microsoft av 2009 virus

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Wednesday 5.3.2025 / 13:26

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > microsoft av 2009 virus

Browse by topic

Forums

Start a new thread

microsoft av 2009 virus

Jump to:

Posted

Message

newb23

Account closed as per user's own request

25. November 2008 @ 23:23

Link to this message

from newb23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:39 PM, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Windows\System32\Pelmiced.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Gearo-Baldwin\Desktop\HiJackThis\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\GEARO-~1\AppData\Local\Temp\xxx8227.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 9484 bytes

[ + quote]

Sooooo Frustrated!!!!!

cdavfrew

Senior Member

26. November 2008 @ 04:47

Link to this message

Hey newb23

Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.

Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.

Configuring Malwarebytes

? Click on the tab Settings.
? Make sure only these boxes are checked:

Terminate Internet Explorer

Automatically save and display logfile after removal

Always scan memory objects

Always scan registry objects

Always scan filesystem

Always scan extra and heuristics objects

Updating Malwarebytes

? Click on the tab Update.
? Press the button Check for Updates
? Wait for Malwarebytes to be fully updated.

Scanning Time

? Click on the tab Scanner.
? Check Perform full scan and click on Scan
? Wait for the scan to complete, and then click on Show Results.
? Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

Post A Log

? A text box will pop up after the removal process is over. Post the contents of the text here.
? If no text box pops up, launch Malwarebytes, and click on the tab Logs.
? The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
? Post the log here.

Best Regards :D

[ + quote]

Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

newb23

Account closed as per user's own request

26. November 2008 @ 21:24

Link to this message

Malwarebytes' Anti-Malware 1.30
Database version: 1425
Windows 6.0.6001 Service Pack 1

26/11/2008 7:00:06 PM
mbam-log-2008-11-26 (19-00-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119560
Time elapsed: 1 hour(s), 8 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Gearo-Baldwin\AppData\Local\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\A (Trojan.Agent) -> Delete on reboot.
C:\Users\Gearo-Baldwin\AppData\Local\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Gearo-Baldwin\AppData\Local\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Gearo-Baldwin\AppData\Local\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Gearo-Baldwin\AppData\Local\Temp\~tmpe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Thank you very much!!!!!

[ + quote]

Sooooo Frustrated!!!!!

cdavfrew

Senior Member

27. November 2008 @ 09:17

Link to this message

Hey newb23

Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Save it to your Desktop.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.

? Run Combo-Fix.exe and follow the prompts.
? Accept the End-User License Agreement.
? Allow the Recovery Console to be installed.
? When you see the window below, click on Yes.

? When the Recovery Console has been installed, click on Yes to start the scan.

**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be fully completed.
? If it requires a reboot, please do so.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

Best Regards :D

[ + quote]

newb23

Account closed as per user's own request

27. November 2008 @ 22:43

Link to this message

ComboFix 08-11-27.03 - Gearo-Baldwin 2008-11-27 20:26:35.1 - NTFSx86
Microsoft® Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.338 [GMT -7:00]
Running from: c:\users\Gearo-Baldwin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-26 08:46 . 2008-11-26 08:46 <DIR> d-------- c:\users\Gearo-Baldwin\AppData\Roaming\Malwarebytes
2008-11-26 08:46 . 2008-11-26 08:46 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-26 08:46 . 2008-11-26 08:46 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-26 08:46 . 2008-11-26 08:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-26 08:46 . 2008-10-22 16:10 38,496 --------- c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-26 08:46 . 2008-10-22 16:10 15,504 --------- c:\windows\System32\drivers\mbam.sys
2008-11-26 06:24 . 2008-10-20 22:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 06:24 . 2008-08-27 20:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 06:24 . 2008-08-27 20:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 06:24 . 2008-08-27 20:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 06:24 . 2008-10-21 20:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 06:18 . 2008-11-24 06:18 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-11-24 06:18 . 2008-11-24 06:18 <DIR> d-------- c:\users\Gearo-Baldwin\AppData\Roaming\Apple Computer
2008-11-24 06:18 . 2008-04-17 13:12 107,368 --------- c:\windows\System32\GEARAspi.dll
2008-11-24 06:18 . 2008-04-17 13:12 15,464 --------- c:\windows\System32\drivers\GEARAspiWDM.sys
2008-11-24 06:17 . 2008-11-24 06:18 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 06:17 . 2008-11-24 06:18 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 06:17 . 2008-11-24 06:18 <DIR> d-------- c:\program files\iTunes
2008-11-24 06:17 . 2008-11-24 06:17 <DIR> d-------- c:\program files\iPod
2008-11-24 06:15 . 2008-11-24 06:15 <DIR> d-------- c:\program files\Bonjour
2008-11-24 06:14 . 2008-11-24 06:17 <DIR> d-------- c:\users\All Users\Apple Computer
2008-11-24 06:14 . 2008-11-24 06:17 <DIR> d-------- c:\programdata\Apple Computer
2008-11-24 06:14 . 2008-11-24 06:15 <DIR> d-------- c:\program files\QuickTime
2008-11-24 06:12 . 2008-11-24 06:12 <DIR> d-------- c:\program files\Apple Software Update
2008-11-24 06:11 . 2008-11-24 06:11 <DIR> d-------- c:\users\All Users\Apple
2008-11-24 06:11 . 2008-11-24 06:11 <DIR> d-------- c:\programdata\Apple
2008-11-24 06:11 . 2008-11-24 06:17 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-24 06:02 . 2008-11-27 20:11 <DIR> d-------- c:\users\Gearo-Baldwin\AppData\Roaming\LimeWire
2008-11-24 06:01 . 2008-11-24 06:01 <DIR> d-------- c:\program files\LimeWire
2008-11-13 12:03 . 2008-11-13 12:03 <DIR> d-------- c:\users\Gearo-Baldwin\AppData\Roaming\OpenOffice.org
2008-11-13 11:29 . 2008-11-13 11:29 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-11-13 11:29 . 2008-11-13 11:29 <DIR> d-------- c:\program files\JRE
2008-11-12 13:51 . 2008-11-12 13:51 0 ---h----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-11 19:27 . 2008-09-09 20:40 1,334,272 --------- c:\windows\System32\msxml6.dll
2008-11-11 19:27 . 2008-09-04 22:14 1,191,936 --------- c:\windows\System32\msxml3.dll
2008-11-11 19:27 . 2008-08-26 18:05 212,480 --------- c:\windows\System32\drivers\mrxsmb10.sys
2008-11-07 14:23 . 2008-11-07 14:23 32,000 --------- c:\windows\System32\drivers\usbaapl.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --------- c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --------- c:\windows\System32\QuickTime.qts
2008-10-29 10:50 . 2008-09-17 21:56 147,456 --------- c:\windows\System32\Faultrep.dll
2008-10-29 10:50 . 2008-09-17 21:56 125,952 --------- c:\windows\System32\wersvc.dll
2008-10-29 10:49 . 2008-08-11 20:39 443,392 --------- c:\windows\System32\win32spl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 19:33 --------- d-----w c:\program files\Lx_cats
2008-11-24 18:27 --------- d---a-w c:\programdata\TEMP
2008-11-24 13:50 --------- d-----w c:\programdata\avg8
2008-11-13 05:53 --------- d-----w c:\program files\Common Files\Adobe
2008-11-01 01:16 --------- d-----w c:\users\Gearo-Baldwin\AppData\Roaming\uTorrent
2008-10-24 22:10 --------- d-----w c:\programdata\WindowsSearch
2008-10-23 21:24 --------- d-----w c:\program files\Windows Mail
2008-10-23 20:40 174 --sh--w c:\program files\desktop.ini
2008-10-23 20:24 --------- d-----w c:\program files\Windows Calendar
2008-10-23 20:23 --------- d-----w c:\program files\Windows Sidebar
2008-10-23 20:23 --------- d-----w c:\program files\Windows Photo Gallery
2008-10-23 20:23 --------- d-----w c:\program files\Windows Defender
2008-10-23 20:23 --------- d-----w c:\program files\Windows Collaboration
2008-10-23 16:24 101,888 ------w c:\windows\System32\ifxcardm.dll
2008-10-23 16:23 82,432 ------w c:\windows\System32\axaltocm.dll
2008-10-23 03:57 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-20 23:23 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-20 23:22 --------- d-----w c:\program files\Windows Live Favorites
2008-10-20 23:21 --------- d-----w c:\programdata\WLInstaller
2008-10-16 16:23 --------- d-----w c:\users\Gearo-Baldwin\AppData\Roaming\Lexmark Imaging Studio
2008-10-10 11:09 --------- d-----w c:\users\Gearo-Baldwin\AppData\Roaming\FaxCtr
2008-10-09 12:43 --------- d-----w c:\program files\Lexmark 2500 Series
2008-10-09 12:33 --------- d-----w c:\program files\Lexmark Fax Solutions
2008-10-09 12:29 --------- d-----w c:\programdata\FaxCtr
2008-10-09 01:29 --------- d-----w c:\program files\Lexmark Toolbar
2008-10-09 01:28 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-10-02 03:49 827,392 ------w c:\windows\System32\wininet.dll
2008-09-30 23:43 1,286,152 ------w c:\windows\System32\msxml4.dll
2008-09-30 01:27 --------- d-----w c:\program files\uTorrent
2008-09-29 23:29 --------- d-----w c:\program files\Google
2008-09-29 23:14 69,128 ------w c:\windows\system32\drivers\avgwfpx.sys
2008-09-29 23:14 10,520 ------w c:\windows\System32\avgrsstx.dll
2008-09-29 23:13 97,928 ------w c:\windows\system32\drivers\avgldx86.sys
2008-09-29 23:13 --------- d-----w c:\program files\AVG
2008-09-29 22:14 --------- d-----w c:\program files\Windows Live
2008-09-29 22:13 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-09-29 22:03 --------- d-----w c:\program files\Marvell
2008-09-29 21:58 --------- d-----w c:\program files\Lenovo
2008-09-29 21:58 --------- d-----w c:\program files\Common Files\Lenovo
2008-09-29 21:36 --------- d-----w c:\program files\PCDR5
2008-09-29 21:15 --------- d-----w c:\program files\Java
2008-09-29 21:13 --------- d-----w c:\users\Gearo-Baldwin\AppData\Roaming\ATI
2008-09-29 21:12 --------- d-----w c:\users\Gearo-Baldwin\AppData\Roaming\CyberLink
2008-09-29 21:12 --------- d-----w c:\programdata\CyberLink
2008-09-29 20:59 269,312 ------w c:\windows\System32\es.dll
2008-09-29 20:28 --------- d-----w c:\program files\DIFX
2008-09-29 20:25 61,440 ------w c:\windows\System32\winipsec.dll
2008-09-29 20:25 361,984 ------w c:\windows\System32\IPSECSVC.DLL
2008-09-29 20:25 28,672 ------w c:\windows\System32\FwRemoteSvr.dll
2008-09-29 20:25 272,896 ------w c:\windows\System32\polstore.dll
2008-09-29 20:24 541,696 ------w c:\windows\AppPatch\AcLayers.dll
2008-09-29 20:24 460,288 ------w c:\windows\AppPatch\AcSpecfc.dll
2008-09-29 20:24 4,240,384 ------w c:\windows\System32\GameUXLegacyGDFs.dll
2008-09-29 20:24 28,160 ------w c:\windows\System32\Apphlpdm.dll
2008-09-29 20:24 2,560 ------w c:\windows\AppPatch\AcRes.dll
2008-09-29 20:24 2,154,496 ------w c:\windows\AppPatch\AcGenral.dll
2008-09-29 20:24 173,056 ------w c:\windows\AppPatch\AcXtrnal.dll
2008-09-29 20:24 1,695,744 ------w c:\windows\System32\gameux.dll
2008-09-29 20:19 2,048 ------w c:\windows\System32\tzres.dll
2008-09-29 20:18 303,616 ------w c:\windows\System32\wmpeffects.dll
2008-09-29 20:12 9,847,296 ------w c:\windows\System32\NlsData000a.dll
2008-09-29 20:08 988,216 ------w c:\windows\System32\winload.exe
2008-09-29 20:08 927,288 ------w c:\windows\System32\winresume.exe
2008-09-29 20:08 615,992 ------w c:\windows\System32\ci.dll
2008-09-29 20:08 6,656 ------w c:\windows\System32\kbd106n.dll
2008-09-29 20:08 46,592 ------w c:\windows\System32\setbcdlocale.dll
2008-09-29 20:08 40,960 ------w c:\windows\System32\srclient.dll
2008-09-29 20:08 378,368 ------w c:\windows\System32\srcore.dll
2008-09-29 20:08 318,464 ------w c:\windows\System32\rstrui.exe
2008-09-29 20:08 19,000 ------w c:\windows\System32\kd1394.dll
2008-09-29 20:08 14,848 ------w c:\windows\System32\srdelayed.exe
2008-09-29 20:06 295,936 ------w c:\windows\System32\gdi32.dll
2008-09-29 20:04 14,848 ------w c:\windows\System32\wshrm.dll
2008-09-29 20:04 113,664 ------w c:\windows\system32\drivers\rmcast.sys
2008-09-29 20:02 84,480 ------w c:\windows\System32\INETRES.dll
2008-09-29 20:02 738,304 ------w c:\windows\System32\inetcomm.dll
2008-09-29 20:02 1,314,816 ------w c:\windows\System32\quartz.dll
2008-09-29 20:01 --------- d-----w c:\program files\MSXML 4.0
2008-09-29 19:38 --------- d-----w c:\users\Gearo-Baldwin\AppData\Roaming\Leadertech
2008-09-29 19:35 100 ------w c:\windows\system32\drivers\Lenovo_9686_A12.MRK
2008-09-29 19:27 53,448 ------w c:\windows\System32\wuauclt.exe
2008-09-29 19:27 45,768 ------w c:\windows\System32\wups2.dll
