Jump to content

hlkram80

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by hlkram80

  1. So, I ran my spyware and got this. Malwarebytes' Anti-Malware 1.34 Database version: 1814 Windows 5.1.2600 Service Pack 2 3/3/2009 9:22:13 AM mbam-log-2009-03-03 (09-22-13).txt Scan type: Full Scan (A:\|C:\|D:\|E:\|) Objects scanned: 107511 Time elapsed: 1 hour(s), 15 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) It says that it has "deleted Successfully" the 2 hijacks but they are still there every time I try to use task manager, and every time I rescan Malwarebytes the problem still exists.. after i've turned off my computer and everything. So I used Combofix, as that was my next option I believe.. this is what it gave me: ComboFix 09-03-02.03 - censoredhead 2009-03-03 9:47:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.241 [GMT -6:00] Running from: c:\documents and settings\censoredhead\Desktop\ComboFix.exe AV: PC Tools AntiVirus 6.0.0.17 *On-access scanning enabled* (Updated) FW: AVG Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\ssembl~1 . ((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 ))))))))))))))))))))))))))))))) . 2009-03-02 20:43 . 2009-03-02 20:43 268 --ah----- C:\sqmdata17.sqm 2009-03-02 20:43 . 2009-03-02 20:43 244 --ah----- C:\sqmnoopt17.sqm 2009-03-02 17:26 . 2009-03-02 17:26 <DIR> d-------- c:\documents and settings\censoredhead\Application Data\PC Tools 2009-03-02 17:20 . 2009-03-02 17:31 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-03-02 17:19 . 2009-03-02 20:40 <DIR> d-------- c:\program files\PC Tools AntiVirus 2009-03-02 17:19 . 2009-03-02 17:19 <DIR> d-------- c:\program files\Common Files\PC Tools 2009-03-02 17:19 . 2009-03-02 17:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-03-02 17:19 . 2009-02-23 10:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys 2009-03-02 17:19 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys 2009-03-02 17:19 . 2009-02-10 11:13 28,560 --a------ c:\windows\system32\drivers\AVHook.sys 2009-03-02 17:19 . 2009-02-10 11:13 21,904 --a------ c:\windows\system32\drivers\AVRec.sys 2009-03-02 17:19 . 2009-02-10 11:13 21,904 --a------ c:\windows\system32\drivers\AVFilter.sys 2009-03-02 10:39 . 2009-03-02 10:39 268 --ah----- C:\sqmdata16.sqm 2009-03-02 10:39 . 2009-03-02 10:39 244 --ah----- C:\sqmnoopt16.sqm 2009-03-01 19:20 . 2009-03-01 19:20 268 --ah----- C:\sqmdata15.sqm 2009-03-01 19:20 . 2009-03-01 19:20 244 --ah----- C:\sqmnoopt15.sqm 2009-03-01 18:33 . 2009-03-01 18:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-01 18:33 . 2009-03-01 18:33 <DIR> d-------- c:\documents and settings\censoredhead\Application Data\Malwarebytes 2009-03-01 18:33 . 2009-03-01 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-01 18:33 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-01 18:33 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-01 18:26 . 2009-03-01 18:26 <DIR> d-------- c:\documents and settings\censoredhead\Application Data\AVGTOOLBAR 2009-03-01 18:22 . 2009-03-01 18:22 50,968 --a------ c:\windows\system32\avgfwdx.dll 2009-03-01 18:22 . 2009-03-01 18:22 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys 2009-03-01 18:21 . 2009-03-01 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-01 17:52 . 2009-03-01 17:52 <DIR> d-------- c:\documents and settings\censoredhead\Application Data\AVG8 2009-03-01 17:40 . 2009-03-01 17:40 268 --ah----- C:\sqmdata14.sqm 2009-03-01 17:40 . 2009-03-01 17:40 244 --ah----- C:\sqmnoopt14.sqm 2009-03-01 13:33 . 2009-03-01 13:33 268 --ah----- C:\sqmdata13.sqm 2009-03-01 13:33 . 2009-03-01 13:33 244 --ah----- C:\sqmnoopt13.sqm 2009-03-01 11:53 . 2009-03-01 11:53 <DIR> d--h----- c:\windows\system32\GroupPolicy 2009-03-01 08:00 . 2009-03-01 08:00 268 --ah----- C:\sqmdata12.sqm 2009-03-01 08:00 . 2009-03-01 08:00 244 --ah----- C:\sqmnoopt12.sqm 2009-02-28 23:16 . 2009-02-28 23:15 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-28 23:06 . 2009-02-28 23:06 268 --ah----- C:\sqmdata11.sqm 2009-02-28 23:06 . 2009-02-28 23:06 244 --ah----- C:\sqmnoopt11.sqm 2009-02-20 07:30 . 2009-02-20 07:30 268 --ah----- C:\sqmdata10.sqm 2009-02-20 07:30 . 2009-02-20 07:30 244 --ah----- C:\sqmnoopt10.sqm 2009-02-19 22:27 . 2009-02-19 22:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard 2009-02-19 19:02 . 2009-02-19 19:03 <DIR> d-------- c:\program files\Google 2009-02-19 10:54 . 2009-02-19 10:54 268 --ah----- C:\sqmdata09.sqm 2009-02-19 10:54 . 2009-02-19 10:54 244 --ah----- C:\sqmnoopt09.sqm 2009-02-19 10:48 . 2009-02-19 10:48 268 --ah----- C:\sqmdata08.sqm 2009-02-19 10:48 . 2009-02-19 10:48 244 --ah----- C:\sqmnoopt08.sqm 2009-02-17 19:50 . 2009-02-17 19:50 268 --ah----- C:\sqmdata07.sqm 2009-02-17 19:50 . 2009-02-17 19:50 244 --ah----- C:\sqmnoopt07.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-03 11:59 --------- d-----w c:\program files\FunPix 2009-03-03 02:45 --------- d-----w c:\program files\World of Warcraft 2009-03-01 05:15 --------- d-----w c:\program files\Java 2009-02-20 05:52 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2009-01-04 00:16 --------- d-----w c:\documents and settings\censoredhead\Application Data\U3 2009-01-04 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\FunPix 2009-01-04 00:12 --------- d-----w c:\program files\MSN Messenger 2007-06-04 03:44 11,761,512 ----a-w c:\program files\NapsterSetup-US-NCOM-3.8.1.4.exe 2007-02-21 21:51 66,672 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2007-02-21 21:51 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2007-02-21 21:51 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2007-02-21 21:51 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2007-02-21 21:51 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4748792] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5752176] "Octoshape Streaming Services"="c:\documents and settings\censoredhead\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 226576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-01-28 955392] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 214424] "BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 446530] "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-12-23 155648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 263720] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3817472] "PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-02-19 1374096] c:\documents and settings\censoredhead\Start Menu\Programs\Startup\ iFunPix.lnk - c:\program files\FunPix\FunPixApp.exe [2008-07-01 348160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-01-09 278528] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] 2004-02-20 05:38 110592 c:\windows\system32\LgNotify.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2008-01-03 10:15 50528 c:\program files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] --a------ 2006-06-17 19:28 606208 c:\program files\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoAds] --a------ 2006-06-17 19:24 200704 c:\program files\NoAds\NoAds.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Walgreens PhotoShow Media Manager] --a------ 2006-04-20 00:35 319488 c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-03-27 14:22 4748792 c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wscsvc"=2 (0x2) "BITS"=3 (0x3) "6to4"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Documents and Settings\\censoredhead\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\FunPix\\FunPixService.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Documents and Settings\\All Users\\Documents\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= "c:\\WINDOWS\\system32\\LXSUPMON.EXE"= "c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"= "c:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\Program Files\\FunPix\\FunPixApp.exe"= "c:\\Program Files\\AIM6\\aolsoftware.exe"= "c:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowRedirect"= 1 (0x1) R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-02 130424] R2 iFunPixAgent;iFunPixAgent;c:\program files\FunPix\FunPixService.exe [2008-07-01 20480] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-10 24652] R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\emgngr.sys --> c:\windows\system32\drivers\emgngr.sys [?] S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-01 29208] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-01 29208] S3 HwIOctl;HwIOctl;\??\c:\program files\Setup\MS-7043 v2.00\HwIOctl.sys --> c:\program files\Setup\MS-7043 v2.00\HwIOctl.sys [?] S3 Vsp;Vsp;\??\c:\windows\system32\drivers\Vsp.sys --> c:\windows\system32\drivers\Vsp.sys [?] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{718f0be4-f3e6-11dc-994c-0018f80856fa}] \Shell\AutoRun\command - F:\LaunchU3.exe . - - - - ORPHANS REMOVED - - - - HKLM-Run-REGSHAVE - c:\program files\REGSHAVE\REGSHAVE.EXE MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe MSConfigStartUp-YBrowser - c:\program files\Yahoo!\browser\ybrwicon.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?p=1150228762 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll FF - ProfilePath - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-03 09:54:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(888) c:\windows\system32\Ati2evxx.dll c:\windows\system32\LgNotify.dll c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'lsass.exe'(944) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'explorer.exe'(13808) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'csrss.exe'(860) c:\program files\PC Tools AntiVirus\PCTAVHook.dll . Completion time: 2009-03-03 9:59:42 ComboFix-quarantined-files.txt 2009-03-03 15:59:33 Pre-Run: 44,697,075,712 bytes free Post-Run: 45,697,708,032 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 239 So after all that I still can't use my task manager, did I miss something? how do i finally fix this!! Help
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.