Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus pro 2010

Started by Hesperides69 , Oct 08 2009 06:39 PM

  • Please log in to reply

#1
Hesperides69
Posted 08 October 2009 - 06:39 PM

Hesperides69

    New Member

  • Member
  • Pip
  • 2 posts
I let my GF use my computer and somehow it got infected with "Antivirus Pro 2010", After doing alot of reading on forums from my laptop and disconecting the desktop from the internet. Couldn't find any help with the updated version of Antivirus pro, it stopped me from using Task manager or regedit or accessing AVG/SPYBOT S&D or the internet without constantly redirecting. I managed to use CC cleaner to restore some 300+ regs on my system then searched for the file in my program files and deleted what I could which was called "Antivirus Pro 2010" or near abouts from the search function. This allowed me to access websites and I downloaded Malwarebytes which removed alot of the crap... then I reinstalled AVG and Spybot and did a full sweep of the system. Although 70% of it is done I have some pieces somewhere which seems to interupt my surfing on the net and on startup It takes ages and this pops up "Error loading C:\WINDOWS\system32\config\SYSTEM~1\ntuser.dll" "%1 is not valid win32 application." and my desktop background seems to not want to come back ither. Sorry to be a pain but I've certanly run out of ideas to fix this myself.

All the best,

Hesp
  • 0

Advertisements

#2
Hesperides69
Posted 12 October 2009 - 04:27 PM

Hesperides69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here is my combo fix log

