Jump to content

032koncept

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by 032koncept

  1. 032koncept
    so whatever I caught did something to my overlay.xul file, reading up on Mozillas forums it seems like there's only 100 or so lines of code to do this: I removed this file and I'll keep testing.
  2. 032koncept
    Boy I spoke too soon.
  3. 032koncept
    Seems like running the java cleaner ("javara") and CC cleaner seems to have stopped the google redirects, MBAM and Combofix are coming up clean. Cheers.
  4. 032koncept
    I keep essentially getting re-infected. I had Spybot S&D on, I've disabled that, and all other Anti-Virus solutions that run on a monitor and have attempted running combofix. Combofix has solved some of the problems, but certain items keep going into my startup (via msconfig) c:\windows\system32\brastk.exe rundll32.exe "C:\WINDOWS\system32\wuyamoba.dll", b keep running, and basically unless I directly a URL into the browser I get taken to a slew of other websites (some of which that say "hey wait 10 seconds while we try to install more malware". Your help would be greatly appreciated! ComboFix Log: ComboFix 09-03-06.02 - Zack 2009-03-09 0:43:23.15 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.620 [GMT -5:00] Running from: c:\documents and settings\Zack\Desktop\ComboFix.exe AV: Norton AntiVirus *On-access scanning disabled* (Updated) AV: Trend Micro PC-cillin Internet Security 2006 *On-access scanning disabled* (Outdated) FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* . ((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 ))))))))))))))))))))))))))))))) . 2009-03-08 23:56 . 2009-03-08 23:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-03-07 20:54 . 2009-03-07 20:54 <DIR> d-------- c:\documents and settings\Zack\Application Data\Malwarebytes 2009-03-07 20:53 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-07 20:53 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-07 09:42 . 2009-03-07 09:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec 2009-03-07 09:38 . 2009-03-07 09:37 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys 2009-03-07 09:37 . 2009-03-07 09:37 <DIR> d-------- c:\program files\Symantec 2009-03-07 09:37 . 2009-03-07 09:52 <DIR> d-------- c:\program files\Common Files\Symantec Shared 2009-03-07 09:37 . 2009-03-07 09:37 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2009-03-07 09:37 . 2009-03-07 09:37 60,808 --a------ c:\windows\system32\S32EVNT1.DLL 2009-03-07 09:37 . 2009-03-07 09:37 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2009-03-07 09:37 . 2009-03-07 09:37 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2009-03-07 09:36 . 2009-03-07 09:36 <DIR> d-------- c:\windows\system32\drivers\NAV 2009-03-07 09:36 . 2009-03-07 09:36 <DIR> d-------- c:\program files\Windows Sidebar 2009-03-07 09:36 . 2009-03-07 09:36 <DIR> d-------- c:\program files\NortonInstaller 2009-03-07 09:36 . 2009-03-07 09:36 <DIR> d-------- c:\program files\Norton AntiVirus 2009-03-07 09:36 . 2009-03-07 09:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-03-07 09:36 . 2009-03-07 09:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton 2009-03-07 07:11 . 2009-03-07 07:07 13,588 --a------ c:\windows\system32\wpa.dbl.bak 2009-03-07 07:08 . 2009-03-09 00:38 104 --a------ c:\windows\system32\NvApps.xml 2009-03-07 06:52 . 2009-03-09 00:38 13,588 --a------ c:\windows\system32\wpa.dbl 2009-03-07 04:23 . 2007-11-14 19:48 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-03-04 23:57 . 2009-03-05 20:01 <DIR> d-------- c:\program files\eFile Express 2008 2009-03-03 04:48 . 2009-03-03 04:56 <DIR> d-------- C:\cygwin 2009-02-20 02:10 . 2009-02-20 02:10 966 --a------ c:\windows\STBC_DEMO.ini 2009-02-20 00:54 . 2009-02-20 00:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-02-20 00:41 . 2009-02-20 00:41 107 --a------ c:\windows\pccillin.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-09 05:41 --------- d-----w c:\program files\MySpace 2009-03-09 05:38 --------- d-----w c:\program files\Steam 2009-03-09 05:34 --------- d-----w c:\program files\Mozilla Thunderbird 2009-03-09 05:32 --------- d-----w c:\program files\BitTorrent 2009-03-09 02:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-09 02:24 --------- d-----w c:\program files\zMUD 2009-03-08 01:53 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-08 00:13 84,992 --sha-w c:\windows\system32\nelesoye.dll 2009-03-08 00:13 79,872 --sha-w c:\windows\system32\wuyamoba.dll 2009-03-07 09:51 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-07 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-05 04:57 --------- d-----w c:\program files\eFile Express 2007 2009-02-25 21:42 --------- d-----w c:\documents and settings\Zack\Application Data\BitTorrent 2009-02-25 19:06 --------- d-----w c:\program files\Trillian 2009-02-20 07:09 --------- d-----w c:\program files\Activision 2009-02-05 02:46 --------- d-----w c:\program files\Alliance 2009-02-05 01:55 --------- d-----w c:\program files\SystemRequirementsLab 2009-02-05 01:55 --------- d-----w c:\documents and settings\Zack\Application Data\SystemRequirementsLab 2009-02-03 05:51 --------- d-----w c:\program files\ATITool 2009-02-03 03:02 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-03 03:02 --------- d-----w c:\program files\Intel 2009-02-02 22:44 --------- d-----w c:\documents and settings\Zack\Application Data\OpenOffice.org2 2009-01-13 02:40 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-13 02:39 202,040 ----a-w c:\windows\system32\PnkBstrB.exe 2009-01-09 19:30 --------- d-----w c:\program files\MultipleIEs 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2007-10-20 00:56 479,232 ----a-w c:\program files\mozilla firefox\plugins\msvcm80.dll 2007-10-20 00:56 548,864 ----a-w c:\program files\mozilla firefox\plugins\msvcp80.dll 2007-10-20 00:56 626,688 ----a-w c:\program files\mozilla firefox\plugins\msvcr80.dll 2007-01-13 05:24 952 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot_2009-03-07_ 3.53.03.75 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE - 2000-08-31 14:00:00 29,696 ----a-w c:\windows\NIRCMD.exe + 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe - 2000-08-31 14:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2009-03-07 14:37:07 255,536 ----a-w c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys + 2009-03-07 14:37:07 362,544 ----a-w c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys + 2009-03-07 14:37:09 306,736 ----a-w c:\windows\system32\drivers\NAV\1002000.007\srtsp.sys + 2009-03-07 14:37:09 43,696 ----a-w c:\windows\system32\drivers\NAV\1002000.007\srtspx.sys + 2009-03-07 14:37:09 12,976 ----a-w c:\windows\system32\drivers\NAV\1002000.007\symdns.sys + 2009-03-07 14:37:09 309,296 ----a-w c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys + 2009-03-07 14:37:09 89,904 ----a-w c:\windows\system32\drivers\NAV\1002000.007\symfw.sys + 2009-03-07 14:37:09 34,608 ----a-w c:\windows\system32\drivers\NAV\1002000.007\symids.sys + 2009-03-07 14:37:09 37,424 ----a-w c:\windows\system32\drivers\NAV\1002000.007\symndis.sys + 2009-03-07 14:37:09 40,496 ----a-w c:\windows\system32\drivers\NAV\1002000.007\symndisv.sys + 2009-03-07 14:37:09 24,624 ----a-w c:\windows\system32\drivers\NAV\1002000.007\symredrv.sys + 2009-03-07 14:37:09 198,192 ----a-w c:\windows\system32\drivers\NAV\1002000.007\symtdi.sys - 2008-11-12 19:17:13 66,960 ----a-w c:\windows\system32\perfc009.dat + 2009-03-08 08:19:17 66,960 ----a-w c:\windows\system32\perfc009.dat - 2008-11-12 19:17:13 414,032 ----a-w c:\windows\system32\perfh009.dat + 2009-03-08 08:19:18 414,032 ----a-w c:\windows\system32\perfh009.dat + 2009-03-09 05:38:05 16,384 ----atw c:\windows\temp\Perflib_Perfdata_470.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2008-10-16 1410296] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "brastk"="c:\windows\system32\brastk.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2005-05-02 32768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "nugubinuvi"="c:\windows\system32\yuhasifo.dll" [bU] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "aux1"= ctwdm32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3c43874c] --ahs---- 2009-03-07 19:13 79872 c:\windows\system32\wuyamoba.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2008-01-11 19:54 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] --a------ 2007-03-20 17:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-07-10 09:47 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-10-09 12:28 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 02:56 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2004-09-13 15:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 10:47 289064 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 17:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe] --a------ 2006-03-08 13:30 897089 c:\program files\Trend Micro\Internet Security 2006\pccguide.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2006-11-06 03:27 200704 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] --a------ 2006-04-29 08:21 94208 c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-04 02:56 110592 c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ATI Smart"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Games\\FreeSpace2\\fs2_open_r_20060425_Kara.exe"= "c:\\Program Files\\Visicom Media\\AceFTP 3 Freeware\\aceftp3free.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Program Files\\EditPlus 2\\editplus.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\combofix\\NirCmd.cfexe"= "c:\\WINDOWS\\system32\\devldr32.exe"= "c:\\WINDOWS\\notepad.exe"= "c:\\WINDOWS\\system32\\taskmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [2009-03-07 309296] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-03-07 255536] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-03-07 362544] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090303.001\IDSxpx86.sys [2009-03-07 276344] R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2006-10-17 8576] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-03-07 115560] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-11-09 197648] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-11-09 31248] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-07 101936] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-03-07 38496] S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-03-08 340040] S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-03-15 634944] S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-03-15 286791] S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2006-09-14 19128] S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2006-09-13 141056] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBAMSWISSARMY . Contents of the 'Scheduled Tasks' folder 2009-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - BHO-{fa59a23f-d93e-4c80-8122-076fc2f90f9a} - (no file) HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: Append to existing PDF IE: Convert link target to Adobe PDF IE: Convert link target to existing PDF IE: Convert selected links to Adobe PDF IE: Convert selected links to existing PDF IE: Convert selection to Adobe PDF IE: Convert selection to existing PDF IE: Convert to Adobe PDF DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Zack\Application Data\Mozilla\Firefox\Profiles\23knc70b.default\ FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-09 00:46:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1244) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-03-09 0:56:31 ComboFix-quarantined-files.txt 2009-03-09 05:56:26 ComboFix2.txt 2009-03-09 04:58:26 ComboFix3.txt 2009-03-09 04:29:40 ComboFix4.txt 2009-03-08 02:29:22 ComboFix5.txt 2009-03-09 05:43:02 Pre-Run: 4,713,451,520 bytes free Post-Run: 4,693,299,200 bytes free 269 --- E O F --- 2009-02-25 19:01:19 MBAM Log: Malwarebytes' Anti-Malware 1.34 Database version: 1828 Windows 5.1.2600 Service Pack 2 3/9/2009 1:04:29 AM mbam-log-2009-03-09 (01-04-29).txt Scan type: Quick Scan Objects scanned: 51028 Time elapsed: 4 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: \Check for Quake III Arena Updates.exe (Trojan.Lop.H) -> Quarantined and deleted successfully. HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:06:35 AM, on 3/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe C:\Program Files\Intel\Intel® Active Monitor\imontray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\program files\steam\steam.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Zack\Desktop\ATF-Cleaner.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158227831203 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166482132296 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 5940 bytes DDS.scr Attach / Log UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-02-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/18/2006 4:38:48 PM System Uptime: 3/8/2009 11:36:33 PM (2 hours ago) Motherboard: Intel Corporation | | D875PBZ Processor: Intel® Pentium® 4 CPU 2.80GHz | J2E1 | 2793/200mhz Processor: Intel® Pentium® 4 CPU 2.80GHz | J2E1 | 2793/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 112 GiB total, 4.382 GiB free. F: is CDROM (UDF) G: is CDROM (CDFS) H: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP19: 12/9/2008 3:38:37 PM - System Checkpoint RP20: 12/10/2008 1:00:16 PM - Software Distribution Service 3.0 RP21: 12/11/2008 1:00:18 PM - Software Distribution Service 3.0 RP22: 12/12/2008 2:37:39 PM - System Checkpoint RP23: 12/13/2008 2:37:57 PM - System Checkpoint RP24: 12/14/2008 4:44:08 PM - System Checkpoint RP25: 12/15/2008 5:38:20 PM - System Checkpoint RP26: 12/16/2008 6:38:18 PM - System Checkpoint RP27: 12/17/2008 8:07:56 PM - System Checkpoint RP28: 12/18/2008 1:00:23 PM - Software Distribution Service 3.0 RP29: 12/18/2008 9:41:10 PM - SPTD setup V1.50 RP30: 12/19/2008 11:55:54 PM - System Checkpoint RP31: 12/21/2008 12:40:01 AM - System Checkpoint RP32: 12/22/2008 1:11:16 AM - System Checkpoint RP33: 12/23/2008 1:13:04 AM - System Checkpoint RP34: 12/24/2008 2:09:59 AM - System Checkpoint RP35: 12/25/2008 2:11:01 AM - System Checkpoint RP36: 12/26/2008 3:09:55 AM - System Checkpoint RP37: 12/27/2008 4:09:55 AM - System Checkpoint RP38: 12/28/2008 5:09:59 AM - System Checkpoint RP39: 12/29/2008 6:09:55 AM - System Checkpoint RP40: 12/30/2008 7:09:55 AM - System Checkpoint RP41: 12/31/2008 8:08:12 AM - System Checkpoint RP42: 1/1/2009 1:28:42 AM - Installed DirectX RP43: 1/2/2009 2:27:54 AM - System Checkpoint RP44: 1/3/2009 3:32:28 AM - System Checkpoint RP45: 1/4/2009 3:42:05 AM - System Checkpoint RP46: 1/5/2009 4:28:58 AM - System Checkpoint RP47: 1/6/2009 9:28:13 AM - System Checkpoint RP48: 1/6/2009 1:01:33 PM - Installed MyRate from Progressive Insurance RP49: 1/7/2009 1:28:58 PM - System Checkpoint RP50: 1/8/2009 1:42:12 PM - System Checkpoint RP51: 1/9/2009 4:56:28 PM - System Checkpoint RP52: 1/10/2009 6:15:38 PM - System Checkpoint RP53: 1/11/2009 7:55:31 PM - System Checkpoint RP54: 1/12/2009 9:32:20 PM - System Checkpoint RP55: 1/14/2009 1:14:29 AM - System Checkpoint RP56: 1/14/2009 1:00:18 PM - Software Distribution Service 3.0 RP57: 1/15/2009 12:16:02 PM - Installed Windows XP KB915865. RP58: 1/15/2009 12:16:55 PM - Installed Windows NLSDownlevelMapping. RP59: 1/15/2009 12:17:43 PM - Installed Windows IDNMitigationAPIs. RP60: 1/15/2009 12:18:07 PM - Installed Windows Internet Explorer 7. RP61: 1/15/2009 1:00:20 PM - Software Distribution Service 3.0 RP62: 1/16/2009 1:24:12 PM - System Checkpoint RP63: 1/17/2009 2:24:09 PM - System Checkpoint RP64: 1/18/2009 8:31:02 PM - System Checkpoint RP65: 1/19/2009 10:19:11 PM - System Checkpoint RP66: 1/20/2009 11:20:30 PM - System Checkpoint RP67: 1/22/2009 3:05:19 AM - System Checkpoint RP68: 1/23/2009 4:02:34 AM - System Checkpoint RP69: 1/24/2009 4:58:48 AM - System Checkpoint RP70: 1/25/2009 7:11:31 AM - System Checkpoint RP71: 1/26/2009 7:58:31 AM - System Checkpoint RP72: 1/27/2009 9:30:26 AM - System Checkpoint RP73: 1/28/2009 9:58:31 AM - System Checkpoint RP74: 1/29/2009 10:58:31 AM - System Checkpoint RP75: 1/30/2009 4:26:00 PM - System Checkpoint RP76: 1/31/2009 6:21:17 PM - System Checkpoint RP77: 2/1/2009 7:35:49 PM - System Checkpoint RP78: 2/2/2009 7:58:53 PM - System Checkpoint RP79: 2/3/2009 1:44:35 PM - Software Distribution Service 3.0 RP80: 2/4/2009 5:07:34 PM - System Checkpoint RP81: 2/6/2009 1:08:23 AM - System Checkpoint RP82: 2/7/2009 1:54:39 AM - System Checkpoint RP83: 2/8/2009 2:43:17 AM - System Checkpoint RP84: 2/9/2009 3:56:18 AM - System Checkpoint RP85: 2/10/2009 4:42:57 AM - System Checkpoint RP86: 2/11/2009 5:42:58 AM - System Checkpoint RP87: 2/12/2009 6:43:02 AM - System Checkpoint RP88: 2/12/2009 1:00:21 PM - Software Distribution Service 3.0 RP89: 2/13/2009 1:16:27 PM - System Checkpoint RP90: 2/14/2009 4:57:22 PM - System Checkpoint RP91: 2/15/2009 10:37:29 PM - System Checkpoint RP92: 2/17/2009 5:50:46 AM - System Checkpoint RP93: 2/18/2009 6:16:07 AM - System Checkpoint RP94: 2/19/2009 7:16:08 AM - System Checkpoint RP95: 2/20/2009 7:57:16 AM - System Checkpoint RP96: 2/21/2009 8:57:18 AM - System Checkpoint RP97: 2/22/2009 9:57:15 AM - System Checkpoint RP98: 2/23/2009 10:57:15 AM - System Checkpoint RP99: 2/24/2009 11:35:11 AM - System Checkpoint RP100: 2/25/2009 11:57:16 AM - System Checkpoint RP101: 2/25/2009 1:00:19 PM - Software Distribution Service 3.0 RP102: 2/26/2009 2:31:45 PM - System Checkpoint RP103: 2/27/2009 3:19:24 PM - System Checkpoint RP104: 2/28/2009 4:19:25 PM - System Checkpoint RP105: 3/1/2009 4:22:47 PM - System Checkpoint RP106: 3/3/2009 6:28:11 AM - System Checkpoint RP107: 3/4/2009 6:38:02 AM - System Checkpoint RP108: 3/5/2009 7:27:35 AM - System Checkpoint RP109: 3/6/2009 8:04:00 AM - System Checkpoint RP110: 3/7/2009 3:04:12 AM - ComboFix created restore point RP111: 3/7/2009 4:30:44 AM - ComboFix created restore point RP112: 3/7/2009 7:24:21 AM - ComboFix created restore point RP113: 3/8/2009 8:20:32 AM - System Checkpoint RP114: 3/8/2009 11:33:13 PM - Removed Blaze Media Pro ==== Installed Programs ====================== 1600 1600_Help 1600Trb AceFTP 3 Freeware Ad-Aware Add or Remove Adobe Creative Suite 3 Master Collection Adobe Acrobat 8 Professional Adobe Acrobat 8.1.2 Professional Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Contribute CS3 Adobe Creative Suite 3 Master Collection Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe Encore CS3 Adobe Encore CS3 Codecs Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash CS3 Adobe Flash Player 10 Plugin Adobe Flash Player 9 Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Premiere Pro CS3 Adobe Premiere Pro CS3 Functional Content Adobe Premiere Pro CS3 Third Party Content Adobe Setup Adobe Shockwave Player Adobe SING CS3 Adobe Soundbooth CS3 Adobe Soundbooth CS3 Codecs Adobe Stock Photos CS3 Adobe SVG Viewer 3.0 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server Adobe Video Profiles Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 Advanced IM Password Recovery (remove only) AHV content for Acrobat and Flash AiO_Scan AiOSoftware Alarm 2.0.2 Apple Mobile Device Support Apple Software Update ATI Display Driver ATITool Overclocking Utility Audacity 1.2.6 AutoUpdate AVS Video Converter 6 Beyond the Red Line Bioshock Bonjour Combined Community Codec Pack 2007-07-22 CuteFTP 8 Home DAO DB-Tool 2.0 DivX Author Trial Version DivX Codec DivX Converter DivX Player DivX Web Player DS-MP3 Source 1.30 DScaler 5 Mpeg Decoders EditPlus 2 eFile Express 2006 eFile Express 2007 eFile Express 2008 Express Burn Fax ffdshow (remove only) FLAC Installer 1.1.2a (remove only) FontDoctor for Windows Free MP3 Converter Google Earth Half-Life 2 Half-Life 2: Deathmatch HijackThis 2.0.2 Homeworld2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB928388) Hotfix for Windows XP (KB929120) Hotfix for Windows XP (KB952287) HP Image Zone Express HP Product Assistant HP PSC & OfficeJet 4.7 HP Software Update iDump v1.1.1 Intel® Active Monitor Intel® PRO Network Adapters and Drivers iTunes J2SE Runtime Environment 5.0 Update 6 Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable mIRC MixPad Mozilla Firefox (3.0.7) Mozilla Thunderbird (2.0.0.19) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MultipleIEs MyRate from Progressive Insurance Nero 7 Norton AntiVirus NVIDIA Drivers OpenOffice.org 2.0 PDF Settings Portal Portal
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.