Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Touch, I missed you so much I had to come back:)
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Touch, I missed you so much I had to come back:)  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Touch, I missed you so much I had to come back:)
[ << Previous Thread | Next Thread >> ]

Maggie8
Junior Member


Date Joined Dec 2007
Total Posts : 69
  		   Posted 8-25-2008 5:54 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
New logs for you. But first some extra info. While running SAS, rather than the trojans showing up on the screen of SAS, Avast pops up and tells me that SAS found something. Weird. It says to follow the suggested directions, which when you try to do it, it says that "file is already being used"? PLUS, it said I also had a "malware", yet it didn't show up on the final tally that SAS gave. Computer has been shutting itself off often. Son thinks it's the cpu overheating.
Thanks Touch!
##########################################################################
Oh, as always, can't get Combo Fix to run, sorry.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/25/2008 at 08:41 AM

Application Version : 3.9.1008

Core Rules Database Version : 3546
Trace Rules Database Version: 1535

Scan type : Complete Scan
Total Scan Time : 01:08:07

Memory items scanned : 442
Memory threats detected : 0
Registry items scanned : 4717
Registry threats detected : 0
File items scanned : 28248
File threats detected : 3

Trojan.Duncan/ActiveSpy
C:\SYSTEM VOLUME INFORMATION\_RESTORE{45CE3093-025D-4EE8-8F8B-B2C3BC858DED}\RP195\A0098845.EXE

Trojan.Downloader-PostCard/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{45CE3093-025D-4EE8-8F8B-B2C3BC858DED}\RP195\A0098847.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{45CE3093-025D-4EE8-8F8B-B2C3BC858DED}\RP196\A0099928.EXE











Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:32 AM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdcserv.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\GenPuter\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\GenPuter\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185064672289
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9960 bytes
Back to Top
 

Maggie8
Junior Member


Date Joined Dec 2007
Total Posts : 69
  		   Posted 8-25-2008 5:56 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
I don't know if it matters but also when I run SAS, it is taking over an hour when it has always taken about 42 minutes before.
When XP opens, a little balloon icon opens a box in the lower corner and says "no firewall turned on" WTF? I thought that was Avast? And why didn't Avast tell me when I got these virus thingys?
Sorry for the twenty questions. I see you already have your hands full with all the posts!
Margie

Post Edited (Maggie8) : 25-08-2008 17:02:34 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-25-2008 7:12 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
Hello Margie scool
 
Avast have no firewall, I´ll therefore suggest you activatate XP firewall:
 
 
Download: CCleaner
http://www.majorgeeks.com/download4191.html
http://www.ccleaner.com/
Once installed, run CCleaner click the Windows tab

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data

Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit (reboot)
-------------------------------------------------
Please download Malwarebytes' Anti-Malware:
http://www.besttechie.net/tools/mbam-setup.exe
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
Copy and Paste that log into your next reply, along with fresh hijackthis log.
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 




Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

Maggie8
Junior Member


Date Joined Dec 2007
Total Posts : 69
  		   Posted 8-26-2008 5:46 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
I already have CCleaner. Do I use the one I have? Thanks,
Margie
Back to Top
 

Maggie8
Junior Member


Date Joined Dec 2007
Total Posts : 69
  		   Posted 8-26-2008 7:10 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

10:50:57 PM 8/25/2008
mbam-log-08-25-2008 (22-50-57).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 102074
Time elapsed: 25 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:15 PM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdcserv.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\GenPuter\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\GenPuter\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185064672289
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 10013 byte
Back to Top
 

Maggie8
Junior Member


Date Joined Dec 2007
Total Posts : 69
  		   Posted 8-26-2008 7:21 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
I also installed the newest CCleaner.
Soo, where'd they go? If Malware says I have nothing?
Update you again...I'm freaking out now. When I'm trying to type, it switches between upper and lower case letters in

Post Edited (Maggie8) : 26-08-2008 07:21:54 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-26-2008 8:20 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
Let´s proceed to next step ;-)
 
 
Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 
And save to the desktop.

Close all other browser windows.
 
