jterhag

Members

View Profile See their activity

Posts
4
Joined
May 22, 2009
Last visited
May 24, 2009

Reputation

0 Neutral

Malware Doctor recurrent infection with monitoring on

jterhag replied to jterhag's topic in Resolved Malware Removal Logs

Here is the contents of the latest combofix file: ComboFix 09-05-24.01 - Johnny 05/24/2009 13:44.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2366 [GMT -7:00] Running from: c:\documents and settings\Johnny\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Johnny\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} * Created a new restore point FILE :: c:\windows\system32\SelfDel.bat file zipped: c:\windows\system32\vp_setup.exe.bat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\SelfDel.bat c:\windows\system32\vp_setup.exe.bat . ((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 ))))))))))))))))))))))))))))))) . 2009-05-22 18:00 . 2009-05-22 18:00 -------- d-----w c:\program files\Trend Micro 2009-05-22 15:21 . 2009-05-22 15:21 32768 ----a-w c:\windows\system32\avast!Antivirus.exe 2009-05-21 18:11 . 2009-05-21 18:11 390664 ----a-w c:\documents and settings\Johnny\Application Data\Real\RealPlayer\Update\RealPlayer11.exe 2009-05-20 17:39 . 2009-05-20 17:39 -------- d-----w c:\documents and settings\Johnny\Application Data\Malwarebytes 2009-05-20 17:39 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 17:39 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 17:39 . 2009-05-20 17:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 17:39 . 2009-05-20 17:39 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-18 19:17 . 2009-05-12 16:14 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-05-18 19:17 . 2009-05-12 16:14 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe 2009-05-18 19:17 . 2009-05-12 16:13 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll 2009-05-18 19:17 . 2009-05-12 16:13 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll 2009-05-18 19:17 . 2009-05-12 16:13 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll 2009-05-18 19:17 . 2009-05-12 16:14 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe 2009-05-18 19:16 . 2009-05-12 16:13 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll 2009-05-18 19:16 . 2009-05-12 16:13 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-05-17 16:33 . 2009-05-17 16:33 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI 2009-05-17 16:32 . 2009-05-17 16:32 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Creative 2009-05-07 02:39 . 2009-05-09 03:06 -------- d-----w c:\documents and settings\All Users\Application Data\SITEguard 2009-05-07 02:39 . 2009-05-09 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla! 2009-05-07 02:39 . 2009-05-07 02:39 -------- d-----w c:\program files\Common Files\iS3 2009-05-02 17:45 . 2009-05-02 17:45 -------- d-----w c:\program files\Safari 2009-04-29 06:43 . 2008-04-14 00:12 23552 ----a-w c:\windows\system32\wdmaud.drv 2009-04-29 06:43 . 2008-04-13 18:45 49408 ----a-w c:\windows\system32\drivers\stream.sys 2009-04-29 06:43 . 2008-04-14 00:11 4096 ----a-w c:\windows\system32\ksuser.dll 2009-04-29 06:43 . 2008-04-13 19:19 146048 ----a-w c:\windows\system32\drivers\portcls.sys 2009-04-29 06:43 . 2008-04-13 19:16 141056 ----a-w c:\windows\system32\drivers\ks.sys 2009-04-29 06:43 . 2008-04-13 18:45 60160 ----a-w c:\windows\system32\drivers\drmk.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 16:11 . 2009-04-22 18:18 -------- d-----w c:\program files\PeerGuardian2 2009-05-24 06:10 . 2008-07-06 21:07 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-05-23 22:11 . 2009-04-16 21:39 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-05-23 21:50 . 2007-07-01 16:47 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-05-23 21:48 . 2007-07-01 16:47 -------- d-----w c:\program files\Symantec 2009-05-23 21:45 . 2008-10-31 19:50 -------- d-----w c:\program files\Norton Security Scan 2009-05-23 21:44 . 2008-07-06 21:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-05-23 21:39 . 2007-11-05 06:36 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-05-21 18:17 . 2009-04-14 18:21 -------- d-----w c:\documents and settings\Johnny\Application Data\DNA 2009-05-21 18:06 . 2009-04-14 18:21 -------- d-----w c:\program files\DNA 2009-05-20 22:57 . 2008-06-18 20:32 -------- d-----w c:\documents and settings\Johnny\Application Data\OpenOffice.org2 2009-05-12 16:14 . 2009-04-16 21:40 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-12 16:14 . 2009-04-16 21:40 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-12 16:14 . 2009-04-16 21:39 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-12 16:14 . 2009-04-16 21:40 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-07 00:24 . 2006-09-13 01:17 -------- d-----w c:\program files\PC Wizard 2006 2009-04-23 19:14 . 2006-09-05 07:53 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-23 18:49 . 2007-02-02 15:43 -------- d-----w c:\documents and settings\Johnny\Application Data\Apple Computer 2009-04-23 16:28 . 2008-11-29 00:07 -------- d-----w c:\program files\ATI 2009-04-23 07:30 . 2009-04-23 07:30 -------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-04-23 07:14 . 2008-11-28 23:02 -------- d-----w c:\program files\ATI Technologies 2009-04-22 20:33 . 2009-04-14 18:22 -------- d-----w c:\documents and settings\Johnny\Application Data\BitTorrent 2009-04-22 18:33 . 2009-04-22 17:21 -------- d-----w c:\program files\RegCure 2009-04-22 16:57 . 2006-09-07 16:30 1984 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-16 21:39 . 2009-04-16 21:39 -------- d-----w c:\documents and settings\Johnny\Application Data\AVGTOOLBAR 2009-04-16 21:39 . 2009-04-16 21:39 -------- d-----w c:\program files\AVG 2009-04-16 18:12 . 2009-04-16 18:12 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer 2009-04-16 04:15 . 2009-04-16 04:15 -------- d-----w c:\documents and settings\All Users\Application Data\JpegSizer 2009-04-16 04:15 . 2009-04-16 04:15 -------- d-----w c:\program files\JpegSizer 6 2009-04-14 18:22 . 2009-04-14 18:21 -------- d-----w c:\program files\BitTorrent 2009-04-07 18:41 . 2006-09-08 00:42 -------- d-----w c:\program files\Common Files\Adobe 2009-03-28 04:23 . 2009-03-28 04:23 18648 ---ha-w c:\windows\system32\mlfcache.dat 2009-03-24 18:40 . 2008-06-18 20:33 1 ----a-w c:\documents and settings\Johnny\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-03-18 04:05 . 2008-11-29 00:06 593920 ------w c:\windows\system32\ati2sgag.exe 2009-03-16 21:33 . 2008-08-23 09:16 3597312 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-03-16 20:27 . 2008-10-29 02:23 442368 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-03-16 20:26 . 2008-08-23 09:16 328704 ----a-w c:\windows\system32\ati2dvag.dll 2009-03-16 20:17 . 2008-10-29 01:49 307200 ----a-w c:\windows\system32\atiiiexx.dll 2009-03-16 20:17 . 2008-10-29 02:11 204800 ----a-w c:\windows\system32\atipdlxx.dll 2009-03-16 20:16 . 2008-10-29 02:11 155648 ----a-w c:\windows\system32\Oemdspif.dll 2009-03-16 20:16 . 2008-10-29 02:11 26112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-03-16 20:16 . 2008-10-29 02:11 43520 ----a-w c:\windows\system32\ati2edxx.dll 2009-03-16 20:16 . 2008-10-29 02:10 155648 ----a-w c:\windows\system32\ati2evxx.dll 2009-03-16 20:15 . 2008-10-29 02:09 602112 ----a-w c:\windows\system32\ati2evxx.exe 2009-03-16 20:13 . 2008-10-29 02:07 53248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-03-16 20:06 . 2008-08-23 09:16 3820736 ----a-w c:\windows\system32\ati3duag.dll 2009-03-16 20:04 . 2008-10-29 02:10 11563008 ----a-w c:\windows\system32\atioglxx.dll 2009-03-16 19:53 . 2008-08-23 09:16 2675328 ----a-w c:\windows\system32\ativvaxx.dll 2009-03-16 19:40 . 2009-03-16 19:40 49664 ----a-w c:\windows\system32\atimpc32.dll 2009-03-16 19:40 . 2008-10-29 01:25 49664 ----a-w c:\windows\system32\amdpcom32.dll 2009-03-16 19:36 . 2008-10-29 01:21 475136 ----a-w c:\windows\system32\atikvmag.dll 2009-03-16 19:35 . 2008-10-29 01:18 303104 ----a-w c:\windows\system32\atiok3x2.dll 2009-03-16 19:35 . 2009-03-16 19:35 45056 ----a-w c:\windows\system32\aticalrt.dll 2009-03-16 19:35 . 2008-10-29 01:19 131072 ----a-w c:\windows\system32\atiadlxx.dll 2009-03-16 19:34 . 2009-03-16 19:34 45056 ----a-w c:\windows\system32\aticalcl.dll 2009-03-16 19:34 . 2008-10-29 01:19 17408 ----a-w c:\windows\system32\atitvo32.dll 2009-03-16 19:34 . 2008-10-29 01:18 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-03-16 19:33 . 2009-03-16 19:33 3264512 ----a-w c:\windows\system32\aticaldd.dll 2009-03-16 19:28 . 2008-08-23 09:16 630784 ----a-w c:\windows\system32\ati2cqag.dll 2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 19:56 . 2009-03-03 19:56 118784 ----a-w c:\windows\system32\atibtmon.exe 2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-23 21:39 . 2008-08-14 17:42 184394 ----a-w c:\windows\system32\atiicdxx.dat 2008-10-05 05:18 . 2008-07-06 21:31 2568551 ----a-w c:\program files\ssapi.log 2008-10-05 04:43 . 2008-10-05 03:37 4000043 ----a-w c:\program files\ssapi.log.bak 2008-07-06 21:07 . 2008-07-06 21:07 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-01-21 19:54 . 2009-01-21 19:54 28488 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll 2009-01-21 19:54 . 2009-01-21 19:54 183696 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll 2009-01-21 19:54 . 2009-01-21 19:54 99216 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-23_22.41.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-24 16:06 . 2009-05-24 16:06 16384 c:\windows\Temp\Perflib_Perfdata_40c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-28 58488] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600] "RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-12 1947928] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-06 185896] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-08-17 90112] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-02-21 19968] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-02-21 19456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-12 16:14 11952 ----a-w c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Johnny^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\documents and settings\Johnny\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1194247461\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "j:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "j:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3132r5.sys [1/25/2007 8:57 PM 215856] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/16/2009 2:40 PM 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/16/2009 2:40 PM 108552] R2 avast!Antivirus;avast!Antivirus;c:\windows\System32\avast!Antivirus.exe -k netsvcs --> c:\windows\System32\avast!Antivirus.exe -k netsvcs [?] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/16/2009 2:39 PM 298776] R3 Alpham1;Ideazon Merc USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [7/23/2007 10:56 AM 42624] R3 Alpham2;Ideazon Merc MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [3/20/2007 12:49 PM 18432] R3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [9/3/2008 7:33 PM 27776] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/20/2009 10:39 AM 15504] R3 vhidmini;Virtual Hid Device;c:\windows\system32\drivers\vhidmini.sys [5/27/2008 1:21 PM 12672] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/16/2009 2:39 PM 908568] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/20/2009 10:39 AM 179856] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/6/2008 2:07 PM 29744] S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [6/13/2008 2:37 PM 48896] S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\USBICP.sys [5/27/2008 1:57 PM 14592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-05-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-06 05:31] 2009-05-24 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Johnny.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-05-20 22:32] 2009-05-23 c:\windows\Tasks\Malwarebytes' Scheduled Update for Johnny.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-05-20 22:32] 2009-05-24 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2009-02-14 06:20] 2009-05-21 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2009-02-14 06:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Johnny\Application Data\Mozilla\Firefox\Profiles\swwqcbio.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-24 13:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(592) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-05-24 13:46 ComboFix-quarantined-files.txt 2009-05-24 20:46 ComboFix2.txt 2009-05-23 22:44 Pre-Run: 74,633,641,984 bytes free Post-Run: 74,602,242,048 bytes free 265 --- E O F --- 2009-05-14 16:16 Upload was successful
- May 24, 2009
- 6 replies
Malware Doctor recurrent infection with monitoring on

jterhag replied to jterhag's topic in Resolved Malware Removal Logs

Hello - thanks so much for all of the useful information. Here is the combofix log file. ComboFix 09-05-23.04 - Johnny 05/23/2009 15:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1524 [GMT -7:00] Running from: c:\documents and settings\Johnny\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Johnny\LOCALS~1\Temp\tmp2.tmp c:\documents and settings\Johnny\protect.dll c:\documents and settings\Johnny\Start Menu\Programs\Startup\ChkDisk.dll c:\documents and settings\Johnny\Start Menu\Programs\Startup\ChkDisk.lnk c:\documents and settings\LocalService\Application Data\1055860099.exe c:\documents and settings\LocalService\Application Data\916653139.exe c:\documents and settings\LocalService\protect.dll c:\windows\install.exe c:\windows\system32\autochk.dll c:\windows\system32\config\systemprofile\protect.dll c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk c:\windows\system32\drivers\ovfsthjkwpunpdncxrujovmtmvxqhtjbqvxqma.sys c:\windows\system32\lmn_setup.exe c:\windows\system32\odiyivah.ini c:\windows\system32\ovfsthdbojqtfbpptfvuqsaqmlxehtpotgdyih.dat c:\windows\system32\ovfsthmxpuyjgpulgruyrwckxggumwvhiodgqj.dat c:\windows\system32\ovfsthoxlnewwklrtosadxqtphoxogobuoixfi.dll c:\windows\system32\ovfsthpabiefbnkxiyyuqduspbmoetpmymkgrj.dll c:\windows\system32\ovfsthpdrqebdvbrdrqaixhhpykniajjvcbduy.dll c:\windows\system32\sft.res C:\xcrashdump.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ovfsthtlwlnklvrjntymrrnskbgrqlxetewsrs -------\Legacy_ASHEVTSVC -------\Service_AshEvtSvc ((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 ))))))))))))))))))))))))))))))) . 2009-05-22 18:00 . 2009-05-22 18:00 -------- d-----w c:\program files\Trend Micro 2009-05-22 15:21 . 2009-05-22 15:21 32768 ----a-w c:\windows\system32\avast!Antivirus.exe 2009-05-21 18:35 . 2009-05-21 18:35 136 ----a-w c:\windows\system32\vp_setup.exe.bat 2009-05-21 18:20 . 2009-05-21 18:20 29184 ----a-w c:\windows\system32\lklf32.dll 2009-05-21 18:11 . 2009-05-21 18:11 390664 ----a-w c:\documents and settings\Johnny\Application Data\Real\RealPlayer\Update\RealPlayer11.exe 2009-05-21 18:07 . 2009-05-23 20:54 29184 ----a-w c:\windows\system32\jhxm32.dll 2009-05-20 17:39 . 2009-05-20 17:39 -------- d-----w c:\documents and settings\Johnny\Application Data\Malwarebytes 2009-05-20 17:39 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 17:39 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-20 17:39 . 2009-05-20 17:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 17:39 . 2009-05-20 17:39 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-18 19:17 . 2009-05-12 16:14 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-05-18 19:17 . 2009-05-12 16:14 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe 2009-05-18 19:17 . 2009-05-12 16:13 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll 2009-05-18 19:17 . 2009-05-12 16:13 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll 2009-05-18 19:17 . 2009-05-12 16:13 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll 2009-05-18 19:17 . 2009-05-12 16:14 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe 2009-05-18 19:16 . 2009-05-12 16:13 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll 2009-05-18 19:16 . 2009-05-12 16:13 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-05-17 16:33 . 2009-05-17 16:33 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ATI 2009-05-17 16:32 . 2009-05-17 16:32 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Creative 2009-05-07 02:39 . 2009-05-09 03:06 -------- d-----w c:\documents and settings\All Users\Application Data\SITEguard 2009-05-07 02:39 . 2009-05-09 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla! 2009-05-07 02:39 . 2009-05-07 02:39 -------- d-----w c:\program files\Common Files\iS3 2009-05-02 17:45 . 2009-05-02 17:45 -------- d-----w c:\program files\Safari 2009-04-29 06:43 . 2008-04-14 00:12 23552 ----a-w c:\windows\system32\wdmaud.drv 2009-04-29 06:43 . 2008-04-13 18:45 49408 ----a-w c:\windows\system32\drivers\stream.sys 2009-04-29 06:43 . 2008-04-14 00:11 4096 ----a-w c:\windows\system32\ksuser.dll 2009-04-29 06:43 . 2008-04-13 19:19 146048 ----a-w c:\windows\system32\drivers\portcls.sys 2009-04-29 06:43 . 2008-04-13 19:16 141056 ----a-w c:\windows\system32\drivers\ks.sys 2009-04-29 06:43 . 2008-04-13 18:45 60160 ----a-w c:\windows\system32\drivers\drmk.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-23 22:42 . 2009-04-22 18:18 -------- d-----w c:\program files\PeerGuardian2 2009-05-23 22:11 . 2009-04-16 21:39 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-05-23 21:50 . 2007-07-01 16:47 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-05-23 21:48 . 2007-07-01 16:47 -------- d-----w c:\program files\Symantec 2009-05-23 21:45 . 2008-10-31 19:50 -------- d-----w c:\program files\Norton Security Scan 2009-05-23 21:44 . 2008-07-06 21:11 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-05-23 21:39 . 2007-11-05 06:36 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-05-23 05:09 . 2008-07-06 21:07 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-05-21 18:17 . 2009-04-14 18:21 -------- d-----w c:\documents and settings\Johnny\Application Data\DNA 2009-05-21 18:06 . 2009-04-14 18:21 -------- d-----w c:\program files\DNA 2009-05-20 22:57 . 2008-06-18 20:32 -------- d-----w c:\documents and settings\Johnny\Application Data\OpenOffice.org2 2009-05-12 16:14 . 2009-04-16 21:40 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-12 16:14 . 2009-04-16 21:40 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-12 16:14 . 2009-04-16 21:39 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-12 16:14 . 2009-04-16 21:40 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-07 00:24 . 2006-09-13 01:17 -------- d-----w c:\program files\PC Wizard 2006 2009-04-23 19:14 . 2006-09-05 07:53 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-23 18:49 . 2007-02-02 15:43 -------- d-----w c:\documents and settings\Johnny\Application Data\Apple Computer 2009-04-23 16:28 . 2008-11-29 00:07 -------- d-----w c:\program files\ATI 2009-04-23 07:30 . 2009-04-23 07:30 -------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-04-23 07:14 . 2008-11-28 23:02 -------- d-----w c:\program files\ATI Technologies 2009-04-22 20:33 . 2009-04-14 18:22 -------- d-----w c:\documents and settings\Johnny\Application Data\BitTorrent 2009-04-22 18:33 . 2009-04-22 17:21 -------- d-----w c:\program files\RegCure 2009-04-22 16:57 . 2006-09-07 16:30 1984 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-16 21:39 . 2009-04-16 21:39 -------- d-----w c:\documents and settings\Johnny\Application Data\AVGTOOLBAR 2009-04-16 21:39 . 2009-04-16 21:39 -------- d-----w c:\program files\AVG 2009-04-16 18:12 . 2009-04-16 18:12 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer 2009-04-16 18:08 . 2009-04-16 18:08 155 ----a-w c:\windows\system32\SelfDel.bat 2009-04-16 04:15 . 2009-04-16 04:15 -------- d-----w c:\documents and settings\All Users\Application Data\JpegSizer 2009-04-16 04:15 . 2009-04-16 04:15 -------- d-----w c:\program files\JpegSizer 6 2009-04-14 18:22 . 2009-04-14 18:21 -------- d-----w c:\program files\BitTorrent 2009-04-07 18:41 . 2006-09-08 00:42 -------- d-----w c:\program files\Common Files\Adobe 2009-03-28 04:23 . 2009-03-28 04:23 18648 ---ha-w c:\windows\system32\mlfcache.dat 2009-03-24 18:40 . 2008-06-18 20:33 1 ----a-w c:\documents and settings\Johnny\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-03-18 04:05 . 2008-11-29 00:06 593920 ------w c:\windows\system32\ati2sgag.exe 2009-03-16 21:33 . 2008-08-23 09:16 3597312 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-03-16 20:27 . 2008-10-29 02:23 442368 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-03-16 20:26 . 2008-08-23 09:16 328704 ----a-w c:\windows\system32\ati2dvag.dll 2009-03-16 20:17 . 2008-10-29 01:49 307200 ----a-w c:\windows\system32\atiiiexx.dll 2009-03-16 20:17 . 2008-10-29 02:11 204800 ----a-w c:\windows\system32\atipdlxx.dll 2009-03-16 20:16 . 2008-10-29 02:11 155648 ----a-w c:\windows\system32\Oemdspif.dll 2009-03-16 20:16 . 2008-10-29 02:11 26112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-03-16 20:16 . 2008-10-29 02:11 43520 ----a-w c:\windows\system32\ati2edxx.dll 2009-03-16 20:16 . 2008-10-29 02:10 155648 ----a-w c:\windows\system32\ati2evxx.dll 2009-03-16 20:15 . 2008-10-29 02:09 602112 ----a-w c:\windows\system32\ati2evxx.exe 2009-03-16 20:13 . 2008-10-29 02:07 53248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-03-16 20:06 . 2008-08-23 09:16 3820736 ----a-w c:\windows\system32\ati3duag.dll 2009-03-16 20:04 . 2008-10-29 02:10 11563008 ----a-w c:\windows\system32\atioglxx.dll 2009-03-16 19:53 . 2008-08-23 09:16 2675328 ----a-w c:\windows\system32\ativvaxx.dll 2009-03-16 19:40 . 2009-03-16 19:40 49664 ----a-w c:\windows\system32\atimpc32.dll 2009-03-16 19:40 . 2008-10-29 01:25 49664 ----a-w c:\windows\system32\amdpcom32.dll 2009-03-16 19:36 . 2008-10-29 01:21 475136 ----a-w c:\windows\system32\atikvmag.dll 2009-03-16 19:35 . 2008-10-29 01:18 303104 ----a-w c:\windows\system32\atiok3x2.dll 2009-03-16 19:35 . 2009-03-16 19:35 45056 ----a-w c:\windows\system32\aticalrt.dll 2009-03-16 19:35 . 2008-10-29 01:19 131072 ----a-w c:\windows\system32\atiadlxx.dll 2009-03-16 19:34 . 2009-03-16 19:34 45056 ----a-w c:\windows\system32\aticalcl.dll 2009-03-16 19:34 . 2008-10-29 01:19 17408 ----a-w c:\windows\system32\atitvo32.dll 2009-03-16 19:34 . 2008-10-29 01:18 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-03-16 19:33 . 2009-03-16 19:33 3264512 ----a-w c:\windows\system32\aticaldd.dll 2009-03-16 19:28 . 2008-08-23 09:16 630784 ----a-w c:\windows\system32\ati2cqag.dll 2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 19:56 . 2009-03-03 19:56 118784 ----a-w c:\windows\system32\atibtmon.exe 2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-23 21:39 . 2008-08-14 17:42 184394 ----a-w c:\windows\system32\atiicdxx.dat 2008-10-05 05:18 . 2008-07-06 21:31 2568551 ----a-w c:\program files\ssapi.log 2008-10-05 04:43 . 2008-10-05 03:37 4000043 ----a-w c:\program files\ssapi.log.bak 2008-07-06 21:07 . 2008-07-06 21:07 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-01-21 19:54 . 2009-01-21 19:54 28488 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll 2009-01-21 19:54 . 2009-01-21 19:54 183696 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll 2009-01-21 19:54 . 2009-01-21 19:54 99216 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}] 2009-05-23 20:54 29184 ----a-w c:\windows\system32\jhxm32.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-28 58488] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600] "RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-12 1947928] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-06 185896] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-08-17 90112] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-02-21 19968] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-02-21 19456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-12 16:14 11952 ----a-w c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Johnny^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\documents and settings\Johnny\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PerfectOptimizer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1194247461\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "j:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "j:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;c:\windows\system32\drivers\Si3132r5.sys [1/25/2007 8:57 PM 215856] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/16/2009 2:40 PM 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/16/2009 2:40 PM 108552] R2 avast!Antivirus;avast!Antivirus;c:\windows\System32\avast!Antivirus.exe -k netsvcs --> c:\windows\System32\avast!Antivirus.exe -k netsvcs [?] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/16/2009 2:39 PM 908568] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/16/2009 2:39 PM 298776] R3 Alpham1;Ideazon Merc USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [7/23/2007 10:56 AM 42624] R3 Alpham2;Ideazon Merc MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [3/20/2007 12:49 PM 18432] R3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [9/3/2008 7:33 PM 27776] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/20/2009 10:39 AM 15504] R3 vhidmini;Virtual Hid Device;c:\windows\system32\drivers\vhidmini.sys [5/27/2008 1:21 PM 12672] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/20/2009 10:39 AM 179856] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/6/2008 2:07 PM 29744] S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [6/13/2008 2:37 PM 48896] S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\USBICP.sys [5/27/2008 1:57 PM 14592] --- Other Services/Drivers In Memory --- *NewlyCreated* - PGFILTER [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-05-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-06 05:31] 2009-05-23 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Johnny.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-05-20 22:32] 2009-05-23 c:\windows\Tasks\Malwarebytes' Scheduled Update for Johnny.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-05-20 22:32] 2009-05-23 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2009-02-14 06:20] 2009-05-21 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2009-02-14 06:20] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Johnny\Application Data\Mozilla\Firefox\Profiles\swwqcbio.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.blizzard.com/us/jobopp/csr.html FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-23 15:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(596) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3792) c:\windows\system32\ctagent.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\windows\system32\ati2evxx.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\program files\Common Files\AOL\acs\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\avast!Antivirus.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\ZuneBusEnum.exe c:\program files\Zune\ZuneNss.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\CTxfispi.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe c:\program files\Creative\ShareDLL\CADI\NotiMan.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2009-05-23 15:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-23 22:44 Pre-Run: 74,609,381,376 bytes free Post-Run: 74,688,598,016 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional Edition" /fastdetect /noexecute=optin /usepmtimer multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 338 --- E O F --- 2009-05-14 16:16
- May 23, 2009
- 6 replies
Malware Doctor recurrent infection with monitoring on

jterhag posted a topic in Resolved Malware Removal Logs

Hello - here are log files for hijackthis and malwarebytes... Malware doctor continues to infect system with Monitoring function on. Malwarebytes' Anti-Malware 1.36 Database version: 2158 Windows 5.1.2600 Service Pack 3 5/22/2009 11:05:06 AM mbam-log-2009-05-22 (11-05-06).txt Scan type: Quick Scan Objects scanned: 88043 Time elapsed: 2 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Documents and Settings\Johnny\protect.dll (Spyware.Agent) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Johnny\protect.dll (Spyware.Agent) -> Delete on reboot. C:\WINDOWS\system32\autochk.dll (Spyware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Johnny\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Johnny\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:12:57 AM, on 5/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\avast!Antivirus.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Zune\ZuneNss.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Safari\Safari.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe \?\globalroot\C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKUS\S-1-5-18\..\Run: [sYS32DLL] SYS32DLL (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [sYS32DLL] SYS32DLL (User 'Default user') O4 - Startup: ChkDisk.dll O4 - Startup: ChkDisk.lnk = ? O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab O18 - Protocol: bw+0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: offline-8876480 - {51A40AF8-9ECC-4004-A417-C2EAA08BAB23} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\WINDOWS\system32\nibatapu.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AshEvtSvc - Unknown owner - C:\WINDOWS\System32\AshEvtSvc.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 25671 bytes
- May 22, 2009
- 6 replies
Malware Doctor continues to infect system with Monitoring protection on?

jterhag posted a topic in Malwarebytes for Windows Support Forum

Hello - Am I doing something wrong? I assumed with monitoring protection turned on malware doctor could not continue to infect my system every single day. The reason i purchased the full version was to prevent this. If the full version cannot prevent this, then there is no reason to have purchased the full version as the free version removes it. Any suggestions? thanks, J
- May 22, 2009
- 1 reply

Sign In

jterhag

Posts

Joined

Last visited

Reputation

Malware Doctor recurrent infection with monitoring on

Malware Doctor recurrent infection with monitoring on

Malware Doctor recurrent infection with monitoring on

Malware Doctor continues to infect system with Monitoring protection on?

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information