Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help! PC infected with Trojan viruses

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please help! PC infected with Trojan viruses

Unread postby tupacalypse09 » May 5th, 2009, 4:59 pm

My pc seems to be working much better, its running faster. But im still having this internet problem... Maybe its from my internet provider, I will give them a call. But i might as well tell you whats wrong: I have my pc hooked up straight to the modem with the ethernet cable (no wireless), and i usually dont turn the pc off, just hibernate it.
when i do this it works perfectly fine, the internet is up and running and in perfect working condition. However, every time i have to restart the computer, or turn it off and on... The internet doesnt work. I have all the necessary "4 LED's on the modem" lit green, like the way it should be when properly working, but i have no internet. The page just keeps loading forever... Then i take the power cord off the modem, wait a bit and turn it back on.. then i have "3 green LED lights" on the modem. About 5 minutes later, the 4th light comes on and the internet should work, but it still doesnt. I keep doing this (modem off and on), then after the 4th or 5th time, the internet now works, and is perfectly fine... Its really wierd.



COMBOFIX LOG:

ComboFix 09-05-04.05 - David 05/05/2009 2:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1289 [GMT -7:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated)
FW: Symantec Client Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 )))))))))))))))))))))))))))))))
.

2009-05-04 20:34 . 2009-05-04 20:34 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-04 20:33 . 2009-05-04 20:33 -------- d-----w c:\program files\Common Files\Adobe
2009-05-04 17:15 . 2009-05-04 17:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-04 17:09 . 2009-05-04 17:11 -------- d-----w c:\documents and settings\David\.SunDownloadManager
2009-05-02 23:54 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-02 23:54 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-05-02 23:54 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-05-02 23:54 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-05-02 23:54 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-05-02 23:54 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-02 23:54 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-02 23:54 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-05-02 23:54 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-05-02 23:53 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-01 09:10 . 2009-05-01 09:10 -------- d-----w c:\documents and settings\David\Application Data\Malwarebytes
2009-05-01 09:09 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 09:09 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 09:09 . 2009-05-01 09:09 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 09:09 . 2009-05-01 09:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 07:38 . 2009-05-01 07:38 233472 ----a-w c:\windows\system32\REX Shared Library.dll
2009-05-01 06:48 . 2003-11-07 18:48 54272 ----a-w c:\windows\system32\KERNELO2.DLL
2009-04-22 09:23 . 2009-04-22 09:23 -------- d-----w c:\program files\Moleskinsoft Clone Remover 3.5
2009-04-22 04:32 . 2009-04-22 04:32 -------- d-----w c:\program files\Trend Micro
2009-04-14 05:32 . 2009-04-15 00:28 -------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-04-14 05:31 . 2009-04-15 00:28 -------- d-----w c:\program files\NCH Swift Sound
2009-04-13 03:35 . 2009-04-13 03:35 -------- d-----w C:\David Iskandaryan neve2
2009-04-10 01:05 . 2009-05-04 06:39 -------- d--h--w C:\$AVG8.VAULT$
2009-04-10 00:41 . 2009-04-29 20:31 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-10 00:41 . 2009-04-29 20:31 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-10 00:41 . 2009-04-29 20:31 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-10 00:41 . 2009-04-29 20:31 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-10 00:41 . 2009-05-05 09:07 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-10 00:41 . 2009-04-10 00:56 -------- d-----w c:\documents and settings\David\Application Data\AVGTOOLBAR
2009-04-10 00:41 . 2009-04-10 00:41 -------- d-----w c:\program files\AVG
2009-04-10 00:41 . 2009-04-17 00:03 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-09 03:12 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-09 00:14 . 2009-04-30 00:15 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-09 00:09 . 2009-04-09 00:09 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-07 23:19 . 2006-10-18 05:29 487479 ----a-w c:\windows\system32\SkinMagic.dll
2009-04-07 23:19 . 2009-04-07 23:19 -------- d-----w c:\program files\Smallvideosoft
2009-04-07 03:02 . 2009-04-07 03:02 -------- d--h--w c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 23:48 . 2007-07-15 19:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-04 20:35 . 2007-07-15 19:42 40 ----a-w c:\windows\system32\profile.dat
2009-05-04 17:14 . 2007-07-15 19:37 -------- d-----w c:\program files\Java
2009-05-03 07:15 . 2007-07-15 19:47 5427 ----a-w c:\windows\system32\EGATHDRV.SYS
2009-05-02 07:34 . 2008-07-15 21:40 -------- d-----w c:\program files\Digidesign
2009-05-01 09:34 . 2009-04-03 09:00 -------- d-----w c:\program files\Common
