Each infection causes unique problems on each computer. Everyone has different software on their computer and that makes each log different.  In addition, running tools like ComboFix without guidance could make your computer inoperable and could result in requiring a full reinstall of your operating system, losing all your programs and data.

With regard to Limewire installed on your computer, please realize that P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. Use of P2P programs can result in Identity Theft

Please download random's system information tool (RSIT):

  • Download RSIT by random/random from here and save it to your desktop.
  • Double-click RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).

In addition, please do an online scan. Please do an on-line scan.  Establish an internet connection and perform an on-line scan with Internet Explorer at Kaspersky Online Scanner.  Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal. 

Note:


  • This scan is best done from IE (Internet Explorer)
  • Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here: http://www.kaspersky.com/virusscanner


  • Read the Requirements and limitations before you click Accept.
  • Once the database has downloaded, click My Computer in the left pane
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
To optimize scanning time and produce a more sensible report for review:


  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Please post the two RSIT logs and the results from the Kaspersky scan in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1
User actions