2008-09-29 19:27 1,811,656 ------w c:\windows\System32\wuaueng.dll
2008-09-29 19:27 1,524,736 ------w c:\windows\System32\wucltux.dll
2008-09-29 19:26 83,456 ------w c:\windows\System32\wudriver.dll
2008-09-29 19:26 563,912 ------w c:\windows\System32\wuapi.dll
2008-09-29 19:26 36,552 ------w c:\windows\System32\wups.dll
2008-09-29 19:25 31,232 ------w c:\windows\System32\wuapp.exe
2008-09-29 19:25 163,904 ------w c:\windows\System32\wuwebv.dll
2008-09-29 18:57 1,732 ------w C:\tvtpktfilter.dat
2008-09-29 18:55 --------- d-----w c:\programdata\Lenovo
2008-09-29 18:53 33,536 ------w c:\windows\system32\drivers\tvtfilter.sys
2008-09-29 18:52 129,784 ------w c:\windows\System32\pxafs.dll
2008-09-29 18:52 118,520 ------w c:\windows\System32\pxinsi64.exe
2008-09-29 18:52 116,472 ------w c:\windows\System32\pxcpyi64.exe
2008-09-29 18:49 --------- d-----w c:\programdata\PC-Doctor
2008-09-29 18:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-29 18:48 --------- d-----w c:\program files\ThinkVantage
2008-09-29 18:47 --------- d-----w c:\program files\Common Files\Java
2008-09-29 18:43 --------- d-----w c:\program files\Lenovo Multimedia Center
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-29 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 439856]
"RemoteControl"="c:\program files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 28672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-02-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-02-12 312240]
"LXDDCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 c:\windows\RtHDVCpl.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" [2007-02-11 c:\windows\System32\ico.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\users\Gearo-Baldwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-09-18 147456]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\LENOVO~2\Power2Go\CLMP3Enc.ACM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{973E6EC9-414C-4B46-8286-A8CDA959F4FD}"= c:\program files\Lenovo Multimedia Center\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express
"{6B3872A2-BB3C-40C9-9920-00A2D7B5C34E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DF122F08-5C95-422C-AAAE-8C074E61EFC0}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{6805A6D7-421F-4E31-A5DB-FE3557049D83}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A5D907C6-3C3F-4385-A420-A54B6F321ADC}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6AE5408A-7BC9-47A9-BC62-EB99FB715213}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{CE07D04A-D53A-45E3-947E-B12E55BD7E92}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{E9B81406-4029-4358-A43A-E38585051F0E}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{B23CA5F3-0803-4854-AE89-05025113FD79}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{64A11F22-C52D-4CC2-9036-22AA556BA6BF}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{0B68D16B-5094-4952-A843-A8317109C64B}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{A057C0F5-7914-430A-A69C-4BF734E9351B}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{127C70AA-A961-4B0D-8568-4DE6E539F258}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{CE8694AA-D475-4242-9DB4-8CC7907BA1AB}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{19FC7D5C-9473-4EBE-BEB8-6638C52B03D4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0C4B26C5-2454-4D3B-A489-935D5C359F10}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{164B8CA8-B946-44F2-A2F2-58538CE48867}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F0E7C3BA-62DE-4B86-B3B4-7AD7D1B48B6A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DA85A68F-B1CF-4BFD-92C1-8474F57526DF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CC31F054-8195-4481-A96B-CFF9F08B0E29}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2008-09-29 7680]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-29 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-29 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service []
R2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-07-10 569344]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-09-29 69128]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2008-09-29 23360]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2008-09-29 16192]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 20:31:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-11-27 20:32:49
ComboFix-quarantined-files.txt 2008-11-28 03:32:35

Pre-Run: 27,208,028,160 bytes free
Post-Run: 27,939,721,216 bytes free

260 --- E O F --- 2008-11-27 10:03:55

[ + quote]

Sooooo Frustrated!!!!!

cdavfrew

Senior Member

29. November 2008 @ 09:18

Link to this message