2009-05-01 06:48 . 2007-07-21 03:24 -------- d-----w c:\program files\VstPlugins
2009-05-01 06:48 . 2007-08-08 01:20 -------- d-----w c:\program files\Native Instruments
2009-04-10 02:26 . 2007-07-15 19:30 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 06:30 . 2008-10-12 07:36 -------- d-----w c:\program files\Winamp
2009-04-08 06:30 . 2009-03-18 06:31 -------- d-----w c:\program files\iTunes
2009-04-07 10:52 . 2008-01-11 09:14 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-23 06:30 . 2007-07-15 20:00 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-18 06:31 . 2009-03-18 06:31 -------- d-----w c:\program files\iPod
2009-03-18 06:30 . 2009-03-18 06:30 -------- d-----w c:\program files\QuickTime
2009-03-18 06:13 . 2008-05-09 01:07 -------- d-----w c:\program files\Apple Software Update
2009-03-06 14:00 . 2006-04-30 05:11 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 06:59 . 2009-03-18 06:28 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2008-05-09 01:07 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2006-04-30 05:11 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2006-04-30 05:10 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2006-04-30 05:10 1847424 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2006-04-30 05:10 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2006-04-30 05:10 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2006-04-30 05:10 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2006-04-30 05:11 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2006-04-30 05:10 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2006-04-30 05:11 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2006-04-30 05:11 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-03 22:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-01-26 10:27 . 2008-02-23 06:49 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-26 10:27 . 2008-02-23 06:49 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-26 10:27 . 2008-02-23 06:49 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-26 10:27 . 2008-02-23 06:49 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-26 10:27 . 2008-02-23 06:49 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-08 22:08 . 2009-01-08 22:08 24418 --sha-w c:\windows\system32\pijifazo.exe
2009-01-08 22:08 . 2009-01-08 22:08 38989 --sha-w c:\windows\system32\pojeguno.dll
2009-01-08 22:08 . 2009-01-08 22:08 50560 --sha-w c:\windows\system32\yodogugo.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-05-04_09.23.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-04 20:37 . 2009-05-04 20:37 16384 c:\windows\Temp\Perflib_Perfdata_8e8.dat
+ 2009-05-04 20:37 . 2009-05-04 20:37 16384 c:\windows\Temp\Perflib_Perfdata_42c.dat
+ 2009-05-04 17:15 . 2009-05-04 17:14 148888 c:\windows\system32\javaws.exe
+ 2009-05-04 17:15 . 2009-05-04 17:14 144792 c:\windows\system32\javaw.exe
+ 2009-05-04 17:15 . 2009-05-04 17:14 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-29 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2006-03-16 106496]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ----a-w c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-02-19 23:03 32768 ----a-w c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-29 20:31 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w c:\windows\system32\tphklock.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave10"= Digi32.dll
"Midi1"= ma_cmidn.dll
"Midi2"= mbx2midu.dll
"Midi3"= diomidi.dll
"midi4"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 gupdate1c98c02e135702e;Google Update Service (gupdate1c98c02e135702e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2007-10-31 97808]
R3 DfuUsb;DfuUsb;c:\windows\system32\DRIVERS\DFUUsb.sys [2001-11-27 10880]
R3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\system32\DRIVERS\mausbmr.sys [2006-06-28 110464]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [2007-10-31 21648]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R3 SavRoam;SavRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2005-08-19 124608]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2006-11-24 18432]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-29 12552]
S0 DigiFilter;DigiFilter;c:\windows\System32\drivers\DigiFilt.sys [2006-12-09 16384]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-30 64160]
S0 Shockprf;Shockprf; [x]
S1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2005-11-08 11520]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-29 325896]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-29 108552]
S1 IBMTPCHK;IBMTPCHK;c:\windows\system32\Drivers\IBMBLDID.sys [2006-01-13 6016]
S1 ShockMgr;ShockMgr; [x]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2006-05-25 4442]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-29 298776]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-12 30312]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2007-10-31 16400]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-30 953168]
S2 MAudioMicroService;M-Audio Micro Installer;c:\program files\M-Audio\M-Audio Micro\MAUSBMRInst.exe [2006-06-27 57344]
S2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 58368]
S2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
S3 iLokDrvr;iLok;c:\windows\system32\DRIVERS\iLokDrvr.sys [2008-06-05 54256]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2007-10-31 21904]


