Jump to content

NightSky

Members
  • Posts

    25
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I wont have access to them for another week =/
  2. Is there any way i could burn these files on a disk?
  3. Its been a few days now and im still having the same problems as i've had since the malware was removed. nothing has changed
  4. XP home, and unfortunately all the boot and OS disk are at my house (im in college) which is 6 hours away and wont be able to to get to them for a few weeks
  5. *Update* nothing has changed since yesterday. MBAM scan showed no infected files, and i still get system popups saying none of my accounts are administraters. System Config. still shows it's loading in normal mode, and the system still thinks its caught between safe and normal. All programs are running fine, but all sound drivers still arn't working even after checking current versions of the drivers.
  6. I'll run another scan in the morning and check for anything. however it still is stuck in some form of mode between safe and normal. And now it says neither of the 2 accounts are "Administraters"
  7. Malwarebytes' Anti-Malware 1.34 Database version: 1811 Windows 5.1.2600 Service Pack 3 2/27/2009 8:44:57 PM mbam-log-2009-02-27 (20-44-57).txt Scan type: Quick Scan Objects scanned: 72443 Time elapsed: 3 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) nothing has changed =/
  8. ComboFix 09-02-26.02 - Administrator 2009-02-27 19:29:51.1 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1126 [GMT -6:00] Running from: g:\documents\Downloads\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 ))))))))))))))))))))))))))))))) . 2009-02-27 16:26 . 2009-02-27 16:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-27 16:26 . 2009-02-27 16:26 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-27 16:26 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-27 16:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-27 13:19 . 2009-02-27 13:30 <DIR> d-------- C:\Info 2009-02-26 21:33 . 2009-02-26 21:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ATI 2009-02-26 21:32 . 2009-02-26 21:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Logitech 2009-02-26 21:32 . 2009-02-26 21:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Creative 2009-02-26 20:33 . 2009-02-26 20:33 5,120 --ahs---- c:\windows\system32\Thumbs.db 2009-02-19 15:46 . 2009-02-19 15:46 <DIR> d-------- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$ 2009-02-18 23:24 . 2009-02-27 17:23 <DIR> d-------- c:\program files\DNA 2009-02-09 11:42 . 2009-02-27 17:10 11,776 --ahs---- c:\windows\Thumbs.db 2009-02-05 21:25 . 2009-02-05 21:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\LightScribe 2009-02-02 10:07 . 2009-02-02 10:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-02 08:40 . 2009-02-02 08:40 <DIR> d-------- c:\program files\Trend Micro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-27 23:49 --------- d-----w c:\program files\lg_fwupdate 2009-02-27 23:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-27 23:19 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-27 23:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-27 02:30 --------- d-----w c:\program files\Xvid 2009-02-27 02:30 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-27 02:30 --------- d-----w c:\program files\DivX 2009-02-06 03:16 --------- d-----w c:\program files\Common Files\LightScribe 2009-01-29 15:35 --------- d-----w c:\program files\Common Files\AOL 2009-01-21 00:41 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-21 00:40 --------- d-----w c:\program files\Common Files\Apple 2009-01-19 05:41 --------- d-----w c:\program files\CyberLink 2009-01-18 06:18 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-01-18 06:10 --------- d-----w c:\program files\ATI Technologies 2009-01-16 03:01 --------- d-----w c:\program files\LightScribeODK 2009-01-16 02:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink 2009-01-06 04:11 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-01-06 04:10 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-01-06 04:10 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2009-01-06 03:58 --------- d-----w c:\program files\Common Files\Logishrd 2009-01-06 03:57 130,208 ------r c:\windows\bwUnin-8.1.1.87-8876480SL.exe 2009-01-06 03:57 --------- d-----w c:\program files\Logitech 2009-01-06 03:55 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2009-01-06 03:54 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-15 06:36 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll 2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll 2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll 2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll 2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe 2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-12-01 20:35 593,920 ----a-w c:\windows\system32\ati2sgag.exe 2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll 2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll 2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll 2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll 2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll 2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll 2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll 2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll 2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-27 2387968] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-07-21 87336] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-06-08 90112] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512] "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-01-15 548864] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-05-14 62760] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2007-06-04 599600] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933] "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-04-29 245760] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-01-05 91440] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-05 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\DNA\\btdna.exe"= R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-01-15 16048] S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2009-01-18 23:42:36 61424] S2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2009-01-15 162096] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-09-11 24652] S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992] S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2008-06-27 91797] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Supplementary Scan ------- . Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://docs.cyberlink.com/multi/patch/prog/UpdateAdvisor.cab FF - ProfilePath - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-27 19:31:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,a2,ef,17,9f,80, 70,d2,6b,c8,28,51,af,b0,29,a3,98,20,3f,13,be,0c,e1,16,e3,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,b2,42,21,ce,ab, 47,0e,58,71,3b,04,66,8b,46,0d,96,8d,71,35,b9,f6,d7,f7,f7,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,0e,f7,0e,ca,17, 99,17,52,25,da,ec,7e,55,20,c9,26,0e,dd,47,62,aa,ba,e4,26,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,2e,44,36,ca,af, 36,37,fb,3e,1e,9e,e0,57,5a,93,61,7f,11,bf,73,91,1a,5c,c0,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,8b,2d,d6,11,fd, 77,e1,c3,cd,44,cd,b9,a6,33,6c,cd,2d,71,41,77,5f,ac,73,d3,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b8,fc,fc,8d,08, 50,bf,ff,b0,18,ed,a7,3f,8d,37,a4,11,47,e5,6b,f9,6e,d2,6d,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,47,91,aa,4a,98, 5b,70,55,31,77,e1,ba,b1,f8,68,02,53,4a,a9,f5,f8,d2,67,75,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,cf,90,a6,1f,df, 2b,eb,fb,83,6c,56,8b,a0,85,96,ab,0f,b6,2d,90,38,b7,37,19,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,5b,08,5e,2c,1e, ec,59,14,51,fa,6e,91,28,9e,14,cc,14,9a,fe,e3,bf,26,47,fb,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,58,4a,99,da,53, 6f,30,9b,b1,cd,45,5a,a8,c4,f8,b9,e9,21,8a,62,13,6d,63,4b,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,31,c8,6a,c8,ff, 67,82,d8,e3,0e,66,d5,eb,bc,2f,6b,2d,8c,36,c3,90,1f,37,e4,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,43,2c,0a,98,7e, 6c,55,ed,fa,ea,66,7f,d4,3b,6b,70,6c,70,a0,6b,7b,a1,55,7e,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(212) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Completion time: 2009-02-27 19:33:30 ComboFix-quarantined-files.txt 2009-02-28 01:33:29 ComboFix2.txt 2009-02-27 20:41:43 Pre-Run: 46,842,908,672 bytes free Post-Run: 46,835,089,408 bytes free 237 --- E O F --- 2009-02-26 06:56:26 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:35:17 PM, on 2/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [instantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (UpdateAdvisor Control) - http://docs.cyberlink.com/multi/patch/prog/UpdateAdvisor.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7884 bytes
  9. *updated log* Malwarebytes' Anti-Malware 1.34 Database version: 1811 Windows 5.1.2600 Service Pack 3 2/27/2009 7:19:02 PM mbam-log-2009-02-27 (19-18-38).txt Scan type: Full Scan (C:\|F:\|) Objects scanned: 153895 Time elapsed: 48 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\LocalService\Application Data\Macromedia\Common\8047e04c1.dll (Trojan.Agent) -> No action taken. C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\8047e04c1.dll (Trojan.Agent) -> No action taken. C:\Qoobox\Quarantine\C\WINDOWS\system32\iehelper.dll.vir (Trojan.Dropper) -> No action taken. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbgrdlrvd.dll.vir (UACbqhpmnav.dll) -> No action taken. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACprmhluya.dll.vir (Rootkit.TDSS) -> No action taken. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACtymhskda.dll.vir (Trojan.TDSS) -> No action taken. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACyibogexb.dll.vir (Rootkit.TDSS) -> No action taken.
  10. Malwarebytes' Anti-Malware 1.34 Database version: 1811 Windows 5.1.2600 Service Pack 3 2/27/2009 6:25:39 PM mbam-log-2009-02-27 (18-25-39).txt Scan type: Quick Scan Objects scanned: 67914 Time elapsed: 6 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 8 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Application Data\Macromedia\Common\8047e04c1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  11. new problem, nothing seems to be deleted even though MBAM says its deleted. all the registry keys are still there, and the files came back =/
  12. Malwarebytes' Anti-Malware 1.34 Database version: 1811 Windows 5.1.2600 Service Pack 3 2/27/2009 6:25:39 PM mbam-log-2009-02-27 (18-25-39).txt Scan type: Quick Scan Objects scanned: 67914 Time elapsed: 6 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 8 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\8047e04c1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Application Data\Macromedia\Common\8047e04c1.dll (Trojan.Agent) -> Quarantined and deleted successfully. Quick Scan i just finished, doing a full scan now
  13. now its comming up with an error message "System Configuration An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes" only problem- im loged on as Administer
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.