 
 
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
 
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
 

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

Maggie8
Junior Member


Date Joined Dec 2007
Total Posts : 69
  		   Posted 8-26-2008 6:04 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
ComboFix 08-08-24.03 - GenPuter 2008-08-26 0:51:10.6 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.95 [GMT -7:00]
Running from: C:\Documents and Settings\GenPuter\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-25 11:51 . 2008-08-25 11:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-25 11:51 . 2008-08-25 11:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-23 22:15 . 2008-08-23 22:15 <DIR> d--hs---- C:\FOUND.038
2008-08-23 04:13 . 2008-08-23 04:13 <DIR> d--hs---- C:\FOUND.037
2008-08-21 11:00 . 2008-08-21 11:00 <DIR> d--hs---- C:\FOUND.036
2008-08-21 10:12 . 2008-08-21 10:12 <DIR> d--hs---- C:\FOUND.035
2008-08-18 12:00 . 2008-08-18 12:00 <DIR> d--hs---- C:\FOUND.034
2008-08-17 15:50 . 2008-08-17 15:50 <DIR> d--hs---- C:\FOUND.033
2008-08-14 22:57 . 2008-08-14 22:57 <DIR> d--hs---- C:\FOUND.032
2008-08-13 17:09 . 2008-08-13 17:09 <DIR> d--hs---- C:\FOUND.029
2008-08-13 11:08 . 2008-08-13 11:08 <DIR> d--hs---- C:\FOUND.028
2008-08-12 09:07 . 2008-08-12 09:07 <DIR> d--hs---- C:\FOUND.027
2008-08-11 10:05 . 2008-08-11 10:05 <DIR> d--hs---- C:\FOUND.026
2008-08-10 15:37 . 2008-08-10 15:37 <DIR> d--hs---- C:\FOUND.025
2008-08-10 15:13 . 2008-08-10 15:13 <DIR> d--hs---- C:\FOUND.024
2008-08-09 14:17 . 2008-08-09 14:17 <DIR> d--hs---- C:\FOUND.023
2008-08-08 10:14 . 2008-08-08 10:14 <DIR> d--hs---- C:\FOUND.022
2008-08-07 17:46 . 2008-08-07 17:46 <DIR> d--hs---- C:\FOUND.021
2008-08-06 11:39 . 2008-08-06 11:39 <DIR> d--hs---- C:\FOUND.020
2008-08-06 02:28 . 2008-08-06 02:28 <DIR> d-------- C:\_OTMoveIt
2008-08-05 10:04 . 2008-08-05 10:04 <DIR> d--hs---- C:\FOUND.019
2008-08-04 09:56 . 2008-08-04 09:56 <DIR> d--hs---- C:\FOUND.018
2008-08-01 11:44 . 2008-08-01 11:44 <DIR> d--hs---- C:\FOUND.017
2008-07-30 23:08 . 2008-07-30 23:08 <DIR> d--hs---- C:\FOUND.016
2008-07-30 20:13 . 2008-07-30 20:13 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-30 17:18 . 2008-07-30 17:18 <DIR> d--hs---- C:\FOUND.031
2008-07-29 21:00 . 2008-07-29 21:00 <DIR> d-------- C:\Deckard
2008-07-29 01:31 . 2008-07-29 01:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 01:31 . 2008-07-29 01:31 <DIR> d-------- C:\Documents and Settings\GenPuter\Application Data\Malwarebytes
2008-07-29 01:31 . 2008-07-29 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 01:31 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 01:31 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 22:33 --------- d-----w C:\Program Files\uTorrent
2008-07-07 22:32 --------- d-----w C:\Documents and Settings\GenPuter\Application Data\uTorrent
2008-07-02 16:34 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-01 15:59 0 ----a-w C:\Documents and Settings\GenPuter\jagex_runescape_preferences.dat
2007-08-25 08:13 92,064 ----a-w C:\Documents and Settings\GenPuter\mqdmmdm.sys
2007-08-25 08:13 9,232 ----a-w C:\Documents and Settings\GenPuter\mqdmmdfl.sys
2007-08-25 08:13 79,328 ----a-w C:\Documents and Settings\GenPuter\mqdmserd.sys
2007-08-25 08:13 66,656 ----a-w C:\Documents and Settings\GenPuter\mqdmbus.sys
2007-08-25 08:13 6,208 ----a-w C:\Documents and Settings\GenPuter\mqdmcmnt.sys
2007-08-25 08:13 5,936 ----a-w C:\Documents and Settings\GenPuter\mqdmwhnt.sys
2007-08-25 08:13 4,048 ----a-w C:\Documents and Settings\GenPuter\mqdmcr.sys