--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrv10733

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db10c14d-09ef-11dd-bbdc-001558c8d3d2}]
\Shell\AutoRun\command - f:\wd_windows_tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:15]

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-05-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]

2007-11-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8185137424.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]

2009-05-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 04:40]

2009-05-04 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-07-15 16:13]

2008-05-04 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-01-11 22:31]

2007-07-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-07-15 00:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI01DA~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\3u4nshrs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 03:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1412)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\igfxdev.dll
c:\windows\system32\notifyf2.dll

- - - - - - - > 'explorer.exe'(5852)
c:\windows\system32\PROCHLP.DLL
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-05 3:15
ComboFix-quarantined-files.txt 2009-05-05 10:15
ComboFix2.txt 2009-05-04 09:24
ComboFix3.txt 2009-05-03 00:19

Pre-Run: 8,998,342,656 bytes free
Post-Run: 9,050,894,336 bytes free

290 --- E O F --- 2009-05-04 05:39






HIJACK THIS LOG:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:01 PM, on 5/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/welcome/thinkpad
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI01DA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98c02e135702e) (gupdate1c98c02e135702e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M-Audio Micro Installer (MAudioMicroService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 17724 bytes
tupacalypse09
Active Member
 
Posts: 13
Joined: April 22nd, 2009, 12:36 am
Advertisement
Register to Remove

Re: Please help! PC infected with Trojan viruses

Unread postby DFW » May 5th, 2009, 5:37 pm

  • Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
     
    DEQUARANTINE::
    C:\Qoobox\Quarantine\c\program files\ThinkPad\ConnectUtilities\ACGina.dll.vir
    QUIT::
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Post back

DeQuarantine_log.txt

Sounds like you have a motorola cable modem, is that correct??, do you also use a router.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Please help! PC infected with Trojan viruses

Unread postby tupacalypse09 » May 6th, 2009, 12:15 am

I dont use a router, and its a Siemens speedstream 4100 modem.



combofix log:

ComboFix 09-05-05.03 - David 05/05/2009 21:05.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1299 [GMT -7:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated)
FW: Symantec Client Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-05-04 20:34 . 2009-05-04 20:34 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-04 20:33 . 2009-05-04 20:33 -------- d-----w c:\program files\Common Files\Adobe
2009-05-04 17:15 . 2009-05-04 17:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-04 17:09 . 2009-05-04 17:11 -------- d-----w c:\documents and settings\David\.SunDownloadManager
2009-05-02 23:54 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-02 23:54 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-05-02 23:54 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-05-02 23:54 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-05-02 23:54 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-05-02 23:54 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-02 23:54 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-02 23:54 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-05-02 23:54 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-05-02 23:53 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-01 09:10 . 2009-05-01 09:10 -------- d-----w c:\documents and settings\David\Application Data\Malwarebytes
2009-05-01 09:09 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 09:09 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 09:09 . 2009-05-01 09:09 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 09:09 . 2009-05-01 09:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 07:38 . 2009-05-01 07:38 233472 ----a-w c:\windows\system32\REX Shared Library.dll
2009-05-01 06:48 . 2003-11-07 18:48 54272 ----a-w c:\windows\system32\KERNELO2.DLL
2009-04-22 09:23 . 2009-04-22 09:23 -------- d-----w c:\program files\Moleskinsoft Clone Remover 3.5
2009-04-22 04:32 . 2009-04-22 04:32 -------- d-----w c:\program files\Trend Micro
2009-04-14 05:32 . 2009-04-15 00:28 -------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-04-14 05:31 . 2009-04-15 00:28 -------- d-----w c:\program files\NCH Swift Sound
2009-04-10 01:05 . 2009-05-04 06:39 -------- d--h--w C:\$AVG8.VAULT$
2009-04-10 00:41 . 2009-04-29 20:31 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-10 00:41 . 2009-04-29 20:31 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-10 00:41 . 2009-04-29 20:31 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-10 00:41 . 2009-04-29 20:31 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-10 00:41 . 2009-05-05 09:07 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-10 00:41 . 2009-04-10 00:56 -------- d-----w c:\documents and settings\David\Application Data\AVGTOOLBAR
2009-04-10 00:41 . 2009-04-10 00:41 -------- d-----w c:\program files\AVG
2009-04-10 00:41 . 2009-04-17 00:03 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-09 03:12 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-09 00:14 . 2009-04-30 00:15 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-09 00:09 . 2009-04-09 00:09 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-07 23:19 . 2006-10-18 05:29 487479 ----a-w c:\windows\system32\SkinMagic.dll
2009-04-07 23:19 . 2009-04-07 23:19 -------- d-----w c:\program files\Smallvideosoft
2009-04-07 03:02 . 2009-04-07 03:02 -------- d--h--w c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 03:10 . 2007-07-15 19:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-05 10:16 . 2007-07-15 19:42 40 ----a-w c:\windows\system32\profile.dat
2009-05-04 17:14 . 2007-07-15 19:37 -------- d-----w c:\program files\Java
2009-05-03 07:15 . 2007-07-15 19:47 5427 ----a-w c:\windows\system32\EGATHDRV.SYS
2009-05-02 07:34 . 2008-07-15 21:40 -------- d-----w c:\program files\Digidesign
2009-05-01 09:34 . 2009-04-03 09:00 -------- d-----w c:\program files\Common
2009-05-01 06:48 . 2007-07-21 03:24 -------- d-----w c:\program files\VstPlugins
2009-05-01 06:48 . 2007-08-08 01:20 -------- d-----w c:\program files\Native Instruments
2009-04-10 02:26 . 2007-07-15 19:30 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 06:30 . 2008-10-12 07:36 -------- d-----w c:\program files\Winamp
2009-04-08 06:30 . 2009-03-18 06:31 -------- d-----w c:\program files\iTunes
2009-04-07 10:52 . 2008-01-11 09:14 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-23 06:30 . 2007-07-15 20:00 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-18 06:31 . 2009-03-18 06:31 -------- d-----w c:\program files\iPod
2009-03-18 06:30 . 2009-03-18 06:30 -------- d-----w c:\program files\QuickTime
2009-03-18 06:13 . 2008-05-09 01:07 -------- d-----w c:\program files\Apple Software Update
2009-03-06 14:00 . 2006-04-30 05:11 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 06:59 . 2009-03-18 06:28 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2008-05-09 01:07 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2006-04-30 05:11 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2006-04-30 05:10 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2006-04-30 05:10 1847424 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2006-04-30 05:10 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2006-04-30 05:10 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2006-04-30 05:10 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2006-04-30 05:11 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2006-04-30 05:10 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2006-04-30 05:11 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2006-04-30 05:11 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-03 22:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-01-26 10:27 . 2008-02-23 06:49 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-26 10:27 . 2008-02-23 06:49 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-26 10:27 . 2008-02-23 06:49 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-26 10:27 . 2008-02-23 06:49 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-26 10:27 . 2008-02-23 06:49 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-08 22:08 . 2009-01-08 22:08 24418 --sha-w c:\windows\system32\pijifazo.exe
2009-01-08 22:08 . 2009-01-08 22:08 38989 --sha-w c:\windows\system32\pojeguno.dll
2009-01-08 22:08 . 2009-01-08 22:08 50560 --sha-w c:\windows\system32\yodogugo.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-05-04_09.23.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-05 22:08 . 2009-05-05 22:08 16384 c:\windows\Temp\Perflib_Perfdata_a90.dat
+ 2009-05-05 22:08 . 2009-05-05 22:08 16384 c:\windows\Temp\Perflib_Perfdata_20c.dat
+ 2009-05-04 17:15 . 2009-05-04 17:14 148888 c:\windows\system32\javaws.exe
+ 2009-05-04 17:15 . 2009-05-04 17:14 144792 c:\windows\system32\javaw.exe
+ 2009-05-04 17:15 . 2009-05-04 17:14 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-29 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2006-03-16 106496]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ----a-w c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-02-19 23:03 32768 ----a-w c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-29 20:31 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w c:\windows\system32\tphklock.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave10"= Digi32.dll
"Midi1"= ma_cmidn.dll
"Midi2"= mbx2midu.dll
"Midi3"= diomidi.dll
"midi4"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/9/2009 5:41 PM 12552]
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [7/15/2008 4:49 PM 16384]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/8/2009 5:14 PM 64160]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [7/15/2007 12:30 PM 88576]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/9/2009 5:41 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/9/2009 5:41 PM 108552]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [7/15/2007 12:30 PM 4736]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [7/15/2007 12:30 PM 4442]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/10/2009 5:24 PM 298776]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 6:50 PM 30312]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [7/15/2008 4:45 PM 16400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 953168]
R2 MAudioMicroService;M-Audio Micro Installer;c:\program files\M-Audio\M-Audio Micro\MAUSBMRInst.exe [7/22/2007 6:17 PM 57344]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 4:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 3:55 PM 3968]
R3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2/29/2008 3:38 AM 54256]
S2 gupdate1c98c02e135702e;Google Update Service (gupdate1c98c02e135702e);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2009 9:40 PM 133104]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [7/15/2008 4:45 PM 97808]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [11/27/2001 3:46 PM 10880]
S3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\system32\drivers\mausbmr.sys [7/22/2007 6:17 PM 110464]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [7/15/2008 4:45 PM 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [7/15/2008 4:45 PM 21904]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [8/18/2005 5:22 PM 124608]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [8/8/2007 7:39 PM 18432]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrv10733

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db10c14d-09ef-11dd-bbdc-001558c8d3d2}]
\Shell\AutoRun\command - f:\wd_windows_tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:15]

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-05-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]

2007-11-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8185137424.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 04:40]

2009-05-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-07-15 16:13]

2008-05-04 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-01-11 22:31]

2007-07-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-07-15 00:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI01DA~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\3u4nshrs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 21:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1416)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\igfxdev.dll
c:\windows\system32\notifyf2.dll

- - - - - - - > 'explorer.exe'(5536)
c:\windows\system32\PROCHLP.DLL
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-06 21:10
ComboFix-quarantined-files.txt 2009-05-06 04:10
ComboFix2.txt 2009-05-05 10:15
ComboFix3.txt 2009-05-04 09:24
ComboFix4.txt 2009-05-03 00:19

Pre-Run: 9,094,066,176 bytes free
Post-Run: 9,079,070,720 bytes free

288 --- E O F --- 2009-05-04 05:39
tupacalypse09
Active Member
 
Posts: 13
Joined: April 22nd, 2009, 12:36 am

Re: Please help! PC infected with Trojan viruses

Unread postby DFW » May 6th, 2009, 3:25 am

Hi tupacalypse09

I have just only just noticed that you have 2 Antivirus Programs installed, Symantec AntiVirus and AVG Anti-Virus.
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
Having two anti-virus programs running at the same time will cause your computer to run very slow, become unstable and crash.
Please remove one of them, the Combofix log says that the Symantec AV is outdated, if Symantec cannot be updated as it's subscription is out
I would remove it and keep AVG.


Can you please go to your C Drive, then Qoobox folder, inside that folder you wil see "ComboFix-quarantined-files" LOG,
copy/paste the contents of that document back here in your next post


Also look on your C Drive and see if there is a "DeQuarantine" Log present, if present and copy/paste the contents of that document back here in your next post.


Post Back
ComboFix-quarantined-files LOG
DeQuarantine Log (if present)
A New HijackThis Log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Please help! PC infected with Trojan viruses

Unread postby tupacalypse09 » May 6th, 2009, 3:46 am

Ok I got rid of the symantic antivirus. Heres the ComboFix-quarantined-files:


2009-05-04 09:18:25 . 2009-05-06 04:05:48 0 ----a-w C:\Qoobox\Quarantine\catchme.txt
2009-05-03 00:05:17 . 2009-05-06 04:07:57 7,726 ----a-w C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-05-02 23:56:41 . 2009-05-06 04:05:15 464 ----a-w C:\Qoobox\Quarantine\catchme.log
2009-05-01 06:48:02 . 2003-10-09 05:54:02 287,743 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\LOOP.exe.vir
2009-04-09 22:32:33 . 2009-04-09 22:32:33 2,713 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\pasogeso.dll.vir
2009-01-09 10:08:27 . 2009-01-09 10:08:27 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\vawujare.dll.vir
2009-01-09 10:08:27 . 2009-01-09 10:08:27 79,872 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\yuzuzunu.dll.vir
2009-01-08 22:08:24 . 2009-01-08 22:08:24 34,588 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\haheboye.dll.vir
2009-01-07 22:49:45 . 2009-01-07 22:49:45 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\vasezanu.dll.vir
2009-01-07 10:00:43 . 2009-01-07 10:00:43 87,552 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\mavozebu.dll.vir
2009-01-07 10:00:43 . 2009-01-07 10:00:43 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\wahewuvu.dll.vir
2009-01-06 22:00:15 . 2009-01-06 22:00:15 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\juzezube.dll.vir
2009-01-06 09:59:53 . 2009-01-06 09:59:53 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\viyopoga.dll.vir
2009-01-05 21:59:47 . 2009-01-05 21:59:47 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\matohose.dll.vir
2009-01-05 09:59:47 . 2009-01-05 09:59:47 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\lonitaji.dll.vir
2009-01-05 09:59:47 . 2009-01-05 09:59:47 87,552 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\yefuvefa.dll.vir
2009-01-04 21:59:42 . 2009-01-04 21:59:42 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\zefifaya.dll.vir
2009-01-04 21:59:42 . 2009-01-04 21:59:42 87,552 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\lihuduje.dll.vir
2009-01-04 09:59:42 . 2009-01-04 09:59:42 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\gevikeyi.dll.vir
2009-01-03 20:37:40 . 2009-01-03 20:37:40 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\supugozi.dll.vir
2009-01-03 20:37:40 . 2009-01-03 20:37:40 87,552 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\danozago.dll.vir
2009-01-03 01:36:15 . 2009-01-03 01:36:15 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\taborovu.dll.vir
2009-01-02 09:52:10 . 2009-01-02 09:52:10 49,152 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\kumudoze.dll.vir
2008-05-08 08:10:30 . 2008-05-08 22:06:07 749,673 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\ayhrskxd.ini.vir
2008-05-07 00:04:18 . 2008-05-08 08:01:25 706,786 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\oiwdtgqi.ini.vir
2008-05-06 23:58:00 . 2008-05-08 08:37:24 1,041,380 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\GPrAJRqr.ini.vir
2008-05-01 11:06:33 . 2008-05-06 22:46:04 422,187 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\jlRsrBeg.ini.vir
2007-07-15 19:46:37 . 2007-02-19 23:15:54 233,472 ----a-w C:\Qoobox\Quarantine\C\Program Files\ThinkPad\ConnectUtilities\ACGina.dll.vir





DeQuarantine Log:

C:\Qoobox\Quarantine\c\program files\ThinkPad\ConnectUtilities\ACGina.dll.vir -> c:\program files\ThinkPad\ConnectUtilities\ACGina.dll ( 233472 bytes )






Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:56 AM, on 5/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/welcome/thinkpad
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [OEMSAVHomeDirectory] cmd.exe /c rmdir "C:\Program Files\Symantec Client Security\Symantec AntiVirus\"
O4 - HKLM\..\RunOnce: [OEMCommonHomeDirectory] cmd.exe /c rmdir "C:\Program Files\Common Files\Symantec Shared\OEM\"
O4 - HKLM\..\RunOnce: [OEMSCFHomeDirectory] cmd.exe /c rmdir "C:\Program Files\Symantec Client Security\Symantec Client Firewall"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI01DA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98c02e135702e) (gupdate1c98c02e135702e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M-Audio Micro Installer (MAudioMicroService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 15914 bytes
tupacalypse09
Active Member
 
Posts: 13
Joined: April 22nd, 2009, 12:36 am

Re: Please help! PC infected with Trojan viruses

Unread postby DFW » May 6th, 2009, 4:19 am

UNINSTALL COMBOFIX

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image
You can also delete any logs we have produced, and empty your Recycle bin.


How is your Internet Connection now, reboot your system and see if there are any issues now, also confirm Combofix was deleted.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Please help! PC infected with Trojan viruses

Unread postby tupacalypse09 » May 6th, 2009, 6:14 pm

Ok i deleted combofix... i restarted my computer and the internet seems to be working fine.... thank you so much for your help.. i will definitely donate because of your work. Just one last thing... What regular steps can i take in preventing a virus infection like this in the future??
tupacalypse09
Active Member
 
Posts: 13
Joined: April 22nd, 2009, 12:36 am

Re: Please help! PC infected with Trojan viruses

Unread postby DFW » May 6th, 2009, 11:15 pm

Hi tupacalypse09

I would keep Malwarebytes' Anti-Malware installed along with ATF Cleaner. Update Malwarebytes' Anti-Malware and run scans
weekly or when ever needed, run AFT to keep your system free of useless files.



Don't forget to re-enable Spybot - Search & Destroy "TeaTimer" if you would like it turned back on,
Go into Spybot > Mode > Advanced Mode > Tools > Resident.
Check the following:
Resident "TeaTimer" (Protection of over-all system settings) Active.



Extra Protection and some information.

You need to update Windows
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
You are running Windows XP SP2, you should upgrade to SP3.
reboot your computer, and revisit the site until there are no more critical updates.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware


Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm



Read some information here how to prevent Malware.


DFW
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Please help! PC infected with Trojan viruses

Unread postby Gary R » May 8th, 2009, 3:24 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware