Terry Morin

Members

View Profile See their activity

Posts
7
Joined
April 21, 2009
Last visited
April 26, 2009

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Terry Morin

Seven items are detected but not removed after reboot

Terry Morin replied to Terry Morin's topic in Resolved Malware Removal Logs

Hello again. My PC is running well, here is the log of the online scan # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=4035 (20090425) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=8588070099faa141962a78ea73ec90f9 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-04-26 02:33:17 # local_time=2009-04-25 08:33:17 (-0700, Mountain Daylight Time) # country="Canada" # osver=5.1.2600 NT Service Pack 3 # scanned=366736 # found=2 # scan_time=2073 C:\Qoobox\Quarantine\[75]-Submit_2009-04-23@23.00.zip Win32/BHO.EXT trojan (deleted) 00000000000000000000000000000000 C:\Qoobox\Quarantine\[75]-Submit_2009-04-23@23.00.zip
- April 26, 2009
- 14 replies
Seven items are detected but not removed after reboot

Terry Morin replied to Terry Morin's topic in Resolved Malware Removal Logs

Whoops! Began the celebration early I see. You probably noticed I reinstalled my Windows One Care but hopefully disabled as requested. Here are the logs ComboFix 09-04-25.03 - Craig Selby 24/04/2009 20:49.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1510 [GMT -6:00] Running from: c:\documents and settings\Craig Selby\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Craig Selby\Desktop\CFScript.txt AV: Windows Live OneCare *On-access scanning disabled* (Updated) FW: Windows Live OneCare Firewall *disabled* FILE :: c:\windows\system32\drivers\btasjsuh.sys c:\windows\system32\drivers\FJDJMGWH.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\btasjsuh.sys . 2009-04-23 05:02:17 . 2009-04-23 05:02:17 2,510 ----a-w C:\Qoobox\Quarantine\Registry_backups\Service_UACd.sys.reg.dat 2009-04-23 05:02:17 . 2009-04-23 05:02:17 6,070 ----a-w C:\Qoobox\Quarantine\Registry_backups\Service_fjdjmgwh.reg.dat 2009-04-23 05:02:17 . 2009-04-25 02:50:57 806 ----a-w C:\Qoobox\Quarantine\Registry_backups\Legacy_FJDJMGWH.reg.dat 2009-04-23 05:02:11 . 2009-04-25 02:50:51 7,614 ----a-w C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-04-23 05:01:07 . 2009-04-23 05:01:07 507 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_fjdjmgwh_.sys.zip 2009-04-23 05:01:07 . 2009-04-23 05:01:07 587 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\_catsrvp_.dll.zip 2009-04-23 05:01:01 . 2009-04-23 05:01:02 12,162 ----a-w C:\Qoobox\Quarantine\[75]-Submit_2009-04-23@23.00.zip 2009-04-23 04:54:35 . 2009-04-25 02:48:22 507 ----a-w C:\Qoobox\Quarantine\catchme.log 2009-04-21 04:53:27 . 2009-04-21 04:58:48 1,238 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp.reg.vir 2009-04-12 04:38:57 . 2009-04-12 23:39:45 97,792 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\catsrvp.dll.vir 2004-08-10 17:51:17 . 2009-04-23 05:01:02 23,424 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\btasjsuh.sys.vir 2004-08-10 17:51:17 . 2004-08-04 10:00:00 23,424 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\fjdjmgwh.sys.vir ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FJDJMGWH ((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 ))))))))))))))))))))))))))))))) . 2009-04-23 08:58 . 2009-04-23 08:59 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-23 07:33 . 2009-04-23 07:33 5 ----a-w c:\windows\system32\drivers\DELL_XPS_MM061 .MRK 2009-04-23 07:33 . 2009-04-23 07:33 5 ----a-w c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK 2009-04-23 07:33 . 2005-07-08 19:19 666 ----a-w c:\windows\speed.reg 2009-04-23 07:23 . 2007-10-10 01:17 416 ----a-w c:\windows\system32\vcredist_x86.bat 2009-04-23 07:23 . 2007-10-10 01:17 2682880 ----a-w c:\windows\system32\vcredist_x86.exe 2009-04-23 07:22 . 2009-04-23 07:22 22729 ----a-w C:\newkey 2009-04-23 07:22 . 2009-04-23 07:22 22729 ----a-w C:\newfile.enc 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\documents and settings\Craig Selby\Local Settings\Application Data\SupportSoft 2009-04-23 07:10 . 2009-04-23 07:10 -------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft 2009-04-23 07:10 . 2009-04-23 07:10 -------- d-----w c:\documents and settings\All Users\Application Data\PCDr 2009-04-23 07:10 . 2009-04-23 07:10 -------- d-----w c:\documents and settings\All Users\Application Data\PC-Doctor 2009-04-23 07:09 . 2009-04-23 07:12 -------- d-----w c:\documents and settings\All Users\Application Data\Dell 2009-04-23 07:05 . 2007-08-21 15:58 146944 ----a-w c:\windows\system32\st325602.dll 2009-04-23 07:04 . 2009-04-23 07:04 -------- d-----w c:\documents and settings\Craig Selby\Application Data\InstallShield 2009-04-23 07:02 . 2008-04-13 18:36 8832 ----a-w c:\windows\system32\drivers\wmiacpi.sys 2009-04-23 07:02 . 2008-04-13 18:36 8832 ----a-w c:\windows\system32\dllcache\wmiacpi.sys 2009-04-23 06:50 . 2009-04-23 06:50 -------- d-----w c:\documents and settings\Craig Selby\Local Settings\Application Data\Identities 2009-04-23 06:49 . 2009-04-23 06:49 -------- d-----w c:\documents and settings\Craig Selby\Application Data\Windows Desktop Search 2009-04-23 06:49 . 2009-04-23 06:49 -------- d-----w c:\windows\system32\GroupPolicy 2009-04-23 06:48 . 2008-03-07 17:02 98304 ------w c:\windows\system32\dllcache\nlhtml.dll 2009-04-23 06:48 . 2008-03-07 17:02 29696 ------w c:\windows\system32\dllcache\mimefilt.dll 2009-04-23 06:48 . 2008-03-07 17:02 192000 ------w c:\windows\system32\dllcache\offfilt.dll 2009-04-23 05:27 . 2007-11-28 04:56 91328 ----a-w c:\windows\system32\drivers\msfwdrv.sys 2009-04-23 05:27 . 2007-11-28 04:56 116416 ----a-w c:\windows\system32\drivers\msfwhlpr.sys 2009-04-23 05:26 . 2008-05-15 22:15 53168 ----a-w c:\windows\system32\drivers\MpFilter.sys 2009-04-22 07:18 . 2009-04-22 07:18 -------- d-----w c:\windows\system32\NtmsData 2009-04-22 06:51 . 2009-04-06 21:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-22 06:51 . 2009-04-06 21:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-17 07:47 . 2009-02-13 17:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-17 07:12 . 2009-04-17 07:30 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-17 04:23 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-17 04:23 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-17 04:23 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-17 04:23 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-17 04:23 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-17 04:23 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-17 04:23 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-17 04:23 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-17 04:23 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-17 04:23 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-17 04:21 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-17 04:21 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-13 09:28 . 2009-04-13 09:28 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-04-13 07:19 . 2009-01-09 19:19 1089593 ------w c:\windows\system32\dllcache\ntprint.cat 2009-04-13 05:02 . 2009-04-13 05:02 -------- d-----w c:\documents and settings\Craig Selby\Application Data\Malwarebytes 2009-04-13 05:02 . 2009-04-13 05:02 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-12 20:18 . 2009-04-12 20:18 -------- d-----w c:\documents and settings\Craig Selby\Local Settings\Application Data\Symantec 2009-04-12 12:52 . 2009-04-12 12:52 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Symantec 2009-04-12 11:52 . 2009-04-12 11:52 -------- d-----w c:\windows\system32\XPSViewer 2009-04-12 11:52 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-04-12 11:52 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll 2009-04-12 11:52 . 2009-04-12 11:52 -------- d-----w C:\94ef67d20e48c4ca9452ded76f 2009-04-12 11:52 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll 2009-04-12 11:52 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll 2009-04-12 11:52 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll 2009-04-12 11:52 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll 2009-04-12 11:52 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-04-12 11:06 . 2009-04-12 11:06 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-12 11:05 . 2009-04-12 22:17 -------- d-----w c:\documents and settings\All Users\Application Data\Norton 2009-04-12 11:05 . 2009-04-12 11:05 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller 2009-04-12 09:41 . 2009-04-17 04:45 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-12 04:29 . 2009-04-12 04:29 73928 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-25 02:41 . 2009-04-23 05:23 -------- d-----w c:\program files\Microsoft Windows OneCare Live 2009-04-23 08:59 . 2009-04-23 08:58 -------- d-----w c:\program files\iTunes 2009-04-23 08:59 . 2009-04-23 08:59 -------- d-----w c:\program files\iPod 2009-04-23 08:58 . 2007-07-13 04:52 -------- d-----w c:\program files\Common Files\Apple 2009-04-23 07:43 . 2006-09-22 07:03 -------- d-----w c:\program files\Broadcom 2009-04-23 07:38 . 2009-04-23 07:38 -------- d-----w c:\program files\DIFX 2009-04-23 07:33 . 2006-09-22 06:59 -------- d-----w c:\program files\Dell 2009-04-23 07:27 . 2009-04-23 07:27 -------- d-----w c:\program files\Intel 2009-04-23 07:10 . 2009-04-23 07:09 -------- d-----w c:\program files\Dell Support Center 2009-04-23 07:09 . 2009-04-23 07:09 -------- d-----w c:\program files\Common Files\supportsoft 2009-04-23 07:06 . 2009-04-23 07:06 304 ----a-w c:\windows\system32\drivers\sthdae.log 2009-04-23 07:05 . 2006-09-22 07:02 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-23 06:49 . 2009-04-23 06:49 -------- d-----w c:\program files\Windows Desktop Search 2009-04-22 06:51 . 2009-04-22 06:51 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-21 06:04 . 2009-04-21 06:04 -------- d-----w c:\program files\Trend Micro 2009-04-17 04:45 . 2009-04-12 09:41 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-17 04:41 . 2008-08-27 04:05 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-04-17 04:41 . 2007-03-31 04:57 -------- d-----w c:\program files\Lavasoft 2009-04-12 20:08 . 2006-10-01 03:09 73928 ----a-w c:\documents and settings\Craig Selby\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-12 11:52 . 2009-04-12 11:52 -------- d-----w c:\program files\MSBuild 2009-04-12 11:52 . 2009-04-12 11:52 -------- d-----w c:\program files\Reference Assemblies 2009-04-10 01:49 . 2009-04-10 01:49 0 ----a-w c:\documents and settings\Craig Selby\Application Data\~eu37.tmp 2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll 2009-03-19 22:32 . 2008-01-29 18:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-19 04:01 . 2009-03-19 04:01 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-19 04:00 . 2008-12-03 15:56 -------- d-----w c:\program files\QuickTime 2009-03-19 00:37 . 2009-03-19 00:37 -------- d-----w c:\program files\Bonjour 2009-03-16 04:37 . 2009-03-16 04:33 -------- d-----w c:\program files\Microsoft 2009-03-16 04:37 . 2009-03-16 04:32 -------- d-----w c:\program files\Windows Live 2009-03-16 04:36 . 2006-11-20 02:36 -------- d-----w c:\program files\Windows Live Toolbar 2009-03-16 04:36 . 2009-03-16 04:36 -------- d-----w c:\program files\Microsoft Sync Framework 2009-03-16 04:33 . 2007-02-04 00:31 -------- d-----w c:\program files\MSN Messenger 2009-03-16 04:32 . 2009-03-16 04:32 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-16 03:48 . 2009-03-16 03:48 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 04:39 . 2007-12-20 14:23 -------- d-----w c:\documents and settings\Craig Selby\Application Data\U3 2009-03-03 00:18 . 2006-09-22 06:58 826368 ----a-w c:\windows\system32\dllcache\wininet.dll 2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-28 04:54 . 2006-10-17 20:04 636072 ------w c:\windows\system32\dllcache\iexplore.exe 2009-02-27 04:28 . 2008-05-22 03:29 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 10:20 . 2007-05-09 13:55 13824 ------w c:\windows\system32\dllcache\ieudinit.exe 2009-02-20 10:20 . 2006-10-27 09:44 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2009-02-20 05:14 . 2006-10-27 09:42 161792 ------w c:\windows\system32\dllcache\ieakui.dll 2009-02-09 12:10 . 2004-08-10 17:51 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-10 17:51 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2004-08-10 17:51 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-10 17:50 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 11:13 . 2008-10-15 04:17 1846784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-09 11:13 . 2004-08-10 17:51 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-08 01:02 . 2008-10-15 04:15 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-07 01:03 . 2009-02-07 01:03 307576 ----a-w c:\windows\WLXPGSS.SCR 2009-02-07 00:52 . 2009-02-07 00:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-06 11:11 . 2004-08-10 17:51 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2008-10-15 04:15 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-06 11:06 . 2008-10-15 04:15 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-06 11:06 . 2004-08-10 17:51 2145280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-10 17:51 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:32 . 2008-10-15 04:15 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-06 10:32 . 2004-08-04 03:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll 2009-02-03 19:59 . 2004-08-10 17:51 56832 ----a-w c:\windows\system32\secur32.dll 2008-12-30 04:34 . 2007-02-14 15:21 73344 ----a-w c:\documents and settings\Craig Selby\Application Data\GDIPFONTCACHEV1.DAT 2006-10-01 01:03 . 2006-10-01 01:03 134 ----a-w c:\documents and settings\Craig Selby\Local Settings\Application Data\fusioncache.dat 2006-09-22 07:14 . 2009-04-12 02:26 128 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat 2008-09-01 04:24 . 2008-09-01 04:24 32768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\NtmsData ---- 2009-04-22 07:18 . 2009-04-22 07:18 816 ----a-w c:\windows\system32\NtmsData\NTMSREG 2009-04-22 07:18 . 2009-04-22 07:18 79496 ----a-w c:\windows\system32\NtmsData\NTMSIDX 2009-04-22 07:18 . 2009-04-22 07:18 110592 ----a-w c:\windows\system32\NtmsData\NTMSDATA 2009-04-22 07:18 . 2009-04-22 07:18 110592 ----a-w c:\windows\system32\NtmsData\NTMSDATA.BAK ((((((((((((((((((((((((((((( SnapShot@2009-04-23_05.04.11 ))))))))))))))))))))))))))))))))))))))))) . + 2006-12-02 06:46 . 2006-12-02 06:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll + 2006-12-02 06:08 . 2006-12-02 06:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-02 06:08 . 2006-12-02 06:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-02 06:08 . 2006-12-02 06:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-02 06:08 . 2006-12-02 06:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-02 06:08 . 2006-12-02 06:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-02 06:08 . 2006-12-02 06:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-02 06:08 . 2006-12-02 06:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-02 06:26 . 2006-12-02 06:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-02 06:25 . 2006-12-02 06:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-02 04:56 . 2006-12-02 04:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2005-09-23 05:49 . 2005-09-23 05:49 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll + 2009-04-25 02:54 . 2009-04-25 02:54 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat + 2009-04-25 02:52 . 2009-04-25 02:52 16384 c:\windows\temp\Perflib_Perfdata_12c.dat + 2008-05-27 04:18 . 2008-05-27 04:18 56320 c:\windows\system32\xmlfilter.dll + 2006-09-22 06:39 . 2007-10-10 01:17 24064 c:\windows\system32\WLTRYSVC.EXE + 2006-09-22 06:39 . 2007-10-10 01:17 65536 c:\windows\system32\wltrynt.dll + 2008-05-27 04:19 . 2008-05-27 04:19 97792 c:\windows\system32\UncCplExt.dll + 2006-09-22 07:02 . 2006-03-08 18:51 81920 c:\windows\system32\SynTPCo2.dll - 2006-09-22 07:02 . 2006-03-08 16:51 81920 c:\windows\system32\SynTPCo2.dll + 2008-05-27 03:59 . 2008-05-27 03:59 18904 c:\windows\system32\structuredqueryschematrivial.bin + 2006-09-22 06:39 . 2004-09-03 16:00 90112 c:\windows\system32\snymsico.dll - 2006-09-22 06:39 . 2005-10-14 13:40 90112 c:\windows\system32\snymsico.dll + 2008-05-27 04:17 . 2008-05-27 04:17 87552 c:\windows\system32\searchfilterhost.exe + 2008-05-27 04:18 . 2008-05-27 04:18 38400 c:\windows\system32\rtffilt.dll - 2006-09-22 06:39 . 2005-10-14 13:40 16480 c:\windows\system32\rixdicon.dll + 2006-09-22 06:39 . 2005-05-07 01:06 16480 c:\windows\system32\rixdicon.dll + 2009-04-23 07:38 . 2005-10-14 13:40 28544 c:\windows\system32\ReinstallBackups\0027\DriverFiles\rimmptsk.sys + 2009-04-23 07:37 . 2005-10-14 13:40 16480 c:\windows\system32\ReinstallBackups\0026\DriverFiles\rixdicon.dll + 2009-04-23 07:37 . 2005-10-14 13:40 90112 c:\windows\system32\ReinstallBackups\0012\DriverFiles\snymsico.dll + 2009-04-23 07:37 . 2005-10-14 13:40 51328 c:\windows\system32\ReinstallBackups\0012\DriverFiles\rimsptsk.sys + 2008-05-27 04:18 . 2008-05-27 04:18 71680 c:\windows\system32\propdefs.dll + 2005-10-29 05:49 . 2005-10-29 05:49 84480 c:\windows\system32\pintool.exe + 2004-08-10 17:51 . 2009-04-23 07:24 87288 c:\windows\system32\perfc009.dat + 2008-05-27 04:19 . 2008-05-27 04:19 11264 c:\windows\system32\oephRes.dll - 2004-08-10 17:51 . 2008-04-14 00:12 98304 c:\windows\system32\nlhtml.dll + 2004-08-10 17:51 . 2008-03-07 17:02 98304 c:\windows\system32\nlhtml.dll + 2008-05-27 04:18 . 2008-05-27 04:18 44032 c:\windows\system32\msstrc.dll + 2008-05-27 04:17 . 2008-05-27 04:17 32768 c:\windows\system32\mssprxy.dll + 2008-05-27 04:17 . 2008-05-27 04:17 87552 c:\windows\system32\mssitlb.dll + 2008-05-27 04:17 . 2008-05-27 04:17 11776 c:\windows\system32\msshooks.dll + 2008-05-27 04:17 . 2008-05-27 04:17 60416 c:\windows\system32\msscntrs.dll + 2008-05-27 04:17 . 2008-05-27 04:17 34816 c:\windows\system32\msscb.dll + 2004-08-10 18:01 . 2004-08-04 10:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat - 2004-08-10 17:51 . 2008-04-14 00:11 29696 c:\windows\system32\mimefilt.dll + 2004-08-10 17:51 . 2008-03-07 17:02 29696 c:\windows\system32\mimefilt.dll + 2009-04-23 07:37 . 2006-11-14 23:35 37376 c:\windows\system32\DRVSTORE\rixdptsk_0D7A83C1B48CDC1DF8A41B44C97F2A9295350D76\rixdptsk.sys + 2009-04-23 07:37 . 2005-05-07 01:06 16480 c:\windows\system32\DRVSTORE\rixdptsk_0D7A83C1B48CDC1DF8A41B44C97F2A9295350D76\rixdicon.dll + 2009-04-23 07:37 . 2004-09-03 16:00 90112 c:\windows\system32\DRVSTORE\rimsptsk_160EAF8844DAFFD63505557B90B41496E64C136A\snymsico.dll + 2009-04-23 07:37 . 2006-11-15 01:42 43520 c:\windows\system32\DRVSTORE\rimsptsk_160EAF8844DAFFD63505557B90B41496E64C136A\rimsptsk.sys + 2009-04-23 07:37 . 2006-11-15 06:16 32256 c:\windows\system32\DRVSTORE\rimmptsk_01759BDBD4096A5241053A76A22A5A5BAC1000AE\rimmptsk.sys + 2009-04-23 05:27 . 2007-11-28 04:56 91328 c:\windows\system32\DRVSTORE\msfwdrv_8B7A77566FDBAD6964DFFFCFFDA27E97D55990D5\msfwdrv.sys + 2009-04-23 05:26 . 2008-05-15 22:15 53168 c:\windows\system32\DRVSTORE\mpfilter_7624CBE7EF3BB21A52F29BE608459E93D0D31F4C\mpfilter.sys + 2009-04-23 08:59 . 2009-03-19 22:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys + 2009-04-23 07:42 . 2006-11-21 10:25 45568 c:\windows\system32\DRVSTORE\b44win_A4FF09C646CF97A72E7241C9A8D160636A21E4F9\bcm4sbxp.sys + 2009-04-23 07:42 . 2006-11-21 10:20 49507 c:\windows\system32\DRVSTORE\b44win_A4FF09C646CF97A72E7241C9A8D160636A21E4F9\bcm4sbe5.sys + 2008-02-13 23:16 . 2008-02-13 23:16 68080 c:\windows\system32\drvins64.exe + 2004-08-04 04:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys - 2004-08-04 04:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys + 2006-09-22 06:39 . 2006-11-14 23:35 37376 c:\windows\system32\drivers\rixdptsk.sys + 2006-09-22 06:39 . 2006-11-15 01:42 43520 c:\windows\system32\drivers\rimsptsk.sys + 2006-09-22 06:39 . 2006-11-15 06:16 32256 c:\windows\system32\drivers\rimmptsk.sys - 2006-09-22 06:39 . 2005-12-19 13:08 33664 c:\windows\system32\drivers\BCMWLNPF.SYS + 2006-09-22 06:39 . 2007-10-10 01:17 33664 c:\windows\system32\drivers\BCMWLNPF.SYS + 2006-09-22 06:39 . 2006-11-21 10:25 45568 c:\windows\system32\drivers\bcm4sbxp.sys - 2006-09-22 07:02 . 2005-08-12 22:50 16128 c:\windows\system32\drivers\APPDRV.SYS + 2006-09-22 07:02 . 2005-08-12 23:50 16128 c:\windows\system32\drivers\APPDRV.SYS + 2004-08-04 04:08 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys + 2006-09-22 07:00 . 2008-04-13 18:45 60160 c:\windows\system32\dllcache\drmk.sys + 2005-10-29 05:49 . 2005-10-29 05:49 25600 c:\windows\system32\bcsprsrc.dll + 2006-09-22 06:39 . 2007-10-10 01:17 69632 c:\windows\system32\bcmwlpkt.dll - 2006-09-22 06:39 . 2005-12-19 13:08 69632 c:\windows\system32\bcmwlpkt.dll + 2005-10-28 22:40 . 2005-10-28 22:40 96792 c:\windows\system32\basecsp.dll + 2009-04-23 07:43 . 2009-04-23 07:43 40960 c:\windows\Installer\{C99C0593-3B48-41D9-B42F-6E035B320449}\NewShortcut1.FCA9991C_BA96_4189_B2BE_13852649CA68.exe + 2009-04-23 05:24 . 2009-04-23 05:24 10134 c:\windows\Installer\{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}\ARPPRODUCTICON.exe + 2008-05-27 04:19 . 2008-05-27 04:19 2048 c:\windows\system32\UncRes.dll + 2006-09-22 07:00 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\ksuser.dll + 2008-08-26 15:22 . 2008-01-18 15:13 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat + 2008-08-26 15:22 . 2008-01-18 15:13 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat + 2009-04-23 07:43 . 2009-04-23 07:43 3262 c:\windows\Installer\{C99C0593-3B48-41D9-B42F-6E035B320449}\ARPPRODUCTICON.exe + 2009-04-23 07:42 . 2009-04-23 07:42 3262 c:\windows\Installer\{612B9183-67A9-4B44-9877-2F059E35B86A}\ARPPRODUCTICON.exe + 2008-05-27 04:19 . 2008-05-27 04:19 131072 c:\windows\system32\UncPH.dll + 2008-05-27 04:19 . 2008-05-27 04:19 108032 c:\windows\system32\UncNE.dll + 2008-05-27 04:19 . 2008-05-27 04:19 143872 c:\windows\system32\UncDMS.dll + 2008-05-27 03:59 . 2008-05-27 03:59 106605 c:\windows\system32\structuredqueryschema.bin + 2006-09-22 06:39 . 2007-05-10 16:23 270336 c:\windows\system32\stacapi.dll + 2008-05-27 04:17 . 2008-05-27 04:17 301568 c:\windows\system32\srchadmin.dll + 2008-05-27 04:18 . 2008-05-27 04:18 184832 c:\windows\system32\searchprotocolhost.exe + 2008-05-27 04:18 . 2008-05-27 04:18 439808 c:\windows\system32\searchindexer.exe + 2009-04-23 07:37 . 2005-10-14 13:40 307968 c:\windows\system32\ReinstallBackups\0026\DriverFiles\rixdptsk.sys + 2009-04-23 07:23 . 2005-11-02 17:24 424320 c:\windows\system32\ReinstallBackups\0025\DriverFiles\BCMWL5.SYS + 2008-05-27 04:17 . 2008-05-27 04:17 754176 c:\windows\system32\propsys.dll + 2006-09-22 06:39 . 2007-10-10 01:17 139264 c:\windows\system32\preflib.dll + 2004-08-10 17:51 . 2009-04-23 07:24 482240 c:\windows\system32\perfh009.dat + 2004-08-10 17:51 . 2008-03-07 17:02 192000 c:\windows\system32\offfilt.dll - 2004-08-10 17:51 . 2008-04-14 00:12 192000 c:\windows\system32\offfilt.dll + 2008-05-27 04:19 . 2008-05-27 04:19 273408 c:\windows\system32\oeph.dll + 2008-05-27 04:18 . 2008-05-27 04:18 203776 c:\windows\system32\mssphtb.dll + 2008-05-27 04:18 . 2008-05-27 04:18 350208 c:\windows\system32\mssph.dll + 2008-05-27 04:18 . 2008-05-27 04:18 231936 c:\windows\system32\msshsq.dll + 2005-10-29 05:49 . 2005-10-29 05:49 151552 c:\windows\system32\ifxcardm.dll + 2009-04-23 05:27 . 2007-11-28 04:56 116416 c:\windows\system32\DRVSTORE\msfwhlpr_0D06EB3A0072EC31805FD097692DFF987F98BDA6\msfwhlpr.sys + 2009-04-23 08:59 . 2008-04-17 18:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll - 2004-03-16 16:58 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys + 2004-03-16 16:58 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys + 2004-03-16 16:58 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys + 2004-08-04 04:15 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys + 2006-09-22 06:39 . 2007-10-10 01:17 278528 c:\windows\system32\bcmwlu00.exe + 2006-09-22 06:59 . 2007-10-10 01:17 806912 c:\windows\system32\BCMLogon.dll + 2006-09-22 06:39 . 2007-10-10 01:17 753664 c:\windows\system32\bcm1xsup.dll + 2005-10-29 05:49 . 2005-10-29 05:49 133120 c:\windows\system32\axaltocm.dll + 2006-09-22 07:00 . 2007-05-10 16:22 405504 c:\windows\stsystra.exe + 2009-04-23 08:59 . 2009-04-23 08:59 102400 c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe + 2006-12-02 06:25 . 2006-12-02 06:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-02 06:25 . 2006-12-02 06:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-09-22 06:39 . 2007-10-10 01:17 2183168 c:\windows\system32\WLTRAY.EXE + 2006-09-22 06:39 . 2007-10-10 01:17 2670592 c:\windows\system32\WLBCGCBPRO731.DLL + 2008-05-27 04:21 . 2008-05-27 04:21 1582592 c:\windows\system32\tquery.dll + 2006-09-22 07:00 . 2007-04-10 23:02 1601536 c:\windows\system32\stlang.dll + 2008-05-27 04:21 . 2008-05-27 04:21 1418240 c:\windows\system32\mssrch.dll + 2006-09-22 06:39 . 2007-05-10 16:24 1222840 c:\windows\system32\drivers\sthda.sys + 2006-09-22 06:39 . 2007-10-10 01:17 1123328 c:\windows\system32\drivers\BCMWL5.SYS + 2006-09-22 06:39 . 2007-10-10 01:17 1921024 c:\windows\system32\BCMWLTRY.EXE . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= "c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"= "c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8383:TCP"= 8383:TCP:TINYPROXY "53:TCP"= 53:TCP:TINYPROXY "8484:TCP"= 8484:TCP:TINYPROXY R2 gupdate1c985b06893e612;Google Update Service (gupdate1c985b06893e612); [x] R3 Cdlinetb;Cdlinetb;c:\windows\system32\drivers\fdc.sys [2008-04-13 27392] R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360] S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152] S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-03-22 24936] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8147cd6f-af04-11dc-86c9-0015c5b4807e}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-24 20:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(924) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\searchindexer.exe c:\windows\system32\wscntfy.exe c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe c:\program files\Microsoft Windows OneCare Live\winss.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-04-25 20:57 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-25 02:57 Pre-Run: 68,152,381,440 bytes free Post-Run: 68,155,973,632 bytes free 385 --- E O F --- 2009-04-17 04:36
- April 25, 2009
- 14 replies
Seven items are detected but not removed after reboot

Terry Morin replied to Terry Morin's topic in Resolved Malware Removal Logs

Wow ! It looks like did the trick . I will certainly upgrade to the full version of this fantastic software. Thank you very much Terry ComboFix 09-04-23.02 - Craig Selby 22/04/2009 23:01.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1667 [GMT -6:00] Running from: c:\documents and settings\Craig Selby\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Craig Selby\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Craig Selby\Application Data\Microsoft\SystemCertificates\Request c:\windows\system32\catsrvp.dll c:\windows\system32\drivers\fjdjmgwh.sys c:\windows\system32\tmp.reg . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FJDJMGWH -------\Service_fjdjmgwh -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 ))))))))))))))))))))))))))))))) . 2009-04-22 07:18 . 2009-04-22 07:18 -------- d-----w c:\windows\system32\NtmsData 2009-04-22 06:51 . 2009-04-06 21:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-22 06:51 . 2009-04-06 21:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-17 07:47 . 2009-02-13 17:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-17 07:12 . 2009-04-17 07:30 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-17 04:23 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-17 04:23 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-17 04:23 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-17 04:23 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-17 04:23 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-17 04:23 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-17 04:23 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-17 04:23 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-17 04:23 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-17 04:23 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-17 04:21 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-17 04:21 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-13 09:28 . 2009-04-13 09:28 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-04-13 07:19 . 2009-01-09 19:19 1089593 ------w c:\windows\system32\dllcache\ntprint.cat 2009-04-13 05:02 . 2009-04-13 05:02 -------- d-----w c:\documents and settings\Craig Selby\Application Data\Malwarebytes 2009-04-13 05:02 . 2009-04-13 05:02 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-12 20:18 . 2009-04-12 20:18 -------- d-----w c:\documents and settings\Craig Selby\Local Settings\Application Data\Symantec 2009-04-12 12:52 . 2009-04-12 12:52 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Symantec 2009-04-12 11:52 . 2009-04-12 11:52 -------- d-----w c:\windows\system32\XPSViewer 2009-04-12 11:52 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-04-12 11:52 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll 2009-04-12 11:52 . 2009-04-12 11:52 -------- d-----w C:\94ef67d20e48c4ca9452ded76f 2009-04-12 11:52 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll 2009-04-12 11:52 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll 2009-04-12 11:52 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll 2009-04-12 11:52 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll 2009-04-12 11:52 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-04-12 11:06 . 2009-04-12 11:06 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-12 11:05 . 2009-04-12 22:17 -------- d-----w c:\documents and settings\All Users\Application Data\Norton 2009-04-12 11:05 . 2009-04-12 11:05 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller 2009-04-12 09:41 . 2009-04-17 04:45 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-12 04:29 . 2009-04-12 04:29 73928 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-23 05:01 . 2004-08-10 17:51 23424 ----a-w c:\windows\system32\drivers\btasjsuh.sys 2009-04-22 06:51 . 2009-04-22 06:51 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-21 06:04 . 2009-04-21 06:04 -------- d-----w c:\program files\Trend Micro 2009-04-17 04:45 . 2009-04-12 09:41 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-17 04:41 . 2008-08-27 04:05 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-04-17 04:41 . 2007-03-31 04:57 -------- d-----w c:\program files\Lavasoft 2009-04-12 20:08 . 2006-10-01 03:09 73928 ----a-w c:\documents and settings\Craig Selby\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-12 11:52 . 2009-04-12 11:52 -------- d-----w c:\program files\MSBuild 2009-04-12 11:52 . 2009-04-12 11:52 -------- d-----w c:\program files\Reference Assemblies 2009-04-10 01:49 . 2009-04-10 01:49 0 ----a-w c:\documents and settings\Craig Selby\Application Data\~eu37.tmp 2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll 2009-03-19 04:01 . 2009-03-19 04:01 -------- d-----w c:\program files\iTunes 2009-03-19 04:01 . 2009-03-19 04:01 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-19 04:01 . 2009-03-19 04:01 -------- d-----w c:\program files\iPod 2009-03-19 04:01 . 2007-07-13 04:52 -------- d-----w c:\program files\Common Files\Apple 2009-03-19 04:00 . 2008-12-03 15:56 -------- d-----w c:\program files\QuickTime 2009-03-19 00:37 . 2009-03-19 00:37 -------- d-----w c:\program files\Bonjour 2009-03-16 04:37 . 2009-03-16 04:33 -------- d-----w c:\program files\Microsoft 2009-03-16 04:37 . 2009-03-16 04:32 -------- d-----w c:\program files\Windows Live 2009-03-16 04:36 . 2006-11-20 02:36 -------- d-----w c:\program files\Windows Live Toolbar 2009-03-16 04:36 . 2009-03-16 04:36 -------- d-----w c:\program files\Microsoft Sync Framework 2009-03-16 04:33 . 2007-02-04 00:31 -------- d-----w c:\program files\MSN Messenger 2009-03-16 04:32 . 2009-03-16 04:32 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-16 03:48 . 2009-03-16 03:48 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 04:39 . 2007-12-20 14:23 -------- d-----w c:\documents and settings\Craig Selby\Application Data\U3 2009-03-03 00:18 . 2006-09-22 06:58 826368 ----a-w c:\windows\system32\dllcache\wininet.dll 2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-28 04:54 . 2006-10-17 20:04 636072 ------w c:\windows\system32\dllcache\iexplore.exe 2009-02-27 04:28 . 2008-05-22 03:29 -------- d-----w c:\program files\Microsoft Silverlight 2009-02-20 10:20 . 2007-05-09 13:55 13824 ------w c:\windows\system32\dllcache\ieudinit.exe 2009-02-20 10:20 . 2006-10-27 09:44 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2009-02-20 05:14 . 2006-10-27 09:42 161792 ------w c:\windows\system32\dllcache\ieakui.dll 2009-02-09 12:10 . 2004-08-10 17:51 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-10 17:51 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2004-08-10 17:51 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-10 17:50 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 11:13 . 2008-10-15 04:17 1846784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-09 11:13 . 2004-08-10 17:51 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-08 01:02 . 2008-10-15 04:15 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-07 01:03 . 2009-02-07 01:03 307576 ----a-w c:\windows\WLXPGSS.SCR 2009-02-07 00:52 . 2009-02-07 00:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-06 11:11 . 2004-08-10 17:51 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2008-10-15 04:15 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-06 11:06 . 2008-10-15 04:15 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-06 11:06 . 2004-08-10 17:51 2145280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-10 17:51 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:32 . 2008-10-15 04:15 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-06 10:32 . 2004-08-04 03:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll 2009-02-03 19:59 . 2004-08-10 17:51 56832 ----a-w c:\windows\system32\secur32.dll 2008-12-30 04:34 . 2007-02-14 15:21 73344 ----a-w c:\documents and settings\Craig Selby\Application Data\GDIPFONTCACHEV1.DAT 2006-10-01 01:03 . 2006-10-01 01:03 134 ----a-w c:\documents and settings\Craig Selby\Local Settings\Application Data\fusioncache.dat 2006-09-22 07:14 . 2009-04-12 02:26 128 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat 2008-09-01 04:24 . 2008-09-01 04:24 32768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= "c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"= "c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8383:TCP"= 8383:TCP:TINYPROXY "53:TCP"= 53:TCP:TINYPROXY "8484:TCP"= 8484:TCP:TINYPROXY R3 Cdlinetb;Cdlinetb;c:\windows\system32\drivers\fdc.sys [2008-04-13 27392] --- Other Services/Drivers In Memory --- *NewlyCreated* - FJDJMGWH [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8147cd6f-af04-11dc-86c9-0015c5b4807e}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-22 23:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(928) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-04-23 23:07 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-23 05:07 Pre-Run: 69,526,175,744 bytes free Post-Run: 69,427,400,704 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 193 --- E O F --- 2009-04-17 04:36 Malwarebytes' Anti-Malware 1.36 Database version: 2024 Windows 5.1.2600 Service Pack 3 22/04/2009 11:11:43 PM mbam-log-2009-04-22 (23-11-43).txt Scan type: Quick Scan Objects scanned: 79409 Time elapsed: 2 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:12:15 PM, on 22/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate1c985b06893e612) (gupdate1c985b06893e612) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 2003 bytes
- April 23, 2009
- 14 replies
Seven items are detected but not removed after reboot

Terry Morin replied to Terry Morin's topic in Resolved Malware Removal Logs

Malwarebytes' Anti-Malware 1.36 Database version: 2022 Windows 5.1.2600 Service Pack 3 21/04/2009 5:26:45 PM mbam-log-2009-04-21 (17-26-45).txt Scan type: Quick Scan Objects scanned: 79425 Time elapsed: 1 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae624dcf-4037-40b8-bf98-3f715ec06963} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{ae624dcf-4037-40b8-bf98-3f715ec06963} (Trojan.BHO.H) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\catsrvp.dll (Trojan.BHO.H) -> Delete on reboot. DDS (Ver_09-03-16.01) - NTFSx86 Run by Craig Selby at 17:18:57.85 on 21/04/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1581 [GMT -6:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: *disabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Craig Selby\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.ca/ BHO: {ae624dcf-4037-40b8-bf98-3f715ec06963} - c:\windows\system32\catsrvp.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll ============= SERVICES / DRIVERS =============== R0 fjdjmgwh;fjdjmgwh;c:\windows\system32\drivers\fjdjmgwh.sys [2004-8-10 23424] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-15 55152] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656] S2 gupdate1c985b06893e612;Google Update Service (gupdate1c985b06893e612);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?] S3 Cdlinetb;Cdlinetb;c:\windows\system32\drivers\fdc.sys [2004-8-3 27392] S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360] =============== Created Last 30 ================ 2009-04-21 00:04 <DIR> --d----- c:\program files\Trend Micro 2009-04-20 22:53 1,238 a------- c:\windows\system32\tmp.reg 2009-04-17 01:47 55,640 a------- c:\windows\system32\drivers\avgntflt.sys 2009-04-17 01:09 389,120 a------- c:\windows\system32\CF20342.exe 2009-04-17 01:08 389,120 a------- c:\windows\system32\CF20006.exe 2009-04-17 00:55 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-04-17 00:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-17 00:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-04-16 22:21 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-04-16 22:21 215,552 -------- c:\windows\system32\dllcache\wordpad.exe 2009-04-13 01:19 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat 2009-04-12 23:02 <DIR> --d----- c:\docume~1\craigs~1\applic~1\Malwarebytes 2009-04-12 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-04-12 05:52 <DIR> --d----- c:\windows\system32\XPSViewer 2009-04-12 05:52 117,760 -------- c:\windows\system32\prntvpt.dll 2009-04-12 05:52 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-04-12 05:52 <DIR> --d----- C:\94ef67d20e48c4ca9452ded76f 2009-04-12 05:52 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-04-12 05:52 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll 2009-04-12 05:52 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-04-12 05:52 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-04-12 05:52 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll 2009-04-12 05:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec 2009-04-12 05:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton 2009-04-12 05:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller 2009-04-12 03:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-04-12 03:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-04-11 22:38 97,792 a------- c:\windows\system32\catsrvp.dll ==================== Find3M ==================== 2009-03-21 08:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll 2009-03-06 08:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-06 08:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll 2009-03-02 18:18 826,368 a------- c:\windows\system32\wininet.dll 2009-03-02 18:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll 2009-02-27 22:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe 2009-02-20 04:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-02-20 04:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-02-19 23:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-02-09 06:10 729,088 a------- c:\windows\system32\lsasrv.dll 2009-02-09 06:10 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll 2009-02-09 06:10 714,752 a------- c:\windows\system32\ntdll.dll 2009-02-09 06:10 617,472 a------- c:\windows\system32\advapi32.dll 2009-02-09 06:10 401,408 a------- c:\windows\system32\rpcss.dll 2009-02-09 06:10 714,752 -------- c:\windows\system32\dllcache\ntdll.dll 2009-02-09 06:10 617,472 -------- c:\windows\system32\dllcache\advapi32.dll 2009-02-09 06:10 473,600 -------- c:\windows\system32\dllcache\fastprox.dll 2009-02-09 06:10 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll 2009-02-09 06:10 401,408 -------- c:\windows\system32\dllcache\rpcss.dll 2009-02-09 05:13 1,846,784 a------- c:\windows\system32\win32k.sys 2009-02-09 05:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys 2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR 2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll 2009-02-06 05:11 110,592 a------- c:\windows\system32\services.exe 2009-02-06 05:11 110,592 -------- c:\windows\system32\dllcache\services.exe 2009-02-06 05:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-06 05:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe 2009-02-06 05:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-06 04:39 35,328 a------- c:\windows\system32\sc.exe 2009-02-06 04:39 35,328 -------- c:\windows\system32\dllcache\sc.exe 2009-02-06 04:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe 2009-02-06 04:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-06 04:10 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe 2009-02-03 13:59 56,832 a------- c:\windows\system32\secur32.dll 2009-02-03 13:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll 2008-12-29 22:34 73,344 a------- c:\docume~1\craigs~1\applic~1\GDIPFONTCACHEV1.DAT 2008-08-31 22:24 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat ============= FINISH: 17:19:41.65 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-03-16.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 30/09/2006 7:02:18 PM System Uptime: 21/04/2009 5:16:22 PM (0 hours ago) Motherboard: Dell Inc. | | 0XD720 Processor: Intel® Core2 CPU T7400 @ 2.16GHz | Microprocessor | 2161/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 107 GiB total, 64.508 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 17/04/2009 1:55:57 AM - System Checkpoint RP2: 21/04/2009 8:37:55 AM - System Checkpoint RP3: 21/04/2009 5:14:45 PM - Avira AntiVir Personal - 21/04/2009 17:14 ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Photoshop 6.0 Adobe Photoshop CS Adobe Reader 7.1.0 Adobe SVG Viewer 3.0 Apple Mobile Device Support Apple Software Update ATI Catalyst Control Center ATI Display Driver AutoUpdate BitTornado 0.3.18 BlackBerry Desktop Software 4.2.1 Bonjour Broadcom Management Programs Canon PowerShot A40 WIA Driver Choice Guard Command & Conquer Generals Command and ConquerTM Generals Zero Hour Conexant HDA D110 MDC V.92 Modem Critical Update for Windows Media Player 11 (KB959772) Dell Media Experience Dell Support 3.2 Dell System Restore Dell Wireless WLAN Card Digital Line Detect DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DVD Shrink 3.2 Easy CD & DVD Creator 6 Google Update Helper High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix 2050 for SQL Server 2000 ENU (KB948110) Hotfix 2055 for SQL Server 2000 ENU (KB960082) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) ImageMixer for HDD Camcorder iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java 6 Update 11 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java SE Runtime Environment 6 Update 1 Junk Mail filter update Malwarebytes' Anti-Malware Map Button (Windows Live Toolbar) MCU Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Live Add-in 1.3 Microsoft Office Outlook 2003 with Business Contact Manager Update Microsoft Office XP Professional with FrontPage Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works MobileMe Control Panel Modem Helper Mozilla Firefox (3.0.6) MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Musicmatch for Windows Media Player NetWaiting OneCare Advisor (Windows Live Toolbar) Popup Blocker (Windows Live Toolbar) PowerDVD 5.7 QuickSet QuickTime Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Segoe UI Smart Menus (Windows Live Toolbar) Sonic Audio module Sonic DLA Sonic MyDVD LE Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Synaptics Pointing Device Driver Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Favorites for Windows Live Toolbar Windows Live Mail Windows Live Messenger Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 20/04/2009 10:58:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip 20/04/2009 10:58:10 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 20/04/2009 10:58:10 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 20/04/2009 10:58:10 PM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 20/04/2009 10:58:10 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 20/04/2009 10:58:10 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 20/04/2009 10:58:10 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 20/04/2009 10:57:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 17/04/2009 8:07:03 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 16/04/2009 10:49:59 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified. 16/04/2009 10:49:59 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate1c985b06893e612) service failed to start due to the following error: The system cannot find the path specified. 16/04/2009 10:49:58 PM, error: SRService [104] - The System Restore initialization process failed. ==== End Of File ===========================
- April 22, 2009
- 14 replies
Seven items are detected but not removed after reboot

Terry Morin replied to Terry Morin's topic in Resolved Malware Removal Logs

I did not edit the hijack this log. Before installing malwarebytes i installed hijack this and removed some items. I am sorry for using the upload rather than copy and paste the logs - it won't happen again !
- April 22, 2009
- 14 replies
Seven items are detected but not removed after reboot

Terry Morin replied to Terry Morin's topic in Resolved Malware Removal Logs

Items still remain. Here are my logs Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:30:05 PM, on 21/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ O2 - BHO: (no name) - {AE624DCF-4037-40B8-BF98-3F715EC06963} - C:\WINDOWS\system32\catsrvp.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate1c985b06893e612) (gupdate1c985b06893e612) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 1750 bytes mbam_log_2009_04_21__17_26_45_.txt DDS.txt Attach.txt mbam_log_2009_04_21__17_26_45_.txt DDS.txt Attach.txt
- April 21, 2009
- 14 replies
Seven items are detected but not removed after reboot

Terry Morin posted a topic in Resolved Malware Removal Logs

Thank you in advance for any assistance in removing the last of some pretty persistant malware Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:05:05 AM, on 21/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ O2 - BHO: (no name) - {AE624DCF-4037-40B8-BF98-3F715EC06963} - C:\WINDOWS\system32\catsrvp.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate1c985b06893e612) (gupdate1c985b06893e612) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 2335 bytes mbam_log_2009_04_21__00_04_03_.txt mbam_log_2009_04_21__00_04_03_.txt
- April 21, 2009
- 14 replies

Sign In

Terry Morin

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Terry Morin

Seven items are detected but not removed after reboot

Seven items are detected but not removed after reboot

Seven items are detected but not removed after reboot

Seven items are detected but not removed after reboot

Seven items are detected but not removed after reboot

Seven items are detected but not removed after reboot

Seven items are detected but not removed after reboot

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information