ComboFix 09-10-11.03 - Chris 12/10/2009 23:14.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1478 [GMT 1:00]
Running from: c:\documents and settings\Chris\My Documents\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\aqexagiwo.pif
c:\documents and settings\All Users\Application Data\caxyne.bat
c:\documents and settings\All Users\Application Data\gavupecow.inf
c:\documents and settings\All Users\Application Data\ivomyx.bat
c:\documents and settings\All Users\Application Data\nixuqocej.scr
c:\documents and settings\All Users\Application Data\ozovazy.dl
c:\documents and settings\All Users\Application Data\uficefu._dl
c:\documents and settings\All Users\Application Data\yruxo.bat
c:\documents and settings\All Users\Application Data\zekykur.exe
c:\documents and settings\All Users\Documents\edotifuli.exe
c:\documents and settings\All Users\Documents\gano.inf
c:\documents and settings\All Users\Documents\ozihy.exe
c:\documents and settings\Chris\Application Data\iniasd.txt
c:\documents and settings\Chris\Application Data\jifoqikyc._sy
c:\documents and settings\Chris\Application Data\jity.dl
c:\documents and settings\Chris\Application Data\nuromopi.vbs
c:\documents and settings\Chris\Application Data\obewy._sy
c:\documents and settings\Chris\Application Data\pakehe._dl
c:\documents and settings\Chris\Application Data\sozacazus.lib
c:\documents and settings\Chris\Application Data\uficity.bin
c:\documents and settings\Chris\Application Data\wypafutiw.dl
c:\documents and settings\Chris\Cookies\bolanytyg.dll
c:\documents and settings\Chris\Cookies\ehewyvig.dll
c:\documents and settings\Chris\Cookies\evoxa.pif
c:\documents and settings\Chris\Cookies\higacaqamo.reg
c:\documents and settings\Chris\Cookies\kawyduqixa.db
c:\documents and settings\Chris\Cookies\tuga.scr
c:\documents and settings\Chris\Cookies\xalimybywo.vbs
c:\documents and settings\Chris\Local Settings\Application Data\dudy.dll
c:\documents and settings\Chris\Local Settings\Application Data\geluhokoc.scr
c:\documents and settings\Chris\Local Settings\Application Data\hepilo.exe
c:\documents and settings\Chris\Local Settings\Application Data\hyligem.dll
c:\documents and settings\Chris\Local Settings\Application Data\hysityh._sy
c:\documents and settings\Chris\Local Settings\Application Data\icyzodyvo.com
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\ehytywopa.pif
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\zucowut.dl
C:\LOG19.tmp
C:\LOG21.tmp
c:\windows\esoqytuw.bin
c:\windows\etedyjob.sys
c:\windows\fivifybo.bat
c:\windows\iwegybeho.reg
c:\windows\momyv.dl
c:\windows\moruqyqo.pif
c:\windows\nijurag.bin
c:\windows\obil.bin
c:\windows\qiqibik.bin
c:\windows\ryvu.inf
c:\windows\system32\config\systemprofile\ntuser.dll
c:\windows\system32\luhy.bat
c:\windows\system32\niru.exe
c:\windows\system32\nufoje.ban
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wudevi._dl
c:\windows\system32\yreki.inf
c:\windows\system32\yvewyfu.dl
c:\windows\ujuzytiwi.pif
c:\windows\vuxu.reg
c:\windows\wovogukaro.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-09 00:07 . 2009-10-09 00:07 -------- d-----w- c:\program files\Trend Micro
2009-10-07 02:15 . 2009-10-07 02:15 -------- d-----w- C:\$AVG8.VAULT$
2009-10-07 01:48 . 2009-10-07 01:48 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 22:38 . 2009-10-06 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-06 22:36 . 2009-10-06 22:36 -------- d-----w- c:\program files\SpywareBlaster
2009-10-04 21:27 . 2009-10-04 21:27 -------- d-----w- c:\documents and settings\Chris\Application Data\Uniblue
2009-09-23 20:47 . 2009-09-23 20:47 -------- d-----w- c:\program files\iPod
2009-09-22 00:29 . 2009-09-22 00:29 -------- d-----w- c:\documents and settings\Chris\Application Data\Yahoo!
2009-09-22 00:29 . 2009-09-22 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-16 18:40 . 2009-09-23 20:48 -------- d-----w- c:\program files\iTunes
2009-09-16 18:40 . 2009-09-16 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 01:05 . 2008-03-28 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-10-09 00:54 . 2008-03-26 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-08 23:59 . 2009-09-01 18:30 -------- d-----w- c:\program files\Steam
2009-10-07 02:09 . 2008-03-26 22:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-07 01:48 . 2009-10-06 23:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-07 01:48 . 2009-10-07 01:48 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-07 01:48 . 2009-10-07 01:48 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-07 01:47 . 2009-10-07 01:47 -------- d-----w- c:\program files\AVG
2009-10-07 01:47 . 2008-03-26 22:08 84480 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 01:45 . 2009-05-07 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-07 01:44 . 2009-10-07 01:44 -------- d-----w- c:\documents and settings\Chris\Application Data\AVG8
2009-10-07 01:02 . 2009-10-07 01:02 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-10-07 01:02 . 2009-10-07 01:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 02:10 . 2009-05-08 14:35 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 02:01 . 2008-04-20 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-01 01:16 . 2009-09-01 01:15 593 ----a-w- c:\windows\wininit.tmp
2009-09-01 01:06 . 2009-08-24 07:09 -------- d-----w- c:\program files\Cryptic Studios
2009-09-01 01:06 . 2009-08-01 05:42 -------- d-----w- c:\program files\HuxleyTheDystopia
2009-09-01 01:06 . 2008-03-26 22:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-01 01:04 . 2009-09-01 01:04 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-09-01 01:04 . 2009-09-01 01:04 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-09-01 01:03 . 2009-09-01 01:03 -------- d-----w- c:\program files\Eidos Interactive
2009-08-28 18:42 . 2009-07-22 20:41 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 18:42 . 2008-04-27 09:29 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 18:00 . 2008-08-03 17:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-26 17:59 . 2008-11-26 14:47 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-26 17:58 . 2009-08-26 17:58 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-26 17:58 . 2009-08-26 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-26 17:51 . 2009-08-26 17:51 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-24 17:25 . 2009-08-24 17:25 -------- d-----w- c:\program files\MFInstall