2007-08-25 08:13 25,600 ----a-w C:\Documents and Settings\GenPuter\usbsermptxp.sys
2007-08-25 08:13 22,768 ----a-w C:\Documents and Settings\GenPuter\usbsermpt.sys
2007-08-12 20:29 32 --sha-w C:\WINDOWS\{608FBE7A-AA43-4CE4-ABFA-45DB35020D6C}.dat
2007-08-12 20:31 32 --sha-w C:\WINDOWS\{07FC5982-6C31-42DC-BA72-299F2F220AC5}.dat
2007-08-12 20:31 32 --sha-w C:\WINDOWS\{FD568BA8-F7C5-4F5B-94FE-90F5B09AB304}.dat
2007-08-12 20:31 32 --sha-w C:\WINDOWS\{9CD443B6-CB04-4072-9905-F69752C470A0}.dat
2007-08-12 20:32 32 --sha-w C:\WINDOWS\{36BDFC43-F583-44B3-812A-8EB2A11BFA7A}.dat
2007-08-12 20:33 32 --sha-w C:\WINDOWS\{B0319E5F-6BAB-4592-ACCE-F14BBFDE7AC9}.dat
2007-08-12 20:33 32 --sha-w C:\WINDOWS\{A5A96C98-21C8-4E84-A01B-9F3337D58C5D}.dat
2007-08-12 20:29 32 --sha-w C:\WINDOWS\system32\{24523023-1BA9-4658-8752-0846C3233EC7}.dat
2007-08-12 20:31 32 --sha-w C:\WINDOWS\system32\{36C0C029-C864-4F96-A232-25923463484C}.dat
2007-08-12 20:31 32 --sha-w C:\WINDOWS\system32\{4AAA7FA6-EF02-4208-B928-C3B9315A7970}.dat
2007-06-13 10:23 225,874 --sh--r C:\WINDOWS\system32\gtuxqbd.exe
2007-08-12 20:31 32 --sha-w C:\WINDOWS\system32\{ABC7877F-F01E-43D6-A9BF-C3D1A11EE8A5}.dat
2007-08-12 20:32 32 --sha-w C:\WINDOWS\system32\{487E73B0-BB42-4BC8-AA3E-596A780BB4B5}.dat
2007-08-12 20:33 32 --sha-w C:\WINDOWS\system32\{576048CD-0B12-43B1-B877-4F6B7A2201C5}.dat
2007-08-12 20:33 32 --sha-w C:\WINDOWS\system32\{47AEDC59-6A1C-456D-AA29-E372850B21B5}.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-28_18.52.23.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:54 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-07-17 08:59:30 1,632 ----a-w C:\WINDOWS\system32\d3d8caps.dat
+ 2008-07-31 12:53:50 1,632 ----a-w C:\WINDOWS\system32\d3d8caps.dat
- 2008-07-20 10:49:48 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat
+ 2008-08-23 02:45:38 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat
+ 2008-07-19 14:32:16 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:02 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:22 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2008-06-21 16:58:00 137,256 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-29 18:17:56 149,992 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-02-22 08:23:36 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 08:21:02 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 08:23:40 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 08:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 09:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 09:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-08-23 11:13:28 16,384 ----a-w C:\WINDOWS\temp\Perflib_Perfdata_574.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-04-01 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [BU]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-17 10:18 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [BU]
"SmileboxTray"="C:\Documents and Settings\GenPuter\Application Data\Smilebox\SmileboxTray.exe" [BU]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [BU]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-27 03:58 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 00:19 20480]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2005-04-01 12:00 77891]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 07:38 78008]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\GenPuter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\GenPuter\LOCALS~1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\GenPuter\LOCALS~1\Temp

