[djannel]

Hello,

I'm one of the many newbies found in this forum which seeks the help of IT gurus that can help me remove the infestation that is currently affecting my PC.

Listed below you will find the HIJACK LOG.

I'm currently running Windows XP...Let me know if there's anything else I need to do, i'm at your mercy !!!

YOUR HELP IS APPRECIATED !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:02 AM, on 1/2/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {5C85366A-5046-4C48-9A77-E5A212BA1335} - C:\WINDOWS\system32\yayvWmkH.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [a8a8e7e6] "rundll32.exe" "C:\WINDOWS\system32\omyaoccc.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ffipmd.dll,fjthbv.dll,avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7605 bytes

 

[1972vet]

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please post back the following on your next reply:

C:\ComboFix.txt
New HijackThis log.

 

[djannel]

C:\ComboFix.txt
New HijackThis log.

ComboFix 08-11-28.02 - DjAnnel 2008-11-28 4:39:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.935 [GMT -5:00]
Running from: c:\tools\ComboFix.exe
Command switches used :: c:\tools\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DjAnnel\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\Downloaded Program Files\Quarantine
c:\windows\system32\batqlmwk.ini
c:\windows\system32\BReWErS.dll
c:\windows\system32\cccoaymo.ini
c:\windows\system32\ffipmd.dll
c:\windows\system32\fjthbv.dll
c:\windows\system32\fulfonsv.ini
c:\windows\system32\HkmWvyay.ini
c:\windows\system32\HkmWvyay.ini2
c:\windows\system32\mcrh.tmp
c:\windows\system32\noyqcjib.dll
c:\windows\system32\omyaoccc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 09:46 . 2008-11-27 09:46 1,851,544 --a------ C:\install_flash_player.exe
2008-11-26 09:53 . 2008-11-28 04:49 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-26 09:53 . 2008-11-26 09:53 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-26 09:53 . 2008-11-26 09:53 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-26 09:53 . 2008-11-26 09:53 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-11-26 09:53 . 2008-11-26 09:53 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-26 09:51 . 2008-11-26 09:51 <DIR> d-------- c:\program files\AVG
2008-11-26 09:51 . 2008-11-26 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-26 09:26 . 2008-11-26 09:32 69,988,904 --a------ C:\avg_ipw_stf_all_8_199a1389.exe
2008-11-26 00:38 . 2008-11-26 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogMeIn
2008-11-25 23:34 . 2008-11-25 23:34 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2008-11-23 21:49 . 2008-11-23 21:50 <DIR> d-------- c:\windows\.housecall6.6
2008-11-23 20:50 . 2008-11-23 21:00 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-10-30 22:17 . 2008-11-02 23:12 <DIR> d-------- C:\Incomplete

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 09:49 --------- d-----w c:\program files\Steam
2008-11-25 04:49 --------- d-----w c:\program files\Bonjour
2006-07-05 10:33 472,000 ----a-w c:\windows\inf\WG311T\WG311T13.sys
2006-04-25 22:30 35,232 ----a-w c:\windows\inf\WG311T\ME_INST.EXE
2006-04-25 22:30 26,112 ----a-w c:\windows\inf\WG311T\install.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Steam"="c:\program files\Steam\Steam.exe" [2003-01-01 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-18 8523776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 5367608]

c:\documents and settings\DjAnnel\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2003-01-01 557568]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-09-15 1503232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ffipmd.dll,fjthbv.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=3 (0x3)
"TmPfw"=3 (0x3)
"TMBMServer"=2 (0x2)
"SfCtlCom"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AresChatServer"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\blacknight525\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-26 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-26 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-26 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-26 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-26 231704]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2007-12-05 47640]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys []
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2005-03-22 450400]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;c:\windows\system32\DRIVERS\AN983.sys [2002-12-31 36224]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\AutoRunCD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ae15254-1d1c-11d7-bd76-806d6172696f}]
\shell\play\command - c:\program files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1
.
- - - - ORPHANS REMOVED - - - -

BHO-{5C85366A-5046-4C48-9A77-E5A212BA1335} - c:\windows\system32\yayvWmkH.dll
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\DjAnnel\Application Data\Mozilla\Firefox\Profiles\f1z7h5lq.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 04:47:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\LMIinit.dll
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(7036)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\acs.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-11-28 4:55:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-28 09:55:36

Pre-Run: 19,670,921,216 bytes free
Post-Run: 19,578,441,728 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

191 --- E O F --- 2008-03-13 07:01:24

 

[1972vet]

First I should mention, your open office suite version is out of date. Please uninstall what you have and download the latest version Here...and in addition, please be certain the you have created a "Strong" password for use with your logmein software.

Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable SpySweeper:
Open it click-->Options over to the left then-->program options-->Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck 'automatically restore default without notification".

Next, please copy the data in the code box below into notepad and save it as deletereg.reg
Set File type to "all files"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows]
"AppInit_DLLs"=-
"AppInit_DLLs"=""

Double-click that file and confirm you want to merge it with the registry. Upon completion, you can delete the deletereg.reg file.

Next, please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

File::
c:\windows\system32\drivers\sdpiosys.sys


Folder::
C:\Incomplete
C:\Program Files\uTorrent
C:\Program Files\Ares


Driver::
sdpiosys


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\Program Files\uTorrent\uTorrent.exe"=-
"c:\Program Files\Ares\Ares.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ae15254-1d1c-11d7-bd76-806d6172696f}]

 

[djannel]

Thanks for the help...

ComboFix 08-11-28.02 - DjAnnel 2008-11-28 20:01:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.682 [GMT -5:00]
Running from: c:\tools\ComboFix.exe
Command switches used :: c:\tools\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\drivers\sdpiosys.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Incomplete
c:\incomplete\downloads.bak
c:\incomplete\downloads.dat
c:\incomplete\T-4005371-Kanye West - Love Lock down.mp3
c:\incomplete\T-4005485-Kanye West - Love Lockdown..(Trackfiends.net).mp3
c:\incomplete\T-5962465-Kanye West - Love Lockdown.mp3
c:\incomplete\T-6988578-Kanye West - Love Locked Down.mp3
c:\incomplete\T-8488543-Kanye West Feat Jin - Love Lockdown (Remix)mp3.mp3
c:\incomplete\T-8746022-Kanye West - Love Lockdown.mp3
c:\program files\Ares
c:\program files\Ares\Ares.exe
c:\program files\Ares\AsyncEx.ax
c:\program files\Ares\bass.dll
c:\program files\Ares\chatServer.exe
c:\program files\Ares\data\Blocked.txt.sample
c:\program files\Ares\data\Blocked_Keywords.txt.sample
c:\program files\Ares\data\ChanListFilter.txt
c:\program files\Ares\data\ChatConf.txt
c:\program files\Ares\data\ChatLang.txt.sample
c:\program files\Ares\data\flvplayer.swf
c:\program files\Ares\data\GUI\General\buttonsbitmap.bmp
c:\program files\Ares\data\GUI\General\chat.bmp
c:\program files\Ares\data\GUI\General\emotic.bmp
c:\program files\Ares\data\GUI\General\libbig.bmp
c:\program files\Ares\data\GUI\General\listviewbitmap.bmp
c:\program files\Ares\data\GUI\General\logo.bmp
c:\program files\Ares\data\GUI\General\mainbitmap.bmp
c:\program files\Ares\data\GUI\General\mimesmall.bmp
c:\program files\Ares\data\GUI\General\mplayer.bmp
c:\program files\Ares\data\GUI\General\mshareset.bmp
c:\program files\Ares\data\GUI\General\prefs.txt
c:\program files\Ares\data\GUI\General\searchpnl.bmp
c:\program files\Ares\data\GUI\General\searchstars.bmp
c:\program files\Ares\data\GUI\General\smalltabsbitmap.bmp
c:\program files\Ares\data\GUI\General\tabsBitmap.bmp
c:\program files\Ares\data\GUI\General\tabssmall.bmp
c:\program files\Ares\data\GUI\General\trackbar.bmp
c:\program files\Ares\data\GUI\General\transfer.bmp
c:\program files\Ares\data\GUI\OsThemes\chat.bmp
c:\program files\Ares\data\GUI\OsThemes\emotic.bmp
c:\program files\Ares\data\GUI\OsThemes\libbig.bmp
c:\program files\Ares\data\GUI\OsThemes\logo.bmp
c:\program files\Ares\data\GUI\OsThemes\mimesmall.bmp
c:\program files\Ares\data\GUI\OsThemes\mshareset.bmp
c:\program files\Ares\data\GUI\OsThemes\prefs.txt
c:\program files\Ares\data\GUI\OsThemes\searchpnl.bmp
c:\program files\Ares\data\GUI\OsThemes\searchstars.bmp
c:\program files\Ares\data\GUI\OsThemes\smalltabsbitmap.bmp
c:\program files\Ares\data\GUI\OsThemes\tabsbig.bmp
c:\program files\Ares\data\GUI\OsThemes\tabssmall.bmp
c:\program files\Ares\data\GUI\OsThemes\transfer.bmp
c:\program files\Ares\data\Homepage.url
c:\program files\Ares\data\P2PFilter.txt
c:\program files\Ares\lang\Arabic.txt
c:\program files\Ares\lang\Chinese.txt
c:\program files\Ares\lang\Czech.txt
c:\program files\Ares\lang\Danish.txt
c:\program files\Ares\lang\Dutch.txt
c:\program files\Ares\lang\Finnish.txt
c:\program files\Ares\lang\French.txt
c:\program files\Ares\lang\German.txt
c:\program files\Ares\lang\Italian.txt
c:\program files\Ares\lang\Japanese.txt
c:\program files\Ares\lang\Kirghiz.txt
c:\program files\Ares\lang\Polish.txt
c:\program files\Ares\lang\Portuguese.txt
c:\program files\Ares\lang\Slovak.txt
c:\program files\Ares\lang\Spanish.txt
c:\program files\Ares\lang\Swedish.txt
c:\program files\Ares\lang\Turkish.txt
c:\program files\Ares\libfaad2.dll
c:\program files\Ares\MP3Source.ax
c:\program files\Ares\Uninstall.exe
c:\program files\uTorrent
c:\program files\uTorrent\8179-utorrent.4846.dmp
c:\program files\uTorrent\8179-utorrent.e063.dmp
c:\program files\uTorrent\uTorrent.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SDPIOSYS
-------\Service_sdpiosys


((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-28 19:53 . 2008-11-28 19:58 121 --a------ C:\deletereg.reg
2008-11-28 06:49 . 2008-11-28 06:49 <DIR> d-------- c:\program files\Windows Defender
2008-11-28 06:48 . 2008-11-28 06:48 5,154,304 --a------ C:\WindowsDefender.msi
2008-11-28 06:47 . 2008-11-28 06:47 1,478,696 --a------ C:\GenuineCheck.exe
2008-11-28 06:46 . 2008-11-28 06:46 894,504 --a------ C:\WGAPluginInstall.exe
2008-11-28 05:44 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-11-28 05:43 . 2008-11-28 05:43 <DIR> d-------- c:\program files\Research In Motion
2008-11-28 05:43 . 2008-11-28 05:43 <DIR> d-------- c:\program files\Common Files\Research In Motion
2008-11-28 05:38 . 2008-11-28 05:41 14,606,848 --a------ C:\BlackBerry USB and Modem Drivers_ITA (DM4.7b50).msi
2008-11-28 05:30 . 2008-11-28 05:30 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-28 05:30 . 2008-11-28 05:30 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-11-28 05:30 . 2008-11-28 05:30 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-11-28 05:30 . 2008-11-28 05:30 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-11-28 05:30 . 2008-11-28 05:30 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-11-28 05:28 . 2006-11-13 15:45 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-11-28 05:28 . 2007-06-18 15:18 23,680 --a------ c:\windows\system32\drivers\motport.sys
2008-11-28 05:28 . 2007-06-18 15:18 23,680 --a------ c:\windows\system32\drivers\motmodem.sys
2008-11-28 05:28 . 2008-08-21 18:49 18,688 --a------ c:\windows\system32\drivers\motccgp.sys
2008-11-28 05:28 . 2008-08-21 18:49 8,320 --a------ c:\windows\system32\drivers\motccgpfl.sys
2008-11-28 05:28 . 2007-11-02 15:51 6,400 --a------ c:\windows\system32\drivers\motswch.sys
2008-11-28 05:27 . 2008-11-28 05:27 <DIR> d-------- c:\program files\Common Files\Motorola Shared
2008-11-28 05:22 . 2008-11-28 05:48 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-27 09:46 . 2008-11-27 09:46 1,851,544 --a------ C:\install_flash_player.exe
2008-11-26 09:53 . 2008-11-28 15:31 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-26 09:53 . 2008-11-26 09:53 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-26 09:53 . 2008-11-26 09:53 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-26 09:53 . 2008-11-26 09:53 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-11-26 09:53 . 2008-11-26 09:53 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-26 09:51 . 2008-11-26 09:51 <DIR> d-------- c:\program files\AVG
2008-11-26 09:51 . 2008-11-26 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-26 09:26 . 2008-11-26 09:32 69,988,904 --a------ C:\avg_ipw_stf_all_8_199a1389.exe
2008-11-26 00:38 . 2008-11-26 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogMeIn
2008-11-25 23:34 . 2008-11-25 23:34 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2008-11-23 21:49 . 2008-11-23 21:50 <DIR> d-------- c:\windows\.housecall6.6
2008-11-23 20:50 . 2008-11-23 21:00 <DIR> d-------- c:\program files\EsetOnlineScanner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 09:50 --------- d-----w c:\program files\Steam
2008-11-25 04:49 --------- d-----w c:\program files\Bonjour
.

((((((((((((((((((((((((((((( [email protected]_ 4.54.56.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-28 10:43:24 26,694 ----a-r c:\windows\Installer\{AAA8A53C-894F-4835-9959-1C8E73260942}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2008-11-28 10:43:25 26,694 ----a-r c:\windows\Installer\{AAA8A53C-894F-4835-9959-1C8E73260942}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
+ 2008-05-21 00:33:50 22,784 ----a-w c:\windows\system32\drivers\RimUsb.sys
+ 2006-11-02 12:22:54 492,000 ------w c:\windows\system32\drivers\wdf01000.sys
+ 2006-11-02 12:22:52 32,224 ------w c:\windows\system32\drivers\wdfldr.sys
+ 2008-08-21 23:49:22 18,688 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\motccgp.sys
+ 2008-08-21 23:49:56 8,320 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\motccgpfl.sys
+ 2007-11-02 20:51:28 6,400 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\motswch.sys
+ 2006-11-13 20:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\wdfcoinstaller01005.dll
+ 2007-06-18 20:18:26 23,680 -c--a-w c:\windows\system32\DRVSTORE\motmodem_8AAFC1213735C79BDDFE23749C53BFC0F01512CA\motmodem.sys
+ 2006-11-13 20:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motmodem_8AAFC1213735C79BDDFE23749C53BFC0F01512CA\wdfcoinstaller01005.dll
+ 2006-07-28 13:10:08 6,144 -c--a-w c:\windows\system32\DRVSTORE\motodrv_EBD40518FA36F6DD08A0EAF14AED13D857D9FFFC\mot_ci.dll
+ 2007-10-10 22:41:50 42,112 -c--a-w c:\windows\system32\DRVSTORE\motodrv_EBD40518FA36F6DD08A0EAF14AED13D857D9FFFC\motodrv.sys
+ 2007-01-24 03:36:20 6,016 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_9F591433B82B0F093333CEA94EE84F00E7481D04\motfilt.sys
+ 2008-03-03 21:03:10 23,296 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_9F591433B82B0F093333CEA94EE84F00E7481D04\Motousbnet.sys
+ 2007-11-02 20:51:28 6,400 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_9F591433B82B0F093333CEA94EE84F00E7481D04\motswch.sys
+ 2006-11-13 20:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_9F591433B82B0F093333CEA94EE84F00E7481D04\wdfcoinstaller01005.dll
+ 2007-06-18 20:18:26 23,680 -c--a-w c:\windows\system32\DRVSTORE\motport_50487F381F70FF5572305B1B459E22B860F1D8C7\motport.sys
+ 2006-11-13 20:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motport_50487F381F70FF5572305B1B459E22B860F1D8C7\wdfcoinstaller01005.dll
- 2008-11-26 05:33:38 77,824 ----a-w c:\windows\system32\kdfapi.dll
+ 2008-11-29 00:48:52 77,824 ----a-w c:\windows\system32\kdfapi.dll
- 2008-11-26 05:33:37 53,248 ----a-w c:\windows\system32\Kdfhok.dll
+ 2008-11-29 00:48:52 53,248 ----a-w c:\windows\system32\Kdfhok.dll
- 2008-11-26 05:33:36 726,568 ----a-w c:\windows\system32\kdfmgr.exe
+ 2008-11-29 00:48:50 726,568 ----a-w c:\windows\system32\kdfmgr.exe
- 2008-11-26 05:33:38 192,512 ----a-w c:\windows\system32\kdfvmgr.exe
+ 2008-11-29 00:48:52 192,512 ----a-w c:\windows\system32\kdfvmgr.exe
+ 2006-07-28 13:10:08 6,144 ----a-w c:\windows\system32\mot_ci.dll
+ 2004-08-04 04:08:48 26,496 ----a-w c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\USBSTOR.SYS
+ 2007-01-18 15:24:58 26,496 ----a-r c:\windows\system32\ReinstallBackups\0008\DriverFiles\RimSerial.sys
- 2007-03-06 01:22:36 14,048 ------w c:\windows\system32\spmsg.dll
+ 2006-10-09 02:51:14 14,640 ------w c:\windows\system32\spmsg.dll
- 2006-09-06 22:43:16 22,752 ------w c:\windows\system32\spupdsvc.exe
+ 2006-10-09 02:51:14 23,856 ----a-w c:\windows\system32\spupdsvc.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Steam"="c:\program files\Steam\Steam.exe" [2003-01-01 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-18 8523776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-17 615696]

c:\documents and settings\DjAnnel\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2003-01-01 557568]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-09-15 1503232]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ffipmd.dll,fjthbv.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=3 (0x3)
"TmPfw"=3 (0x3)
"TMBMServer"=2 (0x2)
"SfCtlCom"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AresChatServer"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\blacknight525\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-26 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-26 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-26 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-26 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-26 231704]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2007-12-05 47640]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2005-03-22 450400]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;c:\windows\system32\DRIVERS\AN983.sys [2002-12-31 36224]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-11-28 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-11-28 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2008-11-28 23680]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\AutoRunCD.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 20:32:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\acs.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-11-28 20:37:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-29 01:37:42
ComboFix2.txt 2008-11-28 09:56:02

Pre-Run: 18,701,975,552 bytes free
Post-Run: 18,690,940,928 bytes free

289 --- E O F --- 2008-03-13 07:01:24

 

[1972vet]

Did you have problems with any of my instructions? Were you able to complete everything ok?

 

[djannel]

Everything worked out perfect...Cant say how happy I am that I see no more popups and spyware.

A BIG THANK YOU is in effect for your efforts and I will def keep you in mind for future probs.

 

[1972vet]

Did you have problems with any of my instructions? Were you able to complete everything ok?

Everything worked out perfect...Cant say how happy I am that I see no more popups and spyware.

The reason I asked is because the log shows us that you failed to complete the instructions successfully. Can you go back over the instructions carefully and post back a fresh? Thanks!

 

[1972vet]

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help