Jump to content

omega_cmm

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by omega_cmm

  1. omega_cmm
    THANKS!!!!!!!! It is all good now. I really appreciate all the help!
  2. omega_cmm
    sorry i forgot the fcopy part new report..... ComboFix 09-04-01.01 - omega 2009-04-01 17:36:10.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1560 [GMT -4:00] Running from: c:\documents and settings\omega.BTECSOLUTIONS\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\omega.BTECSOLUTIONS\Desktop\cfscript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\userinit.exe --> c:\windows\system32\userinit.exe . ((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 ))))))))))))))))))))))))))))))) . 2009-03-25 16:17 . 2009-03-25 16:11 135,486 --a------ C:\DUBO-PDF.pdf 2009-03-20 08:04 . 2009-03-20 08:04 <DIR> d-------- c:\program files\Trend Micro 2009-03-19 11:59 . 2009-03-19 11:59 <DIR> d---s---- c:\documents and settings\omega.BTECSOLUTIONS\UserData 2009-03-13 13:00 . 2009-04-01 09:32 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\OpenOffice.org2 2009-03-13 11:23 . 2009-03-13 11:23 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-03-13 11:23 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-03-13 11:23 . 2009-03-13 11:23 376 --a------ c:\windows\ODBC.INI 2009-03-13 11:22 . 2009-03-13 11:22 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-13 11:21 . 2009-03-13 11:21 <DIR> dr-h----- C:\MSOCache 2009-03-13 11:18 . 2009-03-13 11:18 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\Apple Computer 2009-03-13 10:54 . 2009-03-13 10:54 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\Malwarebytes 2009-03-13 10:49 . 2009-03-13 10:49 <DIR> d-------- c:\windows\SchCache 2009-03-13 10:48 . 2009-03-13 10:48 <DIR> d-------- c:\documents and settings\matt-f.BTECSOLUTIONS 2009-03-13 10:45 . 2009-03-19 11:59 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS 2009-03-12 11:26 . 2009-03-12 11:26 <DIR> d-------- c:\documents and settings\mistral\Application Data\Malwarebytes 2009-03-12 11:26 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-12 11:25 . 2009-03-31 07:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-12 11:25 . 2009-03-12 11:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-12 11:25 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-12 08:24 . 2009-03-12 10:25 <DIR> d-------- c:\program files\Yahoo! 2009-03-12 08:24 . 2009-03-12 08:24 <DIR> d-------- c:\documents and settings\mistral\Application Data\Yahoo! 2009-03-12 08:23 . 2009-03-12 08:24 <DIR> d-------- c:\program files\CCleaner 2009-03-06 10:32 . 2008-09-25 09:08 1,941,504 --a------ C:\SharePod.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-16 21:41 --------- d-----w c:\program files\Microsoft Silverlight 2009-03-13 14:07 --------- d-----w c:\documents and settings\mistral\Application Data\OpenOffice.org2 2009-03-13 13:28 --------- d-----w c:\documents and settings\mistral\Application Data\uTorrent 2009-03-12 13:55 --------- d-----w c:\program files\Java 2009-03-06 16:47 --------- d-----w c:\program files\Symantec AntiVirus 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((( SnapShot@2009-03-30_17.11.43.93 ))))))))))))))))))))))))))))))))))))))))) . - 2004-08-04 07:56:57 24,576 ----a-w c:\windows\system32\dllcache\userinit.exe + 2008-04-14 09:42:40 26,112 ----a-w c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Java S1"="\\?\globalroot\systemroot\system32\mschr.exe" [?] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192] . Contents of the 'Scheduled Tasks' folder 2009-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp uInternet Connection Wizard,ShellNext = hxxp://onlinenotifyq.net/land/eurl/?code=266 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: {5DA91415-C879-4F79-B489-FAB4A1763CBF} = 192.168.1.2,192.168.1.13 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-01 17:37:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1152) c:\program files\Bonjour\mdnsNSP.dll . Completion time: 2009-04-01 17:38:20 ComboFix-quarantined-files.txt 2009-04-01 21:38:17 ComboFix2.txt 2009-04-01 20:53:16 ComboFix3.txt 2009-04-01 12:48:55 ComboFix4.txt 2009-03-31 11:26:17 Pre-Run: 59,601,907,712 bytes free Post-Run: 59,596,083,200 bytes free 120 --- E O F --- 2009-03-11 07:00:29
  3. omega_cmm
    ComboFix 09-04-01.01 - omega 2009-04-01 16:50:55.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1585 [GMT -4:00] Running from: c:\documents and settings\omega.BTECSOLUTIONS\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\omega.BTECSOLUTIONS\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 ))))))))))))))))))))))))))))))) . 2009-03-25 16:17 . 2009-03-25 16:11 135,486 --a------ C:\DUBO-PDF.pdf 2009-03-20 08:04 . 2009-03-20 08:04 <DIR> d-------- c:\program files\Trend Micro 2009-03-19 11:59 . 2009-03-19 11:59 <DIR> d---s---- c:\documents and settings\omega.BTECSOLUTIONS\UserData 2009-03-13 13:00 . 2009-04-01 09:32 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\OpenOffice.org2 2009-03-13 11:23 . 2009-03-13 11:23 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-03-13 11:23 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-03-13 11:23 . 2009-03-13 11:23 376 --a------ c:\windows\ODBC.INI 2009-03-13 11:22 . 2009-03-13 11:22 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-13 11:21 . 2009-03-13 11:21 <DIR> dr-h----- C:\MSOCache 2009-03-13 11:18 . 2009-03-13 11:18 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\Apple Computer 2009-03-13 10:54 . 2009-03-13 10:54 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\Malwarebytes 2009-03-13 10:49 . 2009-03-13 10:49 <DIR> d-------- c:\windows\SchCache 2009-03-13 10:48 . 2009-03-13 10:48 <DIR> d-------- c:\documents and settings\matt-f.BTECSOLUTIONS 2009-03-13 10:45 . 2009-03-19 11:59 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS 2009-03-12 11:26 . 2009-03-12 11:26 <DIR> d-------- c:\documents and settings\mistral\Application Data\Malwarebytes 2009-03-12 11:26 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-12 11:25 . 2009-03-31 07:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-12 11:25 . 2009-03-12 11:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-12 11:25 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-12 08:24 . 2009-03-12 10:25 <DIR> d-------- c:\program files\Yahoo! 2009-03-12 08:24 . 2009-03-12 08:24 <DIR> d-------- c:\documents and settings\mistral\Application Data\Yahoo! 2009-03-12 08:23 . 2009-03-12 08:24 <DIR> d-------- c:\program files\CCleaner 2009-03-06 10:32 . 2008-09-25 09:08 1,941,504 --a------ C:\SharePod.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-16 21:41 --------- d-----w c:\program files\Microsoft Silverlight 2009-03-13 14:07 --------- d-----w c:\documents and settings\mistral\Application Data\OpenOffice.org2 2009-03-13 13:28 --------- d-----w c:\documents and settings\mistral\Application Data\uTorrent 2009-03-12 13:55 --------- d-----w c:\program files\Java 2009-03-06 16:47 --------- d-----w c:\program files\Symantec AntiVirus 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\dllcache\win32k.sys . ------- Sigcheck ------- 2004-08-04 03:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 05:42 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe 2004-08-04 03:56 24576 9f81016eddfda65cb7095eb8fbd75f7b c:\windows\system32\userinit.exe 2004-08-04 03:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Java S1"="\\?\globalroot\systemroot\system32\mschr.exe" [?] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192] . Contents of the 'Scheduled Tasks' folder 2009-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp uInternet Connection Wizard,ShellNext = hxxp://onlinenotifyq.net/land/eurl/?code=266 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: {5DA91415-C879-4F79-B489-FAB4A1763CBF} = 192.168.1.2,192.168.1.13 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-01 16:52:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1152) c:\program files\Bonjour\mdnsNSP.dll . Completion time: 2009-04-01 16:53:14 ComboFix-quarantined-files.txt 2009-04-01 20:53:12 ComboFix2.txt 2009-04-01 12:48:55 ComboFix3.txt 2009-03-31 11:26:17 Pre-Run: 59,620,896,768 bytes free Post-Run: 59,618,611,200 bytes free 114 --- E O F --- 2009-03-11 07:00:29
  4. omega_cmm
    File userinit.exe received on 04.01.2009 16:10:45 (CET) Current status: finished Result: 5/40 (12.50%) Compact Print results Antivirus Version Last Update Result a-squared 4.0.0.101 2009.04.01 Trojan.Trash!IK AhnLab-V3 5.0.0.2 2009.04.01 - AntiVir 7.9.0.129 2009.04.01 TR/Trash.Gen Antiy-AVL 2.0.3.1 2009.04.01 - Authentium 5.1.2.4 2009.03.31 - Avast 4.8.1335.0 2009.03.31 - AVG 8.5.0.285 2009.04.01 - BitDefender 7.2 2009.04.01 - CAT-QuickHeal 10.00 2009.04.01 - ClamAV 0.94.1 2009.04.01 - Comodo 1092 2009.03.31 - DrWeb 4.44.0.09170 2009.04.01 - eSafe 7.0.17.0 2009.04.01 - eTrust-Vet 31.6.6429 2009.04.01 - F-Prot 4.4.4.56 2009.03.31 - F-Secure 8.0.14470.0 2009.04.01 - Fortinet 3.117.0.0 2009.04.01 - GData 19 2009.04.01 - Ikarus T3.1.1.49.0 2009.04.01 Trojan.Trash K7AntiVirus 7.10.687 2009.03.31 - Kaspersky 7.0.0.125 2009.04.01 - McAfee 5570 2009.03.31 - McAfee+Artemis 5570 2009.03.31 - McAfee-GW-Edition 6.7.6 2009.04.01 Trojan.Trash.Gen Microsoft 1.4502 2009.04.01 - NOD32 3980 2009.04.01 - Norman 6.00.06 2009.04.01 Sohanad.BCW nProtect 2009.1.8.0 2009.04.01 - Panda 10.0.0.14 2009.03.31 - PCTools 4.4.2.0 2009.04.01 - Prevx1 V2 2009.04.01 - Rising 21.23.22.00 2009.04.01 - Sophos 4.40.0 2009.04.01 - Sunbelt 3.2.1858.2 2009.04.01 - Symantec 1.4.4.12 2009.04.01 - TheHacker 6.3.4.0.298 2009.04.01 - TrendMicro 8.700.0.1004 2009.04.01 - VBA32 3.12.10.1 2009.03.31 - ViRobot 2009.4.1.1671 2009.04.01 - VirusBuster 4.6.5.0 2009.03.31 - Additional information File size: 24576 bytes MD5...: 9f81016eddfda65cb7095eb8fbd75f7b SHA1..: 24538b773702974df1f871db2e26c3647be88ea3 SHA256: aee790bcb9af3f1e3b684b5b214dcceeb1ad2955532e017832d7d6d68b8872c2 SHA512: 9676cdbf4d8a3128d91dc83b1dd1c6184205b729a1fe4cbc03b008d4effb6943 d3ca2e41016a16713d4133ea23cdfc008935ae12c44b3bfddd5adc4a03a929b4 ssdeep: 384:DNkhB/JD1CzaxzOV6s9cKmdPGFQ273eLXVBYkkjuv1hkNLdbaLa4CwUJuUCS F4WL:gJDUaxgu5YEVBxkjuv7wbaLa4PU4b7 PEiD..: - TrID..: File type identification Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%) PEInfo: - RDS...: NSRL Reference Data Set -
  5. omega_cmm
    ComboFix 09-03-31.03 - omega 2009-04-01 8:46:21.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1595 [GMT -4:00] Running from: c:\documents and settings\omega.BTECSOLUTIONS\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 ))))))))))))))))))))))))))))))) . 2009-03-25 16:17 . 2009-03-25 16:11 135,486 --a------ C:\DUBO-PDF.pdf 2009-03-20 08:04 . 2009-03-20 08:04 <DIR> d-------- c:\program files\Trend Micro 2009-03-19 11:59 . 2009-03-19 11:59 <DIR> d---s---- c:\documents and settings\omega.BTECSOLUTIONS\UserData 2009-03-13 13:00 . 2009-03-31 10:21 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\OpenOffice.org2 2009-03-13 11:23 . 2009-03-13 11:23 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-03-13 11:23 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-03-13 11:23 . 2009-03-13 11:23 376 --a------ c:\windows\ODBC.INI 2009-03-13 11:22 . 2009-03-13 11:22 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-13 11:21 . 2009-03-13 11:21 <DIR> dr-h----- C:\MSOCache 2009-03-13 11:18 . 2009-03-13 11:18 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\Apple Computer 2009-03-13 10:54 . 2009-03-13 10:54 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\Malwarebytes 2009-03-13 10:49 . 2009-03-13 10:49 <DIR> d-------- c:\windows\SchCache 2009-03-13 10:48 . 2009-03-13 10:48 <DIR> d-------- c:\documents and settings\matt-f.BTECSOLUTIONS 2009-03-13 10:45 . 2009-03-19 11:59 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS 2009-03-12 11:26 . 2009-03-12 11:26 <DIR> d-------- c:\documents and settings\mistral\Application Data\Malwarebytes 2009-03-12 11:26 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-12 11:25 . 2009-03-31 07:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-12 11:25 . 2009-03-12 11:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-12 11:25 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-12 08:24 . 2009-03-12 10:25 <DIR> d-------- c:\program files\Yahoo! 2009-03-12 08:24 . 2009-03-12 08:24 <DIR> d-------- c:\documents and settings\mistral\Application Data\Yahoo! 2009-03-12 08:23 . 2009-03-12 08:24 <DIR> d-------- c:\program files\CCleaner 2009-03-06 10:32 . 2008-09-25 09:08 1,941,504 --a------ C:\SharePod.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-16 21:41 --------- d-----w c:\program files\Microsoft Silverlight 2009-03-13 14:07 --------- d-----w c:\documents and settings\mistral\Application Data\OpenOffice.org2 2009-03-13 13:28 --------- d-----w c:\documents and settings\mistral\Application Data\uTorrent 2009-03-12 13:55 --------- d-----w c:\program files\Java 2009-03-06 16:47 --------- d-----w c:\program files\Symantec AntiVirus 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\dllcache\win32k.sys . ------- Sigcheck ------- 2004-08-04 03:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 05:42 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe 2004-08-04 03:56 24576 9f81016eddfda65cb7095eb8fbd75f7b c:\windows\system32\userinit.exe 2004-08-04 03:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Java S1"="\\?\globalroot\systemroot\system32\mschr.exe" [?] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192] . Contents of the 'Scheduled Tasks' folder 2009-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp uInternet Connection Wizard,ShellNext = hxxp://onlinenotifyq.net/land/eurl/?code=266 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: {5DA91415-C879-4F79-B489-FAB4A1763CBF} = 192.168.1.2,192.168.1.13 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-01 08:47:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1152) c:\program files\Bonjour\mdnsNSP.dll . Completion time: 2009-04-01 8:48:54 ComboFix-quarantined-files.txt 2009-04-01 12:48:51 ComboFix2.txt 2009-03-31 11:26:17 Pre-Run: 59,639,365,632 bytes free Post-Run: 59,637,157,888 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 119 --- E O F --- 2009-03-11 07:00:29 THANKS!!!!
  6. omega_cmm
    Ran Malwarebytes Malware Removal and it constantly comes up with 2 viruses I can not get rid of. I have run Hijack this and also combo fix. So if you could review the logs and give me info on how to remove the virus it would be great. Latest Malware log Malwarebytes' Anti-Malware 1.35 Database version: 1923 Windows 5.1.2600 Service Pack 3 2009-03-31 08:27:55 mbam-log-2009-03-31 (08-27-55).txt Scan type: Full Scan (C:\|) Objects scanned: 132442 Time elapsed: 49 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP285\A0016427.exe (Trojan.Agent) -> Quarantined and deleted successfully. Latest Combo Fix run.... ComboFix 09-03-30.02 - omega 2009-03-31 7:22:58.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1627 [GMT -4:00] Running from: c:\documents and settings\omega.BTECSOLUTIONS\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\system32\uniq.tll . ((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 ))))))))))))))))))))))))))))))) . 2009-03-25 16:17 . 2009-03-25 16:11 135,486 --a------ C:\DUBO-PDF.pdf 2009-03-20 08:04 . 2009-03-20 08:04 <DIR> d-------- c:\program files\Trend Micro 2009-03-19 11:59 . 2009-03-19 11:59 <DIR> d---s---- c:\documents and settings\omega.BTECSOLUTIONS\UserData 2009-03-13 13:00 . 2009-03-30 10:32 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\OpenOffice.org2 2009-03-13 11:23 . 2009-03-13 11:23 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-03-13 11:23 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-03-13 11:23 . 2009-03-13 11:23 376 --a------ c:\windows\ODBC.INI 2009-03-13 11:22 . 2009-03-13 11:22 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-13 11:21 . 2009-03-13 11:21 <DIR> dr-h----- C:\MSOCache 2009-03-13 11:18 . 2009-03-13 11:18 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\Apple Computer 2009-03-13 10:54 . 2009-03-13 10:54 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS\Application Data\Malwarebytes 2009-03-13 10:49 . 2009-03-13 10:49 <DIR> d-------- c:\windows\SchCache 2009-03-13 10:48 . 2009-03-13 10:48 <DIR> d-------- c:\documents and settings\matt-f.BTECSOLUTIONS 2009-03-13 10:45 . 2009-03-19 11:59 <DIR> d-------- c:\documents and settings\omega.BTECSOLUTIONS 2009-03-12 11:26 . 2009-03-12 11:26 <DIR> d-------- c:\documents and settings\mistral\Application Data\Malwarebytes 2009-03-12 11:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-12 11:25 . 2009-03-12 11:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-12 11:25 . 2009-03-12 11:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-12 11:25 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-12 08:24 . 2009-03-12 10:25 <DIR> d-------- c:\program files\Yahoo! 2009-03-12 08:24 . 2009-03-12 08:24 <DIR> d-------- c:\documents and settings\mistral\Application Data\Yahoo! 2009-03-12 08:23 . 2009-03-12 08:24 <DIR> d-------- c:\program files\CCleaner 2009-03-06 10:32 . 2008-09-25 09:08 1,941,504 --a------ C:\SharePod.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-16 21:41 --------- d-----w c:\program files\Microsoft Silverlight 2009-03-13 14:07 --------- d-----w c:\documents and settings\mistral\Application Data\OpenOffice.org2 2009-03-13 13:28 --------- d-----w c:\documents and settings\mistral\Application Data\uTorrent 2009-03-12 13:55 --------- d-----w c:\program files\Java 2009-03-06 16:47 --------- d-----w c:\program files\Symantec AntiVirus 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\dllcache\win32k.sys 2008-12-12 17:01 3,067,904 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\dllcache\srv.sys 2008-12-05 06:54 144,896 ----a-w c:\windows\system32\schannel.dll 2008-12-05 06:54 144,896 ------w c:\windows\system32\dllcache\schannel.dll . ------- Sigcheck ------- 2004-08-04 03:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-14 05:42 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe 2004-08-04 03:56 24576 9f81016eddfda65cb7095eb8fbd75f7b c:\windows\system32\userinit.exe 2004-08-04 03:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Java S1"="\\?\globalroot\systemroot\system32\mschr.exe" [?] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192] . Contents of the 'Scheduled Tasks' folder 2009-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp uInternet Connection Wizard,ShellNext = hxxp://onlinenotifyq.net/land/eurl/?code=266 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: {5DA91415-C879-4F79-B489-FAB4A1763CBF} = 192.168.1.2,192.168.1.13 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-31 07:25:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1152) c:\program files\Bonjour\mdnsNSP.dll . Completion time: 2009-03-31 7:26:15 ComboFix-quarantined-files.txt 2009-03-31 11:26:13 Pre-Run: 59,760,525,312 bytes free Post-Run: 59,753,869,312 bytes free 123 --- E O F --- 2009-03-11 07:00:29 tell me if you need anything else please. Thanks
  7. omega_cmm
    so i deleted those 4 things and ran the quick scan and came up with this... Malwarebytes' Anti-Malware 1.34 Database version: 1878 Windows 5.1.2600 Service Pack 3 3/20/2009 12:12:36 PM mbam-log-2009-03-20 (12-12-36).txt Scan type: Quick Scan Objects scanned: 76218 Time elapsed: 4 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. omega_cmm
    new run with updated version... Malwarebytes' Anti-Malware 1.34 Database version: 1878 Windows 5.1.2600 Service Pack 3 3/20/2009 12:06:26 PM mbam-log-2009-03-20 (12-06-26).txt Scan type: Full Scan (C:\|) Objects scanned: 131951 Time elapsed: 42 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
  9. omega_cmm
    Malwarebytes' Anti-Malware 1.34 Database version: 1841 Windows 5.1.2600 Service Pack 3 3/20/2009 10:16:04 AM mbam-log-2009-03-20 (10-16-04).txt Scan type: Quick Scan Objects scanned: 74209 Time elapsed: 1 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) hijack this reports was as follows.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:05:17 AM, on 3/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\PC-DMISW_37MR3\PCDLRN.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://onlinenotifyq.net/land/eurl/?code=266 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [Java S1] \\?\globalroot\systemroot\system32\mschr.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Java S1] \\?\globalroot\systemroot\system32\mschr.exe (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211401670171 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.btecsolutions.com O17 - HKLM\Software\..\Telephony: DomainName = corp.btecsolutions.com O17 - HKLM\System\CCS\Services\Tcpip\..\{5DA91415-C879-4F79-B489-FAB4A1763CBF}: NameServer = 192.168.1.2,192.168.1.13 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.btecsolutions.com O17 - HKLM\System\CS1\Services\Tcpip\..\{5DA91415-C879-4F79-B489-FAB4A1763CBF}: NameServer = 192.168.1.2,192.168.1.13 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.btecsolutions.com O17 - HKLM\System\CS2\Services\Tcpip\..\{5DA91415-C879-4F79-B489-FAB4A1763CBF}: NameServer = 192.168.1.2,192.168.1.13 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 6590 bytes
  10. omega_cmm
    I have ran the malwarebytes over and over and it will not get rid of 2 things Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\matt-f.BTECSOLUTIONS\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\omega.BTECSOLUTIONS\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\matt-f.BTECSOLUTIONS\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\omega.BTECSOLUTIONS\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Delete on reboot. I also ran the hijack this. I just need help with what to do with this information now. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.