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdcPSWX.EXE"=
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdcjswx.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDCtime.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDCwbgw.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 07:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 07:37]
R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-05-25 01:38]
R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe [2007-05-25 01:38]
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 13:28]
S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []

*Newly Created Service* - GTNDIS5
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\GenPuter\Application Data\Mozilla\Firefox\Profiles\m539r24o.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1229.1533\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 00:53:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-26 0:54:47
ComboFix-quarantined-files.txt 2008-08-26 07:54:42
ComboFix2.txt 2008-07-31 09:03:32

Pre-Run: 14,120,878,080 bytes free
Post-Run: 14,114,275,328 bytes free

186 --- E O F --- 2007-09-18 19:09:37
Back to Top
 

Maggie8
Junior Member


Date Joined Dec 2007
Total Posts : 69
  		   Posted 8-26-2008 8:47 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
Touch?....Touch?....Are you sleeping on me Mr. Touch? Ack, it's like nighttime in Denmark ja?
Back to Top
 

Maggie8
Junior Member


Date Joined Dec 2007
Total Posts : 69
  		   Posted 8-28-2008 11:01 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
Nu Jeg er fik bekymret! Jer aldrig nogen sinde holde indeværende længe hen til reagere. Er du alright?
~Margie
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-29-2008 3:25 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
Bare rolig - I´m still here smile
 
 
Open notepad and copy/paste the text in the quotebox below into it:


Quote:
 
Killall::
 
Snapshot::
 
 

Folder::
C:\FOUND.038
C:\FOUND.037
C:\FOUND.036
C:\FOUND.035
C:\FOUND.034
C:\FOUND.033
C:\FOUND.032
C:\FOUND.029
C:\FOUND.028
C:\FOUND.027
C:\FOUND.026
C:\FOUND.025
C:\FOUND.024
C:\FOUND.023
C:\FOUND.022
C:\FOUND.021
C:\FOUND.020
C:\FOUND.019
C:\FOUND.018
C:\FOUND.017
C:\FOUND.016
C:\FOUND.031
C:\Deckard
 
Driver::
XDva032

 
Save this as:
CFScript
 
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe

Then post fresh combofix  log.

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

Maggie8
Junior Member


Date Joined Dec 2007
Total Posts : 69
  		   Posted 8-29-2008 6:18 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
Glad you're okay!
###################################
ComboFix 08-08-28.04 - GenPuter 2008-08-28 22:04:29.7 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -7:00]
Running from: C:\Documents and Settings\GenPuter\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\GenPuter\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Deckard
C:\Documents and Settings\GenPuter\Application Data\macromedia\Flash Player\#SharedObjects\LB8732YW\interclick.com
C:\Documents and Settings\GenPuter\Application Data\macromedia\Flash Player\#SharedObjects\LB8732YW\interclick.com\ud.sol
C:\Documents and Settings\GenPuter\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\GenPuter\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\FOUND.016
C:\FOUND.016\FILE0000.CHK
C:\FOUND.016\FILE0001.CHK
C:\FOUND.016\FILE0002.CHK
C:\FOUND.016\FILE0003.CHK
C:\FOUND.016\FILE0004.CHK
C:\FOUND.016\FILE0005.CHK
C:\FOUND.016\FILE0006.CHK
C:\FOUND.016\FILE0007.CHK
C:\FOUND.016\FILE0008.CHK
C:\FOUND.016\FILE0009.CHK
C:\FOUND.016\FILE0010.CHK
C:\FOUND.016\FILE0011.CHK
C:\FOUND.016\FILE0012.CHK
C:\FOUND.017
C:\FOUND.017\FILE0000.CHK
C:\FOUND.017\FILE0001.CHK
C:\FOUND.018
C:\FOUND.018\FILE0000.CHK
C:\FOUND.019
C:\FOUND.019\FILE0000.CHK
C:\FOUND.019\FILE0001.CHK
C:\FOUND.019\FILE0002.CHK
C:\FOUND.020
C:\FOUND.020\FILE0000.CHK
C:\FOUND.020\FILE0001.CHK
C:\FOUND.020\FILE0002.CHK
C:\FOUND.020\FILE0003.CHK
C:\FOUND.020\FILE0004.CHK
C:\FOUND.020\FILE0005.CHK
C:\FOUND.020\FILE0006.CHK
C:\FOUND.020\FILE0007.CHK
C:\FOUND.020\FILE0008.CHK
C:\FOUND.020\FILE0009.CHK
C:\FOUND.020\FILE0010.CHK
C:\FOUND.020\FILE0011.CHK
C:\FOUND.020\FILE0012.CHK
C:\FOUND.020\FILE0013.CHK
C:\FOUND.020\FILE0014.CHK
C:\FOUND.021
C:\FOUND.021\FILE0000.CHK
C:\FOUND.021\FILE0001.CHK
C:\FOUND.022
C:\FOUND.022\FILE0000.CHK
C:\FOUND.022\FILE0001.CHK
C:\FOUND.022\FILE0002.CHK
C:\FOUND.022\FILE0003.CHK
C:\FOUND.022\FILE0004.CHK
C:\FOUND.022\FILE0005.CHK
C:\FOUND.022\FILE0006.CHK
C:\FOUND.022\FILE0007.CHK
C:\FOUND.022\FILE0008.CHK
C:\FOUND.022\FILE0009.CHK
C:\FOUND.022\FILE0010.CHK
C:\FOUND.022\FILE0011.CHK
C:\FOUND.022\FILE0012.CHK
C:\FOUND.022\FILE0013.CHK
C:\FOUND.023
C:\FOUND.023\FILE0000.CHK
C:\FOUND.023\FILE0001.CHK
C:\FOUND.023\FILE0002.CHK
C:\FOUND.024
C:\FOUND.024\FILE0000.CHK
C:\FOUND.025
C:\FOUND.025\FILE0000.CHK
C:\FOUND.026
C:\FOUND.026\FILE0000.CHK
C:\FOUND.026\FILE0001.CHK
C:\FOUND.026\FILE0002.CHK
C:\FOUND.026\FILE0003.CHK
C:\FOUND.026\FILE0004.CHK
C:\FOUND.026\FILE0005.CHK
C:\FOUND.026\FILE0006.CHK
C:\FOUND.026\FILE0007.CHK
C:\FOUND.026\FILE0008.CHK
C:\FOUND.026\FILE0009.CHK
C:\FOUND.027
C:\FOUND.027\FILE0000.CHK
C:\FOUND.027\FILE0001.CHK
C:\FOUND.027\FILE0002.CHK
C:\FOUND.027\FILE0003.CHK
C:\FOUND.027\FILE0004.CHK
C:\FOUND.027\FILE0005.CHK
C:\FOUND.028
C:\FOUND.028\FILE0000.CHK
C:\FOUND.028\FILE0001.CHK
C:\FOUND.028\FILE0002.CHK
C:\FOUND.028\FILE0003.CHK
C:\FOUND.028\FILE0004.CHK
C:\FOUND.028\FILE0005.CHK
C:\FOUND.028\FILE0006.CHK
C:\FOUND.028\FILE0007.CHK
C:\FOUND.028\FILE0008.CHK
C:\FOUND.028\FILE0009.CHK
C:\FOUND.028\FILE0010.CHK
C:\FOUND.028\FILE0011.CHK
C:\FOUND.028\FILE0012.CHK
C:\FOUND.028\FILE0013.CHK
C:\FOUND.028\FILE0014.CHK
C:\FOUND.028\FILE0015.CHK
C:\FOUND.028\FILE0016.CHK
C:\FOUND.028\FILE0017.CHK
C:\FOUND.028\FILE0018.CHK
C:\FOUND.029
C:\FOUND.029\FILE0000.CHK
C:\FOUND.029\FILE0001.CHK
C:\FOUND.029\FILE0002.CHK
C:\FOUND.031
C:\FOUND.031\FILE0000.CHK
C:\FOUND.031\FILE0001.CHK
C:\FOUND.031\FILE0002.CHK
C:\FOUND.031\FILE0003.CHK
C:\FOUND.031\FILE0004.CHK
C:\FOUND.031\FILE0005.CHK
C:\FOUND.031\FILE0006.CHK
C:\FOUND.031\FILE0007.CHK
C:\FOUND.031\FILE0008.CHK
C:\FOUND.031\FILE0009.CHK
C:\FOUND.031\FILE0010.CHK
C:\FOUND.031\FILE0011.CHK
C:\FOUND.031\FILE0012.CHK
C:\FOUND.031\FILE0013.CHK
C:\FOUND.031\FILE0014.CHK
C:\FOUND.032
C:\FOUND.032\FILE0000.CHK
C:\FOUND.032\FILE0001.CHK
C:\FOUND.033
C:\FOUND.033\FILE0000.CHK
C:\FOUND.034
C:\FOUND.034\FILE0000.CHK
C:\FOUND.034\FILE0001.CHK
C:\FOUND.034\FILE0002.CHK
C:\FOUND.034\FILE0003.CHK
C:\FOUND.035
C:\FOUND.035\FILE0000.CHK
C:\FOUND.036
C:\FOUND.036\FILE0000.CHK
C:\FOUND.036\FILE0001.CHK
C:\FOUND.036\FILE0002.CHK
C:\FOUND.037
C:\FOUND.037\FILE0000.CHK
C:\FOUND.037\FILE0001.CHK
C:\FOUND.037\FILE0002.CHK
C:\FOUND.037\FILE0003.CHK
C:\FOUND.038
C:\FOUND.038\FILE0000.CHK
C:\FOUND.038\FILE0001.CHK
C:\FOUND.038\FILE0002.CHK
C:\FOUND.038\FILE0003.CHK
C:\FOUND.038\FILE0004.CHK

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA032
-------\Service_XDva032


((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.

2008-08-27 11:19 . 2008-08-28 09:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-27 11:19 . 2008-08-27 11:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-26 09:53 . 2008-08-26 09:53 <DIR> d--hs---- C:\FOUND.039
2008-08-06 02:28 . 2008-08-06 02:28 <DIR> d-------- C:\_OTMoveIt
2008-07-30 20:13 . 2008-07-30 20:13 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-29 01:31 . 2008-07-29 01:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 01:31 . 2008-07-29 01:31 <DIR> d-------- C:\Documents and Settings\GenPuter\Application Data\Malwarebytes
2008-07-29 01:31 . 2008-07-29 01:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 01:31 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 01:31 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 22:33 --------- d-----w C:\Program Files\uTorrent
2008-07-07 22:32 --------- d-----w C:\Documents and Settings\GenPuter\Application Data\uTorrent
2008-07-02 16:34 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-01 15:59 0 ----a-w C:\Documents and Settings\GenPuter\jagex_runescape_preferences.dat
2007-08-25 08:13 92,064 ----a-w C:\Documents and Settings\GenPuter\mqdmmdm.sys
2007-08-25 08:13 9,232 ----a-w C:\Documents and Settings\GenPuter\mqdmmdfl.sys
2007-08-25 08:13 79,328 ----a-w C:\Documents and Settings\GenPuter\mqdmserd.sys
2007-08-25 08:13 66,656 ----a-w C:\Documents and Settings\GenPuter\mqdmbus.sys
2007-08-25 08:13 6,208 ----a-w C:\Documents and Settings\GenPuter\mqdmcmnt.sys
2007-08-25 08:13 5,936 ----a-w C:\Documents and Settings\GenPuter\mqdmwhnt.sys
2007-08-25 08:13 4,048 ----a-w C:\Documents and Settings\GenPuter\mqdmcr.sys
2007-08-25 08:13 25,600 ----a-w C:\Documents and Settings\GenPuter\usbsermptxp.sys
2007-08-25 08:13 22,768 ----a-w C:\Documents and Settings\GenPuter\usbsermpt.sys
2007-08-12 20:29 32 --sha-w C:\WINDOWS\{608FBE7A-AA43-4CE4-ABFA-45DB35020D6C}.dat
2007-08-12 20:31 32 --sha-w C:\WINDOWS\{07FC5982-6C31-42DC-BA72-299F2F220AC5}.dat
2007-08-12 20:31 32 --sha-w C:\WINDOWS\{FD568BA8-F7C5-4F5B-94FE-90F5B09AB304}.dat
2007-08-12 20:31 32 --sha-w C:\WINDOWS\{9CD443B6-CB04-4072-9905-F69752C470A0}.dat
2007-08-12 20:32 32 --sha-w C:\WINDOWS\{36BDFC43-F583-44B3-812A-8EB2A11BFA7A}.dat
2007-08-12 20:33 32 --sha-w C:\WINDOWS\{B0319E5F-6BAB-4592-ACCE-F14BBFDE7AC9}.dat
2007-08-12 20:33 32 --sha-w C:\WINDOWS\{A5A96C98-21C8-4E84-A01B-9F3337D58C5D}.dat
2007-08-12 20:29 32 --sha-w C:\WINDOWS\system32\{24523023-1BA9-4658-8752-0846C3233EC7}.dat
2007-08-12 20:31 32 --sha-w C:\WINDOWS\system32\{36C0C029-C864-4F96-A232-25923463484C}.dat
2007-08-12 20:31 32 --sha-w C:\WINDOWS\system32\{4AAA7FA6-EF02-4208-B928-C3B9315A7970}.dat
2007-06-13 10:23 225,874 --sh--r C:\WINDOWS\system32\gtuxqbd.exe
2007-08-12 20:31 32 --sha-w C:\WINDOWS\system32\{ABC7877F-F01E-43D6-A9BF-C3D1A11EE8A5}.dat
2007-08-12 20:32 32 --sha-w C:\WINDOWS\system32\{487E73B0-BB42-4BC8-AA3E-596A780BB4B5}.dat
2007-08-12 20:33 32 --sha-w C:\WINDOWS\system32\{576048CD-0B12-43B1-B877-4F6B7A2201C5}.dat
2007-08-12 20:33 32 --sha-w C:\WINDOWS\system32\{47AEDC59-6A1C-456D-AA29-E372850B21B5}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-04-01 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [BU]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-17 10:18 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [BU]
"SmileboxTray"="C:\Documents and Settings\GenPuter\Application Data\Smilebox\SmileboxTray.exe" [BU]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [BU]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-27 03:58 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 00:19 20480]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2005-04-01 12:00 77891]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 16:16 86016]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\GenPuter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\GenPuter\LOCALS~1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\GenPuter\LOCALS~1\Temp

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdcPSWX.EXE"=
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdcjswx.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDCtime.exe"=
"C:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDCwbgw.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 07:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 07:37]
R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-05-25 01:38]
R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe [2007-05-25 01:38]
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 13:28]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 22:09:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\LXDCSERV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-08-28 22:15:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 05:15:44
ComboFix3.txt 2008-07-31 09:03:32
ComboFix2.txt 2008-08-26 07:54:50

Pre-Run: 14,005,354,496 bytes free
Post-Run: 14,011,006,976 bytes free

308 --- E O F --- 2007-09-18 19:09:37
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-29-2008 6:38 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
I,m okay, just needed some days without infections ;-)
 
 
The log looks clean. how are things running now ?

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 

Maggie8
Junior Member


Date Joined Dec 2007
Total Posts : 69
  		   Posted 8-29-2008 7:51 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
Just fine. Thanks as always! Now, if I can get this firewall turned back on and working right maybe I won't have to "visit" you as often ;)
~Margie
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 8-29-2008 12:12 (GMT +1)    Quote: Touch, I missed you so much I had to come back:)Alert an admin about: Touch, I missed you so much I had to come back:)
Great smilewinkgrin
 
 
To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps:
System Restore
 
 
Uninstall ComboFix

Go to Start->Run, and type in ComboFix /u
Make sure there is a space between ComboFix and /u
Click Enter

This will ->
Uninstall ComboFix. Delete its related folders and files.
Reset your clock settings. Hide file extensions.
Hide the system/hidden files. And resets System Restore again.
 
Please read Tony Klein's excellent article: How I got Infected in the First Place
You are always welcome if you need help ;-)

Since this issue appears resolved ... this Topic is closed.

Do NOT post your problem in someone elses thread.
Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Back to Top
 
New Topic Locked Topic Printable version of : Touch, I missed you so much I had to come back:)
 
Forum Information
Currently it is Saturday, November 21, 2009 7:20 PM (GMT +1)
There are a total of 73.034 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 69 reply posts. View Active Threads
Who's Online
This forum has 30334 registered members. Please welcome our newest member, sushil.
36 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Constant scanning andskipped files? (3)21-11-2009 14:33:51 (Dickens)
Cannot install anti-virus softeware or do window updates... need help (17)21-11-2009 13:46:11 (superjesse)
Michael Vick jerseys (1)21-11-2009 09:42:37 (Dickens)
Arizona Cardinals Jerseys (1)21-11-2009 09:37:23 (Dickens)
How to remove this Malware/Virus (0)21-11-2009 06:54:16 (bozzack)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard