Having trouble with a Trojan

Status
Not open for further replies.

Rozzanger

Baseband Member
Messages
24
Hello there.

I'm having trouble getting rid of a trojan horse virus I got yesterday. I've run AVG and MalwareBytes several times but the problem still persists. The first time I ran MalwareBytes it removed several infected files but I am still getting warings from AVG regarding threat detections, but when AVG tries to remove them I get an error message reading "Specified file was not found." When I manually go to the files location in C: the files are not there.

According to AVG the virus is called 'Trojan Horse SHeur2.BXNY' I have tried to find a removal guide via Google but none have worked so far. The main annoyances the virus has brought include frequently being promted about new infections by AVG, despite the files not existing in the specified locations, and when I click on URLs in my web browser (I currently use Firefox 5) I get redirected to pages that advertise gambling/porn etc., instead of the page I want.

I would appreciate any advice on how to remove this trojan since it is getting to be very annoying, despite (appearing) not to be doing any serious damage.

Thank you
 
COMBOFIX PART 1:

ComboFix 09-12-11.01 - Owner 11/12/2009 19:01:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1125 [GMT 0:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\System Defender
c:\documents and settings\Owner\Local Settings\Application Data\{F6D74AC3-C563-4D0E-89F7-8201ED77337F}
c:\documents and settings\Owner\Local Settings\Application Data\{F6D74AC3-C563-4D0E-89F7-8201ED77337F}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{F6D74AC3-C563-4D0E-89F7-8201ED77337F}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{F6D74AC3-C563-4D0E-89F7-8201ED77337F}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{F6D74AC3-C563-4D0E-89F7-8201ED77337F}\install.rdf
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-2298946822-3142497278-1171021050-500
c:\windows\run.log
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
c:\windows\system32\drivers\npf.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qtplugin.exe
c:\windows\system32\R-EJ-O-_0tQK.exe
c:\windows\system32\schtml
c:\windows\system32\sdra64.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTIPOL
-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.

2009-12-11 00:00 . 2009-12-11 00:00 -------- d-sh--w- c:\documents and settings\Owner\Application Data\SystemProc
2009-12-08 17:48 . 2009-12-11 19:17 70688 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-08 17:48 . 2009-12-11 19:17 5478176 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-08 17:15 . 2009-12-08 17:15 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-08 17:15 . 2009-12-08 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-12-08 17:15 . 2009-12-08 17:15 -------- d-----w- c:\program files\ParetoLogic
2009-12-08 17:15 . 2009-12-08 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-12-08 17:14 . 2009-12-08 17:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2009-12-08 01:21 . 2009-12-09 00:49 0 ----a-w- c:\windows\Twupewoqanedev.bin
2009-12-08 01:21 . 2009-12-09 05:17 120 ----a-w- c:\windows\Ifeseyojiyedoh.dat
2009-12-08 01:18 . 2009-12-08 01:18 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSKJPIQD_APDM
2009-12-08 01:18 . 2009-12-08 01:18 -------- d-----w- c:\documents and settings\Owner\.COMMgr
2009-12-08 01:18 . 2009-12-08 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\a78badf
2009-12-08 01:16 . 2009-12-08 01:16 -------- d-sh--w- c:\documents and settings\Owner\Application Data\System
2009-12-08 01:16 . 2009-12-08 01:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Mozilla Firefox
2009-12-05 02:04 . 2009-12-05 02:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Easy CD-DA Extractor
2009-12-05 02:04 . 2009-12-07 06:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-05 02:03 . 2009-12-05 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-12-05 02:03 . 2009-12-05 02:03 -------- d-----w- c:\program files\Easy CD-DA Extractor 12
2009-12-05 02:03 . 2009-12-05 02:03 -------- d-----w- c:\windows\Easy CD-DA Extractor 12.0.4
2009-11-21 13:38 . 2009-11-21 13:38 -------- d-----w- c:\documents and settings\Owner\Tracing
2009-11-21 13:37 . 2009-11-21 13:37 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-21 13:35 . 2009-11-21 13:35 -------- d-----w- c:\program files\Microsoft
2009-11-21 13:35 . 2009-11-21 13:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-21 13:29 . 2009-11-21 13:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-19 11:45 . 2009-11-19 11:45 1183744 ----a-w- c:\windows\system32\z2b4kwnD4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 19:15 . 2009-12-08 17:48 7556 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-11 19:15 . 2009-12-08 17:48 74324 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-11 00:00 . 2009-12-11 00:00 59392 --sh--w- c:\documents and settings\Owner\Application Data\SystemProc\lsass.exe
2009-12-09 17:13 . 2008-09-08 15:55 -------- d-----w- c:\program files\World of Warcraft
2009-12-08 17:49 . 2009-12-08 17:49 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2009-12-08 01:16 . 2009-12-08 01:16 59392 --sh--w- c:\documents and settings\Owner\Application Data\System\lsass.exe
2009-11-30 13:44 . 2008-10-06 17:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-11-30 13:43 . 2008-10-06 17:58 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-11-26 12:47 . 2009-12-11 17:23 2063640 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-26 12:47 . 2009-12-11 17:23 3514648 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-11-26 12:47 . 2009-12-11 17:23 2029336 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-11-21 13:37 . 2008-07-26 11:28 43536 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 13:37 . 2008-09-10 16:18 -------- d-----w- c:\program files\Windows Live
2009-11-21 13:37 . 2008-07-22 23:44 -------- d-----w- c:\program files\Windows Live Toolbar
2009-11-09 01:00 . 2009-11-09 01:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Octoshape
2009-11-06 13:49 . 2009-12-08 01:18 457688 ----a-w- c:\documents and settings\All Users\Application Data\a78badf\sqlite3.dll
2009-11-06 13:49 . 2009-12-08 01:18 722392 ----a-w- c:\documents and settings\All Users\Application Data\a78badf\mozcrt19.dll
2009-10-26 15:02 . 2008-09-27 11:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-26 14:55 . 2009-10-26 14:54 -------- d-----w- c:\program files\iTunes
2009-10-26 14:55 . 2009-10-26 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-26 14:54 . 2009-10-26 14:54 -------- d-----w- c:\program files\iPod
2009-10-26 14:53 . 2009-10-26 14:53 -------- d-----w- c:\program files\Bonjour
2009-10-26 14:52 . 2009-10-26 14:52 -------- d-----w- c:\program files\QuickTime
2009-10-26 14:52 . 2008-09-27 11:25 -------- d-----w- c:\program files\Common Files\Apple
2009-10-18 15:48 . 2009-02-06 14:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Ventrilo
2009-10-16 07:40 . 2008-06-23 20:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-16 07:40 . 2009-06-09 02:08 -------- d-----w- c:\program files\THQ
2009-10-16 07:38 . 2009-05-02 18:37 -------- d-----w- c:\documents and settings\Owner\Application Data\My Battle for Middle-earth Files
2009-10-14 16:14 . 2009-10-14 16:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-14 16:14 . 2009-10-14 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 16:14 . 2009-10-14 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-14 16:04 . 2008-10-31 14:44 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-09-21 17:09 . 2009-09-21 17:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-11-19 11:45 . 2009-12-08 01:18 1265664 ----a-w- c:\program files\mozilla firefox\components\JCluyp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f6e5180e-0c46-e5c9-9406-a1ccd9357ffb}]
2009-11-19 11:45 1183744 ----a-w- c:\windows\system32\z2b4kwnD4.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-03-16 31840]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2007-08-23 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 439856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2007-11-01 1475072]
"btbb_wcm_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe" [2007-11-29 1474048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-18 150040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"ParetoLogic Anti-Virus PLUS"="c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe" [2009-02-18 2659664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"RTHDBPL"="c:\documents and settings\Owner\Application Data\SystemProc\lsass.exe" [2009-12-11 59392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]
HallsLogon_Old_New_S.exe [2008-7-4 937984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-05-31 20:57 155648 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-03 11:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\utorent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"10622:TCP"= 10622:TCP:WaR1
"8040:TCP"= 8040:TCP:WaR2
"8041:TCP"= 8041:TCP:WaR3
"8042:TCP"= 8042:TCP:WaR4
"8043:TCP"= 8043:TCP:WaR4
"8044:TCP"= 8044:TCP:WaR5
"8045:TCP"= 8045:TCP:WaR6
"8046:TCP"= 8046:TCP:WaR7
"8047:TCP"= 8047:TCP:WaR8
"1024:UDP"= 1024:UDP:WaR10
"65535:UDP"= 65535:UDP:WaR11
"6881:TCP"= 6881:TCP:WaR12
"6882:TCP"= 6882:TCP:WaR13
"6883:TCP"= 6883:TCP:WaR13
"6884:TCP"= 6884:TCP:WaR14
"6885:TCP"= 6885:TCP:WaR15
"6886:TCP"= 6886:TCP:WaR16
"6887:TCP"= 6887:TCP:WaR17
"6888:TCP"= 6888:TCP:WaR18
"6889:TCP"= 6889:TCP:WaR19
"6969:TCP"= 6969:TCP:WaR16
"6881:UDP"= 6881:UDP:WaR20
"6882:UDP"= 6882:UDP:WaR21
"6883:UDP"= 6883:UDP:WaR22
"6884:UDP"= 6884:UDP:WaR23
"6885:UDP"= 6885:UDP:WaR24
"6886:UDP"= 6886:UDP:WaR25
"6887:UDP"= 6887:UDP:WaR26
"6888:UDP"= 6888:UDP:WaR27
"6889:UDP"= 6889:UDP:WaR28
"6969:UDP"= 6969:UDP:WaR29

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/08/2009 11:51 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/08/2009 11:51 108552]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 18:48 10240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/08/2009 11:50 297752]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [22/06/2007 18:45 106496]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [11/05/2007 02:22 54832]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [08/02/2007 20:11 569344]
R2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [18/02/2009 14:40 587216]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 22:59 30336]
S1 egh15de;egh15de;c:\windows\system32\drivers\egh15de.sys --> c:\windows\system32\drivers\egh15de.sys [?]
S1 eklbcbe;eklbcbe;c:\windows\system32\drivers\eklbcbe.sys --> c:\windows\system32\drivers\eklbcbe.sys [?]
S1 ekmbb2e;ekmbb2e;c:\windows\system32\drivers\ekmbb2e.sys --> c:\windows\system32\drivers\ekmbb2e.sys [?]
S1 fgna207;fgna207;c:\windows\system32\drivers\fgna207.sys --> c:\windows\system32\drivers\fgna207.sys [?]
S1 mnp0fe2;mnp0fe2;c:\windows\system32\drivers\mnp0fe2.sys --> c:\windows\system32\drivers\mnp0fe2.sys [?]
S1 mstd742;mstd742;c:\windows\system32\drivers\mstd742.sys --> c:\windows\system32\drivers\mstd742.sys [?]
S1 oacb548;oacb548;c:\windows\system32\drivers\oacb548.sys --> c:\windows\system32\drivers\oacb548.sys [?]
S1 opr3fc8;opr3fc8;c:\windows\system32\drivers\opr3fc8.sys --> c:\windows\system32\drivers\opr3fc8.sys [?]
S1 pqd9b09;pqd9b09;c:\windows\system32\drivers\pqd9b09.sys --> c:\windows\system32\drivers\pqd9b09.sys [?]
S1 prd95b9;prd95b9;c:\windows\system32\drivers\prd95b9.sys --> c:\windows\system32\drivers\prd95b9.sys [?]
S1 sab45a8;sab45a8;c:\windows\system32\drivers\sab45a8.sys --> c:\windows\system32\drivers\sab45a8.sys [?]
S1 tbh8e29;tbh8e29;c:\windows\system32\drivers\tbh8e29.sys --> c:\windows\system32\drivers\tbh8e29.sys [?]
S3 kbeepm;kbeepm;\??\c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys [?]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://scanyourpc-onlinex.com/pr.cgi?id=2847
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - your home for the latest news, sport and entertainment
LSP: c:\windows\system32\INetHTTPFilter.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\truj5vq4.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\JCluyp.dll
 
COMBOFIX PART 2:

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKCU-Run-RegistryMonitor1 - c:\windows\system32\qtplugin.exe
HKLM-Run-Bdolasudev - c:\windows\ebikavup.dll
Notify-ACNotify - ACNotify.dll
AddRemove-R-EJ-O-_0tQK - c:\windows\system32\R-EJ-O-_0tQK.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-12-11 19:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = c:\documents and settings\Owner\Application Data\SystemProc\lsass.exe?#????????c???????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1416)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1472)
c:\windows\system32\INetHTTPFilter.dll

- - - - - - - > 'explorer.exe'(6024)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-11 19:24:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-11 19:24

Pre-Run: 31,947,055,104 bytes free
Post-Run: 31,886,446,592 bytes free

- - End Of File - - 82C0FADFA767C68FB687F70612F297EE
 
MalwareBytes:

Malwarebytes' Anti-Malware 1.42
Database version: 3347
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

11/12/2009 20:32:45
mbam-log-2009-12-11 (20-32-45).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 233320
Time elapsed: 51 minute(s), 1 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
C:\Documents and Settings\Owner\Application Data\SystemProc\lsass.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6e5180e-0c46-e5c9-9406-a1ccd9357ffb} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f6e5180e-0c46-e5c9-9406-a1ccd9357ffb} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Application Data\SystemProc\lsass.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\R-EJ-O-_0tQK.exe.vir (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP40\A0060856.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP40\A0060858.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP64\A0077529.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP64\A0078515.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP77\A0085356.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP79\A0085559.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\System\lsass.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\z2b4kwnD4.dll (Adware.BHO) -> Quarantined and deleted successfully.
 
Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:31, on 11/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Lenovo\PM Driver\PMSveH.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HiJackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://scanyourpc-onlinex.com/pr.cgi?id=2847
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = Sky.com - your home for the latest news, sport and entertainment
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ParetoLogic Anti-Virus PLUS] "C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe" -NM -hidesplash
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HallsLogon_Old_New_S.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Sky.com - your home for the latest news, sport and entertainment (file missing)
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: plasservice (ZeppelinService) - ParetoLogic Inc. - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe

--
End of file - 15619 bytes
 
P.S.

I posted the logs in the order I ran the programs (CF - MB - HT) like you said but the Combofix and Hijackthis logs aparantly need to be approved by a mod before they show. Just letting you know why they might not be in the right order.

Cheers.
 
Malwarebytes' Anti-Malware 1.42
Database version: 3347
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

11/12/2009 23:51:07
mbam-log-2009-12-11 (23-51-07).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 232619
Time elapsed: 1 hour(s), 10 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


__________________________________________________

AVG still shows about 6 infected files though, it removed all but 2 saying the files couldnt be found.

Also should I repost the 1st part of the ComboFix log? I dont know why it isnt showing up here
 
Status
Not open for further replies.
Back
Top Bottom