2009-08-24 06:24 . 2009-08-23 22:23 -------- d-----w- c:\documents and settings\Chris\Application Data\IGN_DLM
2009-08-23 22:24 . 2009-08-23 22:24 -------- d-----w- c:\program files\Download Manager
2009-08-20 16:03 . 2009-08-20 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-19 18:34 . 2009-08-19 18:34 -------- d-----w- c:\program files\abit
2009-08-19 18:34 . 2009-08-19 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Universal abit
2009-08-17 02:04 . 2009-08-17 02:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 02:04 . 2009-08-17 02:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-08-17 02:03 . 2009-08-17 02:03 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 02:03 . 2009-08-17 02:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 02:03 . 2009-08-17 02:03 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 02:03 . 2009-08-17 02:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 02:03 . 2009-08-17 02:03 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 02:03 . 2009-08-17 02:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 02:03 . 2009-08-17 02:03 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 02:03 . 2009-08-17 02:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-08-17 02:03 . 2009-08-17 02:03 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-08-17 02:03 . 2009-08-17 02:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-17 02:02 . 2009-08-17 02:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 23:57 . 2009-08-16 23:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 23:57 . 2009-08-16 23:57 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 23:57 . 2009-02-18 13:44 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 23:57 . 2008-10-07 13:33 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 23:57 . 2008-03-26 22:17 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 23:57 . 2007-12-05 01:41 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 23:57 . 2007-06-28 16:43 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 23:57 . 2007-06-28 16:43 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 23:57 . 2007-06-28 16:43 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 23:57 . 2007-06-28 16:43 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 23:57 . 2007-06-28 16:43 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-15 13:30 . 2008-05-25 23:47 -------- d-----w- c:\program files\Bullfrog
2009-08-14 12:36 . 2009-08-14 12:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-11 11:35 . 2008-03-26 22:09 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 23:21 . 2009-08-02 23:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll
2009-07-29 13:03 . 2008-07-07 14:47 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-07 2023704]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-3-26 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-07 01:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"npggsvc"=3 (0x3)
"KService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\oneofmanynicks\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\oneofmanynicks\\half-life deathmatch source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\oneofmanynicks\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PLauncher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/10/2009 02:48 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/10/2009 02:48 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/10/2009 02:47 297752]
R2 WENCRNT4;WENCRNT4;c:\windows\system32\drivers\WENCRNT4.sys [10/06/2009 12:29 122368]
R3 AR2425;abit AirPace Wi-Fi Wireless Network Adapter Service;c:\windows\system32\drivers\aw5006.sys [19/08/2009 19:34 556832]
S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [26/03/2008 23:21 28160]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [07/11/2008 04:41 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [07/11/2008 04:41 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [07/11/2008 04:41 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [07/11/2008 04:41 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [07/11/2008 04:41 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [07/11/2008 04:41 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [07/11/2008 04:41 109952]
S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [26/03/2008 23:21 50176]
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [14/05/2008 22:03 15104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w550obex.sys --> c:\windows\system32\DRIVERS\w550obex.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder

2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-10-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=164.11.44.6:80
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Windows Live Search
IE: Add to Windows &Live Favorites
IE: Append to existing PDF
IE: Convert link target to Adobe PDF
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF
TCP: {8E365508-3205-4CD0-98C1-49B0E5AAD398} = 194.168.4.100,194.168.8.100
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\faqmrpzi.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ComandoMPDDeinstKey - c:\program files\Eidos Interactive\Pyro\Commandos



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 23:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-73586283-1592454029-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:be,bb,ca,48,a3,17,1b,da,67,0f,3a,7c,c8,b3,e1,73,e5,36,20,e9,0d,
07,a2,d1,c2,32,9f,ec,db,3b,08,44,b8,f0,9d,3c,d1,39,73,31,29,b5,5c,a7,db,3b,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\acs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wentxp.exe
c:\program files\AVG\AVG8\avgtray.exe
.
**************************************************************************
.
Completion time: 2009-10-12 23:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 22:24

Pre-Run: 28,038,631,424 bytes free
Post-Run: 27,875,192,832 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
344 --- E O F --- 2009-10-07 02:00
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP