Jump to content

randwill

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

Reputation

0 Neutral
  1. randwill
    Okay. Thanks again.
  2. randwill
    In Spybot on the 'Ignore products' list, I do not find WinPatrol. I do find Win32.Agent.ju on the list (categorized as a Trojan), which is what Spybot identified when I installed WinPatrol. Should I tell Spybot to ignore Win32.Agent by checking its box on the 'Ignore products' list or will doing so make me vulnerable to Trojans with that designation that are not associated with WinPatrol?
  3. randwill
    I just downloaded WinPatrol. When I installed it Spybot gave me an alert which said: Spybot has encountered and terminated a process that is listed as part of a malicious software. ProcessID: 2844 Filename: wpsetup.exe Found in: c:\Documents and Settings... Identified as: Win32.Agent.ju If Spybot encounters this process again... *Inform me again (I left this option checked) I said OK to a checked box labeled 'Delete the associated file'. Is this Spybot recognizing WinPatrol and erroneously thinking it is malicious? Or has something bad come along with the WinPatrol install?
  4. randwill
    I had already moved the ComboFix icon to the trash and emptied so the command prompt didn't find it. I deleted the QooBox folder. Avast! was up to date. I scanned and found nothing. I am not experiencing any odd behavior and was not before I posted. It was just that when I scanned with Malwarebytes Anti-Malware and it found 2 registry key entries for "Rogue.WinAntiVirus" that I became concerned. Those are now gone, of course. Since you had me run a ComboFix file that got rid of the yProxy program, was the "Rogue.WinAntiVirus" something that came with my recent re- installation of yProxy? Or are the two unrelated? If unrelated, what was the problem that you saw with yProxy that made you to think it should be deleted? Thanks for the help in solving my issue.
  5. randwill
    Sorry about that. Here it is: Malwarebytes' Anti-Malware 1.39 Database version: 2453 Windows 5.1.2600 Service Pack 3 7/17/2009 7:18:20 PM mbam-log-2009-07-17 (19-18-20).txt Scan type: Quick Scan Objects scanned: 83799 Time elapsed: 4 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. randwill
    Here it is: Malwarebytes' Anti-Malware 1.39 Database version: 2421 Windows 5.1.2600 Service Pack 3 7/17/2009 6:29:25 PM mbam-log-2009-07-17 (18-29-25).txt Scan type: Quick Scan Objects scanned: 82762 Time elapsed: 6 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. randwill
    Here's the ComboFix log. ComboFix 09-07-14.08 - Randy Williams 07/17/2009 11:10.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.271 [GMT -4:00] Running from: c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Desktop\CFscript.txt AV: avast! antivirus 4.8.1335 [VPS 090716-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\yProxy.lnk" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\yProxy.lnk c:\program files\yProxy c:\program files\yProxy\INSTALL.LOG c:\program files\yProxy\license.txt c:\program files\yProxy\UNWISE.EXE c:\program files\yProxy\yProxy.exe c:\program files\yProxy\yProxy.GID c:\program files\yProxy\yProxy.hlp . ((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 ))))))))))))))))))))))))))))))) . 2009-07-15 07:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2009-07-15 07:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2009-07-13 23:31 . 2009-07-13 23:31 -------- d-----w- c:\program files\CDisplay 2009-07-13 21:00 . 2009-07-13 23:21 -------- d-----w- c:\program files\Combined Community Codec Pack 2009-07-13 20:55 . 2009-07-13 20:55 -------- d-----w- c:\program files\AC3Filter 2009-07-11 20:06 . 2009-07-11 20:06 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\dvdcss 2009-07-07 22:07 . 2009-07-07 22:07 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Forte 2009-07-07 22:07 . 2009-07-09 23:40 -------- d-----w- c:\program files\Agent 2009-07-05 19:14 . 2009-07-05 19:14 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Symantec_Corporation 2009-07-05 16:57 . 2007-03-29 00:12 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-07-05 16:57 . 2007-03-29 00:12 109360 ----a-w- c:\windows\system32\GEARAspi.dll 2009-07-05 16:57 . 2007-03-29 00:49 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys 2009-07-05 16:57 . 2007-03-29 00:23 14072 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys 2009-07-05 16:57 . 2007-03-29 00:29 37864 ----a-w- c:\windows\system32\drivers\v2imount.sys 2009-07-05 16:57 . 2007-03-29 00:29 131944 ----a-w- c:\windows\system32\drivers\symsnap.sys 2009-07-05 16:56 . 2009-07-05 16:56 -------- d-----w- c:\program files\Norton Ghost 2009-07-05 16:55 . 2009-07-05 16:55 -------- d-----w- c:\program files\Symantec 2009-07-04 19:39 . 2008-08-18 20:25 40464 ----a-w- c:\windows\system32\drivers\hotcore3.sys 2009-07-04 19:39 . 2009-07-04 19:39 -------- d-----w- c:\program files\Paragon Software 2009-07-03 18:33 . 2000-06-23 21:05 136704 ----a-w- c:\windows\system32\iacenc.dll 2009-07-03 18:33 . 2000-06-22 20:09 56320 ------w- c:\windows\system32\iyvu9_32.dll 2009-07-03 18:33 . 2009-07-03 18:33 -------- d-----w- c:\program files\Ligos 2009-07-03 07:09 . 2007-04-17 09:32 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2009-07-03 07:09 . 2008-10-16 20:24 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-07-03 07:09 . 2008-10-16 20:24 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-07-03 07:09 . 2008-10-16 20:24 267776 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-03 07:09 . 2008-10-16 20:24 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2009-07-03 07:09 . 2008-10-16 12:46 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2009-07-03 07:09 . 2008-10-16 20:24 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2009-07-03 07:09 . 2008-10-16 20:24 6068224 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-02 18:46 . 2009-07-02 18:46 -------- d-----w- c:\windows\Sun 2009-07-02 18:45 . 2009-07-02 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-02 18:45 . 2009-07-02 18:45 -------- d-----w- c:\program files\Java 2009-07-02 18:44 . 2009-07-02 18:44 152576 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-07-02 04:58 . 2009-07-02 04:58 -------- d-----w- c:\program files\Trend Micro 2009-07-02 00:46 . 2009-07-02 00:46 -------- d-----w- c:\program files\Common Files\wsm 2009-07-02 00:46 . 2009-07-02 01:54 -------- d-----w- c:\program files\Kate's Video Joiner 2009-07-01 23:25 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-07-01 23:24 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-07-01 21:37 . 2007-03-04 11:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll 2009-07-01 21:37 . 2007-03-04 11:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll 2009-07-01 21:29 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll 2009-07-01 21:29 . 2009-07-01 21:31 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-07-01 21:04 . 2009-07-01 21:06 -------- d-----w- c:\program files\VideoLAN 2009-07-01 20:58 . 2009-07-01 21:01 -------- d-----w- c:\program files\ESTsoft 2009-07-01 20:58 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-07-01 20:58 . 2008-05-09 10:53 430080 -c----w- c:\windows\system32\dllcache\vbscript.dll 2009-07-01 20:58 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-07-01 20:58 . 2008-05-09 10:53 512000 -c----w- c:\windows\system32\dllcache\jscript.dll 2009-07-01 20:58 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-07-01 20:58 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-07-01 20:58 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-07-01 20:43 . 2009-07-01 21:36 737280 ----a-w- c:\windows\iun6002.exe 2009-07-01 20:42 . 2009-07-02 00:26 -------- d-----w- c:\program files\Replay Converter 2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Malwarebytes 2009-07-01 20:31 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-07-01 20:31 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-01 18:50 . 2009-07-01 18:56 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-01 18:48 . 2009-07-01 18:36 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-07-01 18:35 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-07-01 18:35 . 2009-07-01 18:35 -------- d-----w- c:\program files\Lavasoft 2009-07-01 17:20 . 2009-07-01 20:51 -------- d-----w- c:\program files\Media Player Classic 2009-07-01 17:19 . 2009-07-13 23:33 -------- d-----w- c:\program files\Software (Uninstalled) 2009-07-01 17:18 . 2009-07-01 17:18 -------- d-----w- c:\program files\SmartPar 2009-07-01 04:18 . 2009-07-15 20:53 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\dwhelper 2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\scripting 2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\en 2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\bits 2009-07-01 01:13 . 2009-07-01 01:16 -------- d-----w- c:\windows\ServicePackFiles 2009-07-01 00:29 . 2009-07-01 00:29 -------- d-----w- c:\program files\MSXML 4.0 2009-07-01 00:29 . 2007-08-11 03:46 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2009-07-01 00:16 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-07-01 00:16 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-07-01 00:16 . 2008-06-24 16:43 74240 -c----w- c:\windows\system32\dllcache\mscms.dll 2009-07-01 00:16 . 2009-03-21 14:06 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll 2009-07-01 00:16 . 2009-02-03 19:59 56832 -c----w- c:\windows\system32\dllcache\secur32.dll 2009-07-01 00:16 . 2009-06-03 19:09 1291264 -c----w- c:\windows\system32\dllcache\quartz.dll 2009-07-01 00:16 . 2008-07-07 20:26 253952 -c----w- c:\windows\system32\dllcache\es.dll 2009-07-01 00:16 . 2008-12-05 06:54 144896 -c----w- c:\windows\system32\dllcache\schannel.dll 2009-07-01 00:10 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll 2009-07-01 00:09 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll 2009-07-01 00:08 . 2008-04-14 00:11 48640 ------w- c:\windows\system32\dhcpqec.dll 2009-07-01 00:07 . 2008-06-17 19:02 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll 2009-06-30 22:19 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-06-30 19:10 . 2009-06-30 19:10 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Help 2009-06-30 19:05 . 2009-06-30 19:05 -------- d-----w- c:\program files\MasterSplitter 2009-06-30 19:01 . 2009-06-30 19:01 87608 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\ezpinst.exe 2009-06-30 19:01 . 2009-06-30 19:01 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-06-30 19:01 . 2009-06-30 19:01 47360 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\pcouffin.sys 2009-06-30 19:01 . 2009-06-30 19:01 -------- d-----w- c:\program files\vso 2009-06-30 18:46 . 2009-06-30 18:46 -------- d-----w- c:\program files\Ahead 2009-06-30 06:59 . 2009-07-01 02:18 -------- d-----w- c:\program files\Unlocker 2009-06-30 06:56 . 2009-06-30 06:56 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\WinZip 2009-06-30 06:55 . 2009-06-30 06:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip 2009-06-30 06:29 . 2009-06-30 07:28 -------- d-----w- c:\program files\Collectorz.com 2009-06-30 06:17 . 2009-06-30 06:17 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Collectorz.com 2009-06-30 03:22 . 2009-06-30 03:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SlySoft 2009-06-30 03:20 . 2009-06-30 06:21 -------- d-----w- c:\program files\SlySoft 2009-06-30 02:12 . 2009-06-30 02:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Elaborate Bytes 2009-06-30 02:08 . 2009-06-30 06:21 -------- d-----w- c:\program files\Elaborate Bytes 2009-06-30 02:06 . 2004-03-22 18:17 24816 ----a-w- c:\windows\system32\mdimon.dll 2009-06-30 01:51 . 2009-06-30 01:51 -------- d-----w- c:\program files\Nero 2009-06-30 01:41 . 2009-06-30 01:41 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\AdobeUM 2009-06-30 01:27 . 2009-06-30 01:27 -------- d-----w- c:\program files\Macromedia 2009-06-30 00:09 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-06-30 00:09 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-06-30 00:09 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-06-30 00:09 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-06-30 00:09 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-06-30 00:09 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-06-30 00:09 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-06-30 00:09 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-06-30 00:09 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-06-30 00:09 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-06-30 00:09 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll 2009-06-30 00:09 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll 2009-06-29 23:56 . 2009-06-29 23:56 -------- d-----w- c:\windows\system32\wbem\Repository 2009-06-29 01:06 . 2009-06-29 01:06 -------- d-----w- c:\program files\MSXML 6.0 2009-06-29 00:57 . 2009-07-16 01:49 -------- d-----w- c:\windows\$hf_mig$ 2009-06-28 02:33 . 2009-06-28 02:33 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\ESTSoft 2009-06-27 23:52 . 2009-06-27 23:52 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Symantec 2009-06-27 23:32 . 2009-07-05 16:56 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-27 23:32 . 2009-07-05 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-01 01:18 . 2009-06-27 02:58 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-30 02:11 . 2009-06-30 02:09 48 --sha-w- c:\windows\S96F82252.tmp 2009-06-27 03:13 . 2009-06-27 03:13 184 ----a-w- c:\windows\system32\e000001.dat 2009-06-27 02:54 . 2009-06-25 06:51 -------- d-----w- c:\program files\Windows Media Connect 2 2009-06-25 06:56 . 2009-06-25 06:56 -------- d-----w- c:\program files\microsoft frontpage 2009-06-16 14:36 . 2007-09-20 05:26 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2007-09-20 05:17 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:09 . 2007-09-20 05:17 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-06-03 03:00 . 2009-06-30 00:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll . ((((((((((((((((((((((((((((( SnapShot@2009-07-16_16.31.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-17 15:17 . 2009-07-17 15:17 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat + 2009-07-17 15:17 . 2009-07-17 15:17 16384 c:\windows\Temp\Perflib_Perfdata_758.dat + 2009-07-17 01:13 . 2009-07-17 01:13 16384 c:\windows\Temp\Perflib_Perfdata_544.dat + 2009-07-17 15:17 . 2009-07-17 15:17 16384 c:\windows\Temp\Perflib_Perfdata_4f8.dat + 2004-08-04 12:00 . 2009-07-17 01:17 77316 c:\windows\system32\perfc009.dat - 2004-08-04 12:00 . 2009-07-13 18:27 77316 c:\windows\system32\perfc009.dat + 2004-08-04 12:00 . 2009-07-17 01:17 473296 c:\windows\system32\perfh009.dat - 2004-08-04 12:00 . 2009-07-13 18:27 473296 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-06-30 5828608] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888] "Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-29 2037352] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-20 24576] "AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-06-20 118784] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-6-29 25214] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-25 113664] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [7/4/2009 3:39 PM 40464] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/1/2009 2:36 PM 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/29/2009 8:09 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/29/2009 8:09 PM 20560] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456] . Contents of the 'Scheduled Tasks' folder 2009-07-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:36] . . ------- Supplementary Scan ------- . IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html Trusted Zone: aol.com\free FF - ProfilePath - c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Mozilla\Firefox\Profiles\lhbgqiib.default\ FF - prefs.js: browser.search.selectedEngine - qtl FF - prefs.js: browser.startup.homepage - msn.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-17 11:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(604) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2608) c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll c:\program files\Unlocker\UnlockerHook.dll c:\windows\system32\ctagent.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2009-07-17 11:30 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-17 15:30 ComboFix2.txt 2009-07-16 16:34 Pre-Run: 146,900,692,992 bytes free Post-Run: 146,861,903,872 bytes free 274 --- E O F --- 2009-07-16 01:49 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Here's the Malwarebytes log. Malwarebytes' Anti-Malware 1.38 Database version: 2373 Windows 5.1.2600 Service Pack 3 7/17/2009 11:57:24 AM mbam-log-2009-07-17 (11-57-24).txt Scan type: Quick Scan Objects scanned: 110771 Time elapsed: 5 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  8. randwill
    Here are the logs. ComboFix 09-07-14.08 - Randy Williams 07/16/2009 12:26.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.263 [GMT -4:00] Running from: c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090716-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1482476501-602609370-725345543-1003 c:\windows\Installer\49e3d.msp c:\windows\Installer\49e53.msp c:\windows\Installer\49e6d.msp c:\windows\Installer\49efe.msp c:\windows\Installer\49f14.msp c:\windows\Installer\49f2a.msp c:\windows\Installer\49f40.msp c:\windows\Installer\49f5e.msp c:\windows\Installer\49f74.msp c:\windows\Installer\49f8b.msp c:\windows\Installer\49fa1.msp c:\windows\Installer\49fb8.msp c:\windows\Installer\49fcf.msp c:\windows\Installer\49fe5.msp c:\windows\Installer\49ffc.msp c:\windows\Installer\4a012.msp . ((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 ))))))))))))))))))))))))))))))) . 2009-07-16 01:45 . 2009-07-16 01:45 -------- d-----w- c:\windows\LastGood 2009-07-15 07:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2009-07-15 07:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2009-07-13 23:31 . 2009-07-13 23:31 -------- d-----w- c:\program files\CDisplay 2009-07-13 21:00 . 2009-07-13 23:21 -------- d-----w- c:\program files\Combined Community Codec Pack 2009-07-13 20:55 . 2009-07-13 20:55 -------- d-----w- c:\program files\AC3Filter 2009-07-11 20:06 . 2009-07-11 20:06 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\dvdcss 2009-07-07 22:07 . 2009-07-07 22:07 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Forte 2009-07-07 22:07 . 2009-07-09 23:40 -------- d-----w- c:\program files\Agent 2009-07-05 19:14 . 2009-07-05 19:14 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Symantec_Corporation 2009-07-05 16:57 . 2007-03-29 00:12 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-07-05 16:57 . 2007-03-29 00:12 109360 ----a-w- c:\windows\system32\GEARAspi.dll 2009-07-05 16:57 . 2007-03-29 00:49 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys 2009-07-05 16:57 . 2007-03-29 00:23 14072 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys 2009-07-05 16:57 . 2007-03-29 00:29 37864 ----a-w- c:\windows\system32\drivers\v2imount.sys 2009-07-05 16:57 . 2007-03-29 00:29 131944 ----a-w- c:\windows\system32\drivers\symsnap.sys 2009-07-05 16:56 . 2009-07-05 16:56 -------- d-----w- c:\program files\Norton Ghost 2009-07-05 16:55 . 2009-07-05 16:55 -------- d-----w- c:\program files\Symantec 2009-07-04 19:39 . 2008-08-18 20:25 40464 ----a-w- c:\windows\system32\drivers\hotcore3.sys 2009-07-04 19:39 . 2009-07-04 19:39 -------- d-----w- c:\program files\Paragon Software 2009-07-03 18:33 . 2000-06-23 21:05 136704 ----a-w- c:\windows\system32\iacenc.dll 2009-07-03 18:33 . 2000-06-22 20:09 56320 ------w- c:\windows\system32\iyvu9_32.dll 2009-07-03 18:33 . 2009-07-03 18:33 -------- d-----w- c:\program files\Ligos 2009-07-03 07:09 . 2007-04-17 09:32 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2009-07-03 07:09 . 2008-10-16 20:24 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-07-03 07:09 . 2008-10-16 20:24 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-07-03 07:09 . 2008-10-16 20:24 267776 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-03 07:09 . 2008-10-16 20:24 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2009-07-03 07:09 . 2008-10-16 12:46 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2009-07-03 07:09 . 2008-10-16 20:24 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2009-07-03 07:09 . 2008-10-16 20:24 6068224 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-02 18:46 . 2009-07-02 18:46 -------- d-----w- c:\windows\Sun 2009-07-02 18:45 . 2009-07-02 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-02 18:45 . 2009-07-02 18:45 -------- d-----w- c:\program files\Java 2009-07-02 18:44 . 2009-07-02 18:44 152576 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-07-02 04:58 . 2009-07-02 04:58 -------- d-----w- c:\program files\Trend Micro 2009-07-02 00:46 . 2009-07-02 00:46 -------- d-----w- c:\program files\Common Files\wsm 2009-07-02 00:46 . 2009-07-02 01:54 -------- d-----w- c:\program files\Kate's Video Joiner 2009-07-01 23:25 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-07-01 23:24 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-07-01 21:37 . 2007-03-04 11:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll 2009-07-01 21:37 . 2007-03-04 11:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll 2009-07-01 21:29 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll 2009-07-01 21:29 . 2009-07-01 21:31 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-07-01 21:04 . 2009-07-01 21:06 -------- d-----w- c:\program files\VideoLAN 2009-07-01 20:58 . 2009-07-01 21:01 -------- d-----w- c:\program files\ESTsoft 2009-07-01 20:58 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-07-01 20:58 . 2008-05-09 10:53 430080 -c----w- c:\windows\system32\dllcache\vbscript.dll 2009-07-01 20:58 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-07-01 20:58 . 2008-05-09 10:53 512000 -c----w- c:\windows\system32\dllcache\jscript.dll 2009-07-01 20:58 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-07-01 20:58 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-07-01 20:58 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-07-01 20:43 . 2009-07-01 21:36 737280 ----a-w- c:\windows\iun6002.exe 2009-07-01 20:42 . 2009-07-02 00:26 -------- d-----w- c:\program files\Replay Converter 2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Malwarebytes 2009-07-01 20:31 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-07-01 20:31 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-01 18:50 . 2009-07-01 18:56 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-01 18:48 . 2009-07-01 18:36 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-07-01 18:35 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-07-01 18:35 . 2009-07-01 18:35 -------- d-----w- c:\program files\Lavasoft 2009-07-01 17:20 . 2009-07-01 20:51 -------- d-----w- c:\program files\Media Player Classic 2009-07-01 17:19 . 2009-07-13 23:33 -------- d-----w- c:\program files\Software (Uninstalled) 2009-07-01 17:18 . 2009-07-01 17:18 -------- d-----w- c:\program files\SmartPar 2009-07-01 04:18 . 2009-07-15 20:53 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\dwhelper 2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\scripting 2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\en 2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\bits 2009-07-01 01:13 . 2009-07-01 01:16 -------- d-----w- c:\windows\ServicePackFiles 2009-07-01 00:29 . 2009-07-01 00:29 -------- d-----w- c:\program files\MSXML 4.0 2009-07-01 00:29 . 2007-08-11 03:46 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2009-07-01 00:16 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-07-01 00:16 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-07-01 00:16 . 2008-06-24 16:43 74240 -c----w- c:\windows\system32\dllcache\mscms.dll 2009-07-01 00:16 . 2009-03-21 14:06 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll 2009-07-01 00:16 . 2009-02-03 19:59 56832 -c----w- c:\windows\system32\dllcache\secur32.dll 2009-07-01 00:16 . 2009-06-03 19:09 1291264 -c----w- c:\windows\system32\dllcache\quartz.dll 2009-07-01 00:16 . 2008-07-07 20:26 253952 -c----w- c:\windows\system32\dllcache\es.dll 2009-07-01 00:16 . 2008-12-05 06:54 144896 -c----w- c:\windows\system32\dllcache\schannel.dll 2009-07-01 00:10 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll 2009-07-01 00:09 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll 2009-07-01 00:08 . 2008-04-14 00:11 48640 ------w- c:\windows\system32\dhcpqec.dll 2009-07-01 00:07 . 2008-06-17 19:02 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll 2009-06-30 22:19 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-06-30 19:10 . 2009-06-30 19:10 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Help 2009-06-30 19:06 . 2009-06-30 19:10 -------- d-----w- c:\program files\yProxy 2009-06-30 19:05 . 2009-06-30 19:05 -------- d-----w- c:\program files\MasterSplitter 2009-06-30 19:01 . 2009-06-30 19:01 87608 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\ezpinst.exe 2009-06-30 19:01 . 2009-06-30 19:01 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-06-30 19:01 . 2009-06-30 19:01 47360 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\pcouffin.sys 2009-06-30 19:01 . 2009-06-30 19:01 -------- d-----w- c:\program files\vso 2009-06-30 18:46 . 2009-06-30 18:46 -------- d-----w- c:\program files\Ahead 2009-06-30 06:59 . 2009-07-01 02:18 -------- d-----w- c:\program files\Unlocker 2009-06-30 06:56 . 2009-06-30 06:56 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\WinZip 2009-06-30 06:55 . 2009-06-30 06:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip 2009-06-30 06:29 . 2009-06-30 07:28 -------- d-----w- c:\program files\Collectorz.com 2009-06-30 06:17 . 2009-06-30 06:17 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Collectorz.com 2009-06-30 03:22 . 2009-06-30 03:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SlySoft 2009-06-30 03:20 . 2009-06-30 06:21 -------- d-----w- c:\program files\SlySoft 2009-06-30 02:12 . 2009-06-30 02:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Elaborate Bytes 2009-06-30 02:08 . 2009-06-30 06:21 -------- d-----w- c:\program files\Elaborate Bytes 2009-06-30 02:06 . 2004-03-22 18:17 24816 ----a-w- c:\windows\system32\mdimon.dll 2009-06-30 01:51 . 2009-06-30 01:51 -------- d-----w- c:\program files\Nero 2009-06-30 01:41 . 2009-06-30 01:41 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\AdobeUM 2009-06-30 01:27 . 2009-06-30 01:27 -------- d-----w- c:\program files\Macromedia 2009-06-30 00:09 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-06-30 00:09 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-06-30 00:09 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-06-30 00:09 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-06-30 00:09 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-06-30 00:09 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-06-30 00:09 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-06-30 00:09 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-06-30 00:09 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-06-30 00:09 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-06-30 00:09 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll 2009-06-30 00:09 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll 2009-06-29 23:56 . 2009-06-29 23:56 -------- d-----w- c:\windows\system32\wbem\Repository 2009-06-29 01:06 . 2009-06-29 01:06 -------- d-----w- c:\program files\MSXML 6.0 2009-06-29 00:57 . 2009-07-16 01:49 -------- d-----w- c:\windows\$hf_mig$ 2009-06-28 02:33 . 2009-06-28 02:33 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\ESTSoft 2009-06-27 23:52 . 2009-06-27 23:52 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-01 01:18 . 2009-06-27 02:58 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-30 02:11 . 2009-06-30 02:09 48 --sha-w- c:\windows\S96F82252.tmp 2009-06-27 03:13 . 2009-06-27 03:13 184 ----a-w- c:\windows\system32\e000001.dat 2009-06-27 02:54 . 2009-06-25 06:51 -------- d-----w- c:\program files\Windows Media Connect 2 2009-06-25 06:56 . 2009-06-25 06:56 -------- d-----w- c:\program files\microsoft frontpage 2009-06-16 14:36 . 2007-09-20 05:26 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2007-09-20 05:17 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:09 . 2009-07-15 07:32 1291264 ----a-w- c:\windows\system32\SET5F8.tmp 2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-06-03 03:00 . 2009-06-30 00:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-06-30 5828608] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888] "Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-29 2037352] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-20 24576] "AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-06-20 118784] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-6-29 25214] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-25 113664] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640] yProxy.lnk - c:\program files\yProxy\yProxy.exe [2009-6-30 514560] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [7/4/2009 3:39 PM 40464] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/1/2009 2:36 PM 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/29/2009 8:09 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/29/2009 8:09 PM 20560] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456] . Contents of the 'Scheduled Tasks' folder 2009-07-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:36] . . ------- Supplementary Scan ------- . IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html Trusted Zone: aol.com\free FF - ProfilePath - c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Mozilla\Firefox\Profiles\lhbgqiib.default\ FF - prefs.js: browser.search.selectedEngine - qtl FF - prefs.js: browser.startup.homepage - msn.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-16 12:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(600) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-07-16 12:34 ComboFix-quarantined-files.txt 2009-07-16 16:33 Pre-Run: 145,206,476,800 bytes free Post-Run: 146,139,303,936 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Windows XP/2003" 256 --- E O F --- 2009-07-16 01:49 ------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:40:03 PM, on 7/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20935) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\yProxy\yProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: yProxy.lnk = C:\Program Files\yProxy\yProxy.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- End of file - 8602 bytes
  9. randwill
    I just got everything clean on this system recently. I've got Avast! running and just scanned with AdAware and Spybot with AdAware finding only cookies. But when I scanned with Malwarebytes Anti-Malware it found 2 registry key entries for "Rogue.WinAntiVirus". I let it delete them but since I thought I had been cautious, I was surprised to see these 2 things turn up. Is this something I need to address further? Here's the Malwarebytes log: Malwarebytes' Anti-Malware 1.38 Database version: 2373 Windows 5.1.2600 Service Pack 3 7/14/2009 9:12:46 PM mbam-log-2009-07-14 (21-12-46).txt Scan type: Quick Scan Objects scanned: 120013 Time elapsed: 8 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. randwill
    I downloaded and installed Malwarebytes Anti-Malware but it will not start. I tried the desktop shortcut. Nothing. I went to the folder in Programs, Malwarebytes' Anti-Malware and double clicked on, mbam ( 1,258 KB Application) and also mbamgui ( 406 KB Application) but nothing happens. I believe I have the Antivirus System Pro virus and also something that is playing audio advertisements. Is the infection stopping Malwarebytes Anti-Maleware from running or is there something else I need to do? Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.