Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Trojan Attack.

  • 20-07-2010 10:02pm
    #1
    [Deleted User]
    Posts: 3,518 ✭✭✭


    Hi all,
    I've had numerous Trojan attacks over the last couple of days. I managed to get rid of most but AVG can only get some but others are inaccesible. I downloaded Malwarebytes which caught more but I still have some. The Touchpad cuts out sometimes and I'm left to use Tab to restart/shut down the laptop. I have the DDS logs if you want to see them. They were taken a few minutes from time of writing. If anyone can help I would be over the moon as this is starting to annoy me. Thanks in advance.


Comments

  • #2
    [Deleted User]
    Posts: 3,518 ✭✭✭ [Deleted User]


    Heres the DDS


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Joe at 23:30:08.30 on 20/07/2010
    Internet Explorer: 8.0.6001.18928
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.3002.1735 [GMT 1:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdvserv.exe
    C:\Windows\system32\lxdvcoms.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
    C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Joe\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Users\Joe\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Joe\Downloads\dds (1).com
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://google.atcomet.com/m/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [Google Update] "c:\users\joe\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [lxdvmon.exe] "c:\program files\lexmark x5400 series\lxdvmon.exe"
    mRun: [lxdvamon] "c:\program files\lexmark x5400 series\lxdvamon.exe"
    mRun: [Lexmark X5400 Series Fax Server] "c:\program files\lexmark x5400 series\fm3032.exe" /s
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\joe\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-ie\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: avgrsstx.dll c:\windows\system32\guard32.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-26 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-26 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-26 243024]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 224240]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 30112]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_fa807195\AEstSrv.exe [2009-6-8 81920]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921440]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
    R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
    R2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdvserv.exe [2007-10-18 98984]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-3-2 365952]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-3-2 222512]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
    S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2009-12-5 135320]

    =============== Created Last 30 ================

    2010-07-20 12:06:10 0 d
    w- c:\programdata\COMODO
    2010-07-20 00:30:31 0 d
    w- c:\program files\COMODO
    2010-07-20 00:28:39 0 d
    w- c:\programdata\Comodo Downloader
    2010-07-20 00:26:28 0 d
    w- c:\users\joe\appdata\roaming\Malwarebytes
    2010-07-20 00:26:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-20 00:26:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-20 00:26:09 0 d
    w- c:\programdata\Malwarebytes
    2010-07-20 00:26:01 0 d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-20 00:23:16 0 d
    w- C:\ie-spyad
    2010-07-19 23:38:10 0 d
    w- c:\users\joe\appdata\roaming\2DC29F5FB854B9A6A2F19D8A0F2D5359
    2010-07-15 17:23:28 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-12 01:20:14 0 d
    w- c:\windows\system32\EventProviders
    2010-07-01 15:28:36 0 d
    w- c:\windows\system32\drivers\NSS
    2010-07-01 15:28:36 0 d
    w- c:\program files\Norton Security Scan
    2010-06-24 02:00:35 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-06-24 02:00:34 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-06-24 02:00:34 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-06-24 02:00:34 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-06-24 02:00:34 1130824 ----a-w- c:\windows\system32\dfshim.dll

    ==================== Find3M ====================

    2010-07-20 00:32:34 86016 ----a-w- c:\windows\inf\infstrng.dat
    2010-07-20 00:32:34 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-07-20 00:32:33 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-07-15 17:23:29 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-15 17:22:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-06-04 10:55:40 224240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2010-06-01 18:00:52 278288 ----a-w- c:\windows\system32\guard32.dll
    2010-06-01 18:00:06 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2010-06-01 18:00:04 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
    2010-04-23 13:55:52 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-03-02 08:17:15 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-03-02 08:10:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 23:31:25.22 ===============


  • #3
    [Deleted User]
    Posts: 3,518 ✭✭✭ [Deleted User]


    Heres the Combo Fix Log.

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "Google Update"="c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-25 135664]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
    "lxdvmon.exe"="c:\program files\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]
    "lxdvamon"="c:\program files\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]
    "Lexmark X5400 Series Fax Server"="c:\program files\Lexmark X5400 Series\fm3032.exe" [2007-11-02 307880]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420]

    c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-2-4 495432]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\guard32.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):e7,6e,4a,8f,62,28,cb,01

    R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2009-12-06 135320]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
    S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [2009-01-20 81920]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
    S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-15 921440]
    S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
    S2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe [2007-10-18 594600]
    S2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdvserv.exe [2007-10-18 98984]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-24 365952]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-05 222512]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    bthsvcs REG_MULTI_SZ BthServ

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1045683542-3469161159-1505453297-1000Core.job
    - c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 10:06]

    2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1045683542-3469161159-1505453297-1000UA.job
    - c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 10:06]

    2010-06-25 c:\windows\Tasks\HPCeeScheduleForJoe.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-03-02 19:34]

    2010-07-20 c:\windows\Tasks\Norton Security Scan for Joe.job
    - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-01 23:51]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://google.atcomet.com/m/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ie&c=91&bd=Presario&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-IE\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-21 01:21
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    LOCKED REGISTRY KEYS

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'winlogon.exe'(720)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'lsass.exe'(980)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2010-07-21 01:26:44
    ComboFix-quarantined-files.txt 2010-07-21 00:26

    Pre-Run: 187,282,300,928 bytes free
    Post-Run: 188,014,637,056 bytes free

    - - End Of File - - BCE9EAE238526B31069EC9BC8E8091DF


  • #4
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    some of the combofix log is missing, can you post it again


Advertisement