Jump to content

NeedHelp

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by NeedHelp

  1. NeedHelp
    No problems at all, Spy! Thanks so much for helping me through this. Can you recommend some ways to keep my computer this way?
  2. NeedHelp
    A short log A0000160.exe;C:\System Volume Information\_restore{E9A67910-857F-4CCB-85D7-0D25030036F6}\RP1;Trojan.Hoster.256;Deleted.;
  3. NeedHelp
    Here's the MBAM log: Malwarebytes' Anti-Malware 1.40 Database version: 2618 Windows 5.1.2600 Service Pack 2 2009-08-13 20:51:59 mbam-log-2009-08-13 (20-51-59).txt Scan type: Quick Scan Objects scanned: 97382 Time elapsed: 5 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.FakeAlert) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And here's the RSIT log (again, it couldn't run HiJackThis): Logfile of random's system information tool 1.06 (written by random/random) Run by iorizzp at 2009-08-13 20:52:28 Microsoft Windows XP Professional Service Pack 2 System drive C: has 65 GB (86%) free of 76 GB Total RAM: 503 MB (50% free) ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688] "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896] "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\MalwareBytes\mbam.exe [2009-08-03 1295632] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-27 342848] "AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:mbam" "C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt" "C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe"="C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe:*:Enabled:VZAccess Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" ======List of files/folders created in the last 1 months====== 2009-08-13 18:38:15 ----A---- C:\ComboFix.txt 2009-08-13 18:30:14 ----D---- C:\WINDOWS\temp 2009-08-13 09:53:01 ----D---- C:\Program Files\ESET 2009-08-11 19:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-08-11 19:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-11 19:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$ 2009-08-11 19:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$ 2009-08-11 19:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-11 19:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-11 19:17:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-08-11 19:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-08-11 19:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-08-11 19:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-08-11 19:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-08-11 19:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-11 19:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2009-08-11 19:16:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-08-11 19:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-11 19:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-11 19:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-08-11 19:15:18 ----D---- C:\WINDOWS\ServicePackFiles 2009-08-11 19:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$ 2009-08-11 19:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-08-11 19:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-11 19:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-08-11 19:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$ 2009-08-11 19:14:07 ----A---- C:\WINDOWS\imsins.BAK 2009-08-11 19:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-08-11 17:18:32 ----D---- C:\Program Files\MalwareBytes 2009-08-11 16:59:25 ----A---- C:\WINDOWS\PEV.exe 2009-08-11 15:56:44 ----D---- C:\VIPRERESCUE1 2009-08-11 12:38:53 ----A---- C:\WINDOWS\system32\sbbd.exe 2009-08-11 12:38:24 ----D---- C:\VIPRERESCUE 2009-08-10 11:01:48 ----D---- C:\Program Files\Malewarebytes 2009-08-09 17:07:58 ----D---- C:\Program Files\MBytes 2009-08-08 23:42:14 ----D---- C:\Program Files\MBam 2009-08-08 21:44:59 ----D---- C:\Documents and Settings\iorizzp\Application Data\GRETECH 2009-08-08 21:44:07 ----D---- C:\Program Files\GRETECH 2009-08-08 17:03:24 ----D---- C:\Program Files\Sophos 2009-08-08 15:33:17 ----D---- C:\Program Files\install.com 2009-08-08 14:17:15 ----D---- C:\Program Files\ThisOne 2009-08-08 08:22:09 ----D---- C:\Program Files\mine 2009-08-08 08:19:05 ----D---- C:\Program Files\tryingagain 2009-08-08 08:18:35 ----D---- C:\Program Files\Iorizzoee 2009-08-08 08:18:05 ----D---- C:\Program Files\IorizzoHi 2009-08-06 22:58:36 ----D---- C:\Program Files\MyAPP 2009-08-06 22:55:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware3 2009-08-06 22:45:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2 2009-08-06 17:50:40 ----D---- C:\_OTM 2009-08-06 17:29:24 ----AD---- C:\WINDOWS\system32\images 2009-08-05 18:24:02 ----D---- C:\Documents and Settings\iorizzp\Application Data\vlc ======List of files/folders modified in the last 1 months====== 2009-08-13 20:51:46 ----D---- C:\Documents and Settings\iorizzp\Application Data\DNA 2009-08-13 20:45:44 ----D---- C:\WINDOWS\system32 2009-08-13 20:45:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-13 20:44:53 ----SD---- C:\WINDOWS\Tasks 2009-08-13 20:44:23 ----D---- C:\WINDOWS\Prefetch 2009-08-13 20:41:42 ----D---- C:\Program Files\DNA 2009-08-13 20:41:27 ----D---- C:\WINDOWS 2009-08-13 18:40:01 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-13 18:38:21 ----D---- C:\WINDOWS\system32\drivers 2009-08-13 18:37:19 ----D---- C:\Qoobox 2009-08-13 18:35:39 ----HD---- C:\WINDOWS\inf 2009-08-13 18:35:12 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-13 18:33:13 ----A---- C:\WINDOWS\system.ini 2009-08-13 18:30:46 ----D---- C:\WINDOWS\system32\config 2009-08-13 18:30:32 ----D---- C:\WINDOWS\ERDNT 2009-08-13 18:28:47 ----D---- C:\WINDOWS\AppPatch 2009-08-13 18:28:40 ----D---- C:\Program Files\Common Files 2009-08-13 17:32:20 ----D---- C:\Program Files\Trend Micro 2009-08-13 12:41:22 ----D---- C:\Program Files\Mozilla Firefox 2009-08-13 09:53:01 ----RD---- C:\Program Files 2009-08-12 09:45:19 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-12 00:19:36 ----A---- C:\WINDOWS\ModemLog_PANTECH PC Card (UDP).txt 2009-08-11 23:23:37 ----SHD---- C:\System Volume Information 2009-08-11 23:23:37 ----D---- C:\WINDOWS\system32\Restore 2009-08-11 22:46:06 ----D---- C:\WINDOWS\system32\wbem 2009-08-11 22:46:05 ----D---- C:\WINDOWS\system32\Setup 2009-08-11 19:19:32 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-11 19:18:48 ----D---- C:\Program Files\Internet Explorer 2009-08-11 19:15:45 ----D---- C:\Program Files\Outlook Express 2009-08-11 12:52:55 ----SHD---- C:\WINDOWS\CSC 2009-08-11 09:49:46 ----D---- C:\Program Files\SUPERAntiSpyware 2009-08-08 21:35:28 ----D---- C:\WINDOWS\Registration 2009-08-06 18:00:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-05 05:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-07-29 00:53:14 ----A---- C:\WINDOWS\system32\t2embed.dll 2009-07-29 00:53:14 ----A---- C:\WINDOWS\system32\fontsub.dll 2009-07-28 22:18:54 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt 2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\shdocvw.dll 2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-17 14:55:28 ----A---- C:\WINDOWS\system32\atl.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys [] R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys [] R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys [] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-08-23 121472] R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320] R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024] R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070622.033\naveng.sys [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070622.033\navex15.sys [] R3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-04-01 27520] R3 PTDCMdm;PANTECH PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-04-01 41728] R3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-04-01 39808] R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver; C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys [2007-04-30 58240] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648] R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168] R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056] S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160] S3 pxfhbus;PANTECH PC Card Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\pxfhbus.sys [] S3 pxfhmdfl;PANTECH PC Card Filter; C:\WINDOWS\system32\DRIVERS\pxfhmdfl.sys [] S3 pxfhmdm;PANTECH PC Card Drivers; C:\WINDOWS\system32\DRIVERS\pxfhmdm.sys [] S3 pxfhserd;PANTECH PC Card Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\pxfhserd.sys [] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [] S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [] S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632] R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944] S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464] S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720] S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848] S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] -----------------EOF-----------------
  4. NeedHelp
    Here is the log: ComboFix 09-08-10.06 - iorizzp 2009-08-13 18:25.11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.263 [GMT -4:00] Running from: c:\documents and settings\iorizzp\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\iorizzp\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MBR -------\Legacy_MEMSWEEP2 -------\Service_mbr -------\Service_MEMSWEEP2 ((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 ))))))))))))))))))))))))))))))) . 2009-08-13 13:53 . 2009-08-13 13:53 -------- d-----w- c:\program files\ESET 2009-08-11 23:15 . 2009-08-11 23:15 -------- d-----w- c:\windows\ServicePackFiles 2009-08-11 21:18 . 2009-08-11 21:18 -------- d-----w- c:\program files\MalwareBytes 2009-08-11 19:56 . 2009-08-11 20:02 -------- d-----w- C:\VIPRERESCUE1 2009-08-11 16:39 . 2009-08-11 20:02 0 ----a-w- c:\windows\system32\SBRC.dat 2009-08-11 16:38 . 2009-03-17 17:26 65320 ----a-w- c:\windows\system32\sbbd.exe 2009-08-11 16:38 . 2008-10-22 21:08 92464 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-08-11 16:38 . 2009-08-11 16:43 -------- d-----w- C:\VIPRERESCUE 2009-08-10 15:01 . 2009-08-11 16:54 -------- d-----w- c:\program files\Malewarebytes 2009-08-09 21:07 . 2009-08-09 21:08 -------- d-----w- c:\program files\MBytes 2009-08-09 03:42 . 2009-08-09 03:42 -------- d-----w- c:\program files\MBam 2009-08-09 03:26 . 2009-06-18 16:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\documents and settings\iorizzp\Application Data\GRETECH 2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\program files\GRETECH 2009-08-08 21:03 . 2009-08-08 21:03 -------- d-----w- c:\program files\Sophos 2009-08-08 20:45 . 2009-08-08 20:45 0 ----a-w- C:\settings.dat 2009-08-08 19:33 . 2009-08-08 19:33 -------- d-----w- c:\program files\install.com 2009-08-08 18:17 . 2009-08-08 18:18 -------- d-----w- c:\program files\ThisOne 2009-08-08 12:22 . 2009-08-08 12:22 -------- d-----w- c:\program files\mine 2009-08-08 12:19 . 2009-08-08 12:19 -------- d-----w- c:\program files\tryingagain 2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\Iorizzoee 2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\IorizzoHi 2009-08-07 02:58 . 2009-08-07 02:59 -------- d-----w- c:\program files\MyAPP 2009-08-07 02:55 . 2009-08-07 02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3 2009-08-07 02:45 . 2009-08-07 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2009-08-06 21:50 . 2009-08-06 21:50 -------- d-----w- C:\_OTM 2009-08-06 21:29 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images 2009-08-05 22:24 . 2009-08-12 19:50 -------- d-----w- c:\documents and settings\iorizzp\Application Data\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-13 22:33 . 2008-12-27 18:02 -------- d-----w- c:\program files\DNA 2009-08-13 22:33 . 2008-12-27 18:02 -------- d-----w- c:\documents and settings\iorizzp\Application Data\DNA 2009-08-13 21:32 . 2008-12-07 20:04 -------- d-----w- c:\program files\Trend Micro 2009-08-11 15:30 . 2009-03-13 03:12 117760 ----a-w- c:\documents and settings\iorizzp\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-08-11 13:49 . 2008-09-06 14:56 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-06 22:04 . 2009-08-06 22:04 16580 ----a-w- c:\program files\Common Files\aguhipib.inf 2009-08-06 22:00 . 2008-12-10 04:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-06 22:00 . 2009-02-15 18:18 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-05 09:11 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 17:36 . 2008-12-10 04:45 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 17:36 . 2008-12-10 04:45 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-29 04:53 . 2004-08-04 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:53 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-17 18:55 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 06:18 . 2004-08-04 10:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-26 16:18 . 2006-03-04 03:33 659456 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:18 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-25 18:36 . 2004-08-04 10:00 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-04 10:00 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-04 10:00 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-04 10:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-04 10:00 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2004-08-04 10:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2004-08-04 10:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2004-08-04 10:00 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2004-08-04 10:00 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2004-08-04 10:00 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 18:36 . 2004-08-04 10:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-22 11:49 . 2004-08-04 10:00 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2004-08-04 10:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2004-08-04 10:00 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2004-08-04 10:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-12 11:50 . 2004-08-04 10:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 11:50 . 2004-08-04 10:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:21 . 2004-08-04 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2004-08-04 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 07:42 . 2007-03-19 22:31 655872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-04 10:00 1290752 ----a-w- c:\windows\system32\quartz.dll 2009-05-29 03:34 . 2009-05-29 03:34 11410 ----a-w- c:\documents and settings\iorizzp\Application Data\CyberLink\msgdi.dll 2009-05-29 03:34 . 2009-05-29 03:34 10121 ----a-w- c:\documents and settings\iorizzp\Application Data\Identities\kern.dll 2009-05-29 03:34 . 2009-05-29 03:34 16141 ----a-w- c:\documents and settings\iorizzp\Application Data\BitZipper\lego.exe 2009-05-29 03:34 . 2009-05-29 03:34 145131 ----a-w- c:\documents and settings\iorizzp\Application Data\Apple Computer\nomad.exe 2009-05-29 03:34 . 2009-05-29 03:34 422 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeUM\socks1.exe 2009-05-29 03:34 . 2009-05-29 03:34 13221 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeAUM\rengo.dll 2009-05-29 03:34 . 2009-05-29 03:34 11232 ----a-w- c:\documents and settings\iorizzp\Application Data\Adobe\shalom.exe . ((((((((((((((((((((((((((((( SnapShot_2009-08-12_03.31.26 ))))))))))))))))))))))))))))))))))))))))) . - 2004-08-04 10:00 . 2009-08-12 03:21 41238 c:\windows\system32\perfc009.dat + 2004-08-04 10:00 . 2009-08-13 13:54 41238 c:\windows\system32\perfc009.dat - 2009-08-11 21:07 . 2009-08-11 21:07 86016 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-13 22:30 . 2009-08-13 22:30 86016 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-13 22:30 . 2009-08-13 22:30 12288 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat - 2009-08-11 21:07 . 2009-08-11 21:07 12288 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat - 2009-08-11 21:07 . 2009-08-11 21:07 12288 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2009-08-13 22:30 . 2009-08-13 22:30 12288 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat - 2004-08-04 10:00 . 2009-08-12 03:21 315076 c:\windows\system32\perfh009.dat + 2004-08-04 10:00 . 2009-08-13 13:54 315076 c:\windows\system32\perfh009.dat + 2009-08-13 22:30 . 2009-08-13 22:30 786432 c:\windows\ERDNT\subs\Users\00000007\ntuser.dat + 2009-08-13 22:30 . 2009-08-13 22:30 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT - 2009-08-11 21:07 . 2009-08-11 21:07 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT - 2009-08-11 21:07 . 2009-08-11 21:07 258048 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2009-08-13 22:30 . 2009-08-13 22:30 258048 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2009-08-13 22:30 . 2009-08-13 22:30 3108864 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat - 2009-08-11 21:07 . 2009-08-11 21:07 3108864 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-27 342848] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-1-17 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024] R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-08-08 18816] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-06-22 106808] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-03-19 87936] R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2009-03-25 58240] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464] S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-08-11 92464] . Contents of the 'Scheduled Tasks' folder 2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-08-13 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.espn.com/ uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f mStart Page = hxxp://www.google.com mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: tusharep Trusted Zone: TUPATCHLINK01 Trusted Zone: tusharep FF - ProfilePath - c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\ FF - plugin: c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-13 18:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}\InProcServer32] @DACL=(02 0000) @="c:\\WINDOWS\\system32\\iehelper.dll" "ThreadingModel"="Apartment" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1080) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\windows\system32\scardsvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\rundll32.exe c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Completion time: 2009-08-13 18:38 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-13 22:38 ComboFix2.txt 2009-08-12 03:33 ComboFix3.txt 2009-08-11 21:15 Pre-Run: 68,514,910,208 bytes free Post-Run: 68,536,496,128 bytes free 235 --- E O F --- 2009-08-11 23:19
  5. NeedHelp
    Hi Spy, Thank you so much for all the help! The computer is running great now. Couple things with RSIT, though: It couldn't run HiJackThis, because the file is still locked from the virus. I can't delete that version of HiJack this, either, because it says my access is denied. (Same, by the way, for the old versions of MalwareBytes that I had installed and tried to rename; I can't do anything with them.) Also, only one log popped up -- log.txt. I'm not sure if that's because of the problem running HiJackThis. In any case, here is the log: Logfile of random's system information tool 1.06 (written by random/random) Run by iorizzp at 2009-08-13 17:33:11 Microsoft Windows XP Professional Service Pack 2 System drive C: has 65 GB (86%) free of 76 GB Total RAM: 503 MB (17% free) ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688] "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896] "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-27 342848] "AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:mbam" "C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt" "C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe"="C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe:*:Enabled:VZAccess Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" ======List of files/folders created in the last 1 months====== 2009-08-13 09:53:01 ----D---- C:\Program Files\ESET 2009-08-11 23:57:38 ----SHD---- C:\RECYCLER 2009-08-11 23:33:55 ----A---- C:\ComboFix.txt 2009-08-11 23:31:05 ----D---- C:\WINDOWS\temp 2009-08-11 19:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-08-11 19:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-11 19:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$ 2009-08-11 19:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$ 2009-08-11 19:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-11 19:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-11 19:17:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-08-11 19:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-08-11 19:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-08-11 19:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-08-11 19:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-08-11 19:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-11 19:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2009-08-11 19:16:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-08-11 19:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-11 19:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-11 19:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-08-11 19:15:18 ----D---- C:\WINDOWS\ServicePackFiles 2009-08-11 19:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$ 2009-08-11 19:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-08-11 19:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-11 19:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-08-11 19:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$ 2009-08-11 19:14:07 ----A---- C:\WINDOWS\imsins.BAK 2009-08-11 19:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-08-11 17:18:32 ----D---- C:\Program Files\MalwareBytes 2009-08-11 16:59:25 ----A---- C:\WINDOWS\PEV.exe 2009-08-11 15:56:44 ----D---- C:\VIPRERESCUE1 2009-08-11 12:38:53 ----A---- C:\WINDOWS\system32\sbbd.exe 2009-08-11 12:38:24 ----D---- C:\VIPRERESCUE 2009-08-10 11:01:48 ----D---- C:\Program Files\Malewarebytes 2009-08-09 17:07:58 ----D---- C:\Program Files\MBytes 2009-08-08 23:42:14 ----D---- C:\Program Files\MBam 2009-08-08 21:44:59 ----D---- C:\Documents and Settings\iorizzp\Application Data\GRETECH 2009-08-08 21:44:07 ----D---- C:\Program Files\GRETECH 2009-08-08 17:03:24 ----D---- C:\Program Files\Sophos 2009-08-08 15:33:17 ----D---- C:\Program Files\install.com 2009-08-08 14:17:15 ----D---- C:\Program Files\ThisOne 2009-08-08 08:22:09 ----D---- C:\Program Files\mine 2009-08-08 08:19:05 ----D---- C:\Program Files\tryingagain 2009-08-08 08:18:35 ----D---- C:\Program Files\Iorizzoee 2009-08-08 08:18:05 ----D---- C:\Program Files\IorizzoHi 2009-08-06 22:58:36 ----D---- C:\Program Files\MyAPP 2009-08-06 22:55:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware3 2009-08-06 22:45:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2 2009-08-06 17:50:40 ----D---- C:\_OTM 2009-08-06 17:29:24 ----AD---- C:\WINDOWS\system32\images 2009-08-05 18:24:02 ----D---- C:\Documents and Settings\iorizzp\Application Data\vlc ======List of files/folders modified in the last 1 months====== 2009-08-13 17:32:26 ----D---- C:\WINDOWS\Prefetch 2009-08-13 17:32:20 ----D---- C:\Program Files\Trend Micro 2009-08-13 17:24:56 ----D---- C:\Documents and Settings\iorizzp\Application Data\DNA 2009-08-13 12:41:22 ----D---- C:\Program Files\Mozilla Firefox 2009-08-13 11:56:24 ----D---- C:\WINDOWS\system32 2009-08-13 09:54:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-13 09:53:17 ----SD---- C:\WINDOWS\Tasks 2009-08-13 09:53:01 ----RD---- C:\Program Files 2009-08-13 09:50:08 ----D---- C:\Program Files\DNA 2009-08-13 09:49:55 ----D---- C:\WINDOWS 2009-08-13 09:48:48 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-13 09:31:05 ----HD---- C:\WINDOWS\inf 2009-08-13 09:30:49 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-12 09:45:19 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-12 00:19:36 ----A---- C:\WINDOWS\ModemLog_PANTECH PC Card (UDP).txt 2009-08-11 23:34:01 ----D---- C:\Qoobox 2009-08-11 23:31:26 ----A---- C:\WINDOWS\system.ini 2009-08-11 23:30:55 ----D---- C:\Program Files\Common Files 2009-08-11 23:29:11 ----D---- C:\WINDOWS\system32\drivers 2009-08-11 23:29:10 ----D---- C:\WINDOWS\AppPatch 2009-08-11 23:23:37 ----SHD---- C:\System Volume Information 2009-08-11 23:23:37 ----D---- C:\WINDOWS\system32\Restore 2009-08-11 22:46:06 ----D---- C:\WINDOWS\system32\wbem 2009-08-11 22:46:05 ----D---- C:\WINDOWS\system32\Setup 2009-08-11 19:19:32 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-11 19:18:48 ----D---- C:\Program Files\Internet Explorer 2009-08-11 19:15:45 ----D---- C:\Program Files\Outlook Express 2009-08-11 17:07:46 ----D---- C:\WINDOWS\system32\config 2009-08-11 17:07:32 ----D---- C:\WINDOWS\ERDNT 2009-08-11 12:52:55 ----SHD---- C:\WINDOWS\CSC 2009-08-11 09:49:46 ----D---- C:\Program Files\SUPERAntiSpyware 2009-08-08 21:35:28 ----D---- C:\WINDOWS\Registration 2009-08-06 18:00:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-05 05:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-07-29 00:53:14 ----A---- C:\WINDOWS\system32\t2embed.dll 2009-07-29 00:53:14 ----A---- C:\WINDOWS\system32\fontsub.dll 2009-07-28 22:18:54 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt 2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\shdocvw.dll 2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-17 14:55:28 ----A---- C:\WINDOWS\system32\atl.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys [] R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys [] R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys [] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-08-23 121472] R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320] R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024] R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992] R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070622.033\naveng.sys [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070622.033\navex15.sys [] R3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-04-01 27520] R3 PTDCMdm;PANTECH PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-04-01 41728] R3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-04-01 39808] R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver; C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys [2007-04-30 58240] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648] R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168] R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056] S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128] S3 catchme;catchme; \??\C:\DOCUME~1\iorizzp\LOCALS~1\Temp\catchme.sys [] S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600] S3 mbr;mbr; \??\C:\DOCUME~1\iorizzp\LOCALS~1\Temp\mbr.sys [] S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\2.tmp [] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160] S3 pxfhbus;PANTECH PC Card Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\pxfhbus.sys [] S3 pxfhmdfl;PANTECH PC Card Filter; C:\WINDOWS\system32\DRIVERS\pxfhmdfl.sys [] S3 pxfhmdm;PANTECH PC Card Drivers; C:\WINDOWS\system32\DRIVERS\pxfhmdm.sys [] S3 pxfhserd;PANTECH PC Card Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\pxfhserd.sys [] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [] S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [] S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632] R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944] S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464] S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720] S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848] S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] -----------------EOF-----------------
  6. NeedHelp
    Here are the logs. As you can see, the ESET scan found some more bugs: MalwareBytes: Malwarebytes' Anti-Malware 1.40 Database version: 2615 Windows 5.1.2600 Service Pack 2 2009-08-13 09:43:09 mbam-log-2009-08-13 (09-43-09).txt Scan type: Quick Scan Objects scanned: 96915 Time elapsed: 5 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.FakeAlert) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESET: C:\Program Files\Mozilla Firefox\~.exe a variant of Win32/Kryptik.OH trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\autorun.inf.vir Win32/AutoRun.Agent.BE worm cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Documents and Settings\iorizzp\nah_qkuj.exe.vir a variant of Win32/Kryptik.OE trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Documents and Settings\iorizzp\Application Data\Google\mccklrp32.dll.vir Win32/TrojanDownloader.FakeAlert.YR trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Documents and Settings\iorizzp\Application Data\Google\spclpt32.dll.vir Win32/TrojanDownloader.FakeAlert.YR trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Documents and Settings\iorizzp\Application Data\MACROM~1\Common\439200261.dll.vir Win32/Agent.OYR trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\enumusul.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\odipojin.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\opumuyep.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Common\439200261.dll.vir Win32/Agent.OYR trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{E9A67910-857F-4CCB-85D7-0D25030036F6}\RP1\A0000159.exe a variant of Win32/Kryptik.OH trojan cleaned by deleting - quarantined C:\WINDOWS\system32\vetidika.exe Win32/Agent.PDG trojan cleaned by deleting - quarantined
  7. NeedHelp
    Spy, I can't thank you enough for your help. Here is the log you requested: ComboFix 09-08-10.06 - iorizzp 2009-08-11 23:25.10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.197 [GMT -4:00] Running from: c:\documents and settings\iorizzp\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\iorizzp\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} FILE :: "c:\documents and settings\All Users\Application Data\ofusyteku.bin" "c:\program files\Common Files\apaxuj.dat" "c:\program files\Common Files\aqitulu.bin" "c:\program files\Common Files\axerylym.bin" "c:\program files\Common Files\lixuneg.vbs" "c:\program files\Common Files\ojywohahuf.ban" "c:\program files\Common Files\oxut.scr" "c:\program files\Common Files\yzod._sy" "c:\windows\ahidi.exe" "c:\windows\ikyqupezak.bin" "c:\windows\system32\efakihumux.scr" "c:\windows\xecyc.bin" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\ofusyteku.bin c:\program files\Common Files\apaxuj.dat c:\program files\Common Files\aqitulu.bin c:\program files\Common Files\axerylym.bin c:\program files\Common Files\lixuneg.vbs c:\program files\Common Files\ojywohahuf.ban c:\program files\Common Files\oxut.scr c:\program files\Common Files\yzod._sy c:\windows\ahidi.exe c:\windows\ikyqupezak.bin c:\windows\system32\efakihumux.scr c:\windows\xecyc.bin . ((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 ))))))))))))))))))))))))))))))) . 2009-08-11 23:15 . 2009-08-11 23:15 -------- d-----w- c:\windows\ServicePackFiles 2009-08-11 21:18 . 2009-08-11 21:18 -------- d-----w- c:\program files\MalwareBytes 2009-08-11 19:56 . 2009-08-11 20:02 -------- d-----w- C:\VIPRERESCUE1 2009-08-11 16:39 . 2009-08-11 20:02 0 ----a-w- c:\windows\system32\SBRC.dat 2009-08-11 16:38 . 2009-03-17 17:26 65320 ----a-w- c:\windows\system32\sbbd.exe 2009-08-11 16:38 . 2008-10-22 21:08 92464 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-08-11 16:38 . 2009-08-11 16:43 -------- d-----w- C:\VIPRERESCUE 2009-08-10 15:01 . 2009-08-11 16:54 -------- d-----w- c:\program files\Malewarebytes 2009-08-09 21:07 . 2009-08-09 21:08 -------- d-----w- c:\program files\MBytes 2009-08-09 03:42 . 2009-08-09 03:42 -------- d-----w- c:\program files\MBam 2009-08-09 03:26 . 2009-06-18 16:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\documents and settings\iorizzp\Application Data\GRETECH 2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\program files\GRETECH 2009-08-08 21:03 . 2009-08-08 21:03 -------- d-----w- c:\program files\Sophos 2009-08-08 20:45 . 2009-08-08 20:45 0 ----a-w- C:\settings.dat 2009-08-08 19:33 . 2009-08-08 19:33 -------- d-----w- c:\program files\install.com 2009-08-08 18:17 . 2009-08-08 18:18 -------- d-----w- c:\program files\ThisOne 2009-08-08 12:22 . 2009-08-08 12:22 -------- d-----w- c:\program files\mine 2009-08-08 12:19 . 2009-08-08 12:19 -------- d-----w- c:\program files\tryingagain 2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\Iorizzoee 2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\IorizzoHi 2009-08-07 02:58 . 2009-08-07 02:59 -------- d-----w- c:\program files\MyAPP 2009-08-07 02:55 . 2009-08-07 02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3 2009-08-07 02:45 . 2009-08-07 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2009-08-06 21:50 . 2009-08-06 21:50 -------- d-----w- C:\_OTM 2009-08-06 21:29 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images 2009-08-05 22:24 . 2009-08-09 02:09 -------- d-----w- c:\documents and settings\iorizzp\Application Data\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-12 03:27 . 2008-12-27 18:02 -------- d-----w- c:\documents and settings\iorizzp\Application Data\DNA 2009-08-12 03:17 . 2008-12-27 18:02 -------- d-----w- c:\program files\DNA 2009-08-11 15:30 . 2009-03-13 03:12 117760 ----a-w- c:\documents and settings\iorizzp\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-08-11 13:49 . 2008-09-06 14:56 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-07 13:16 . 2008-12-07 20:04 -------- d-----w- c:\program files\Trend Micro 2009-08-06 22:04 . 2009-08-06 22:04 16580 ----a-w- c:\program files\Common Files\aguhipib.inf 2009-08-06 22:00 . 2008-12-10 04:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-06 22:00 . 2009-02-15 18:18 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-05 09:11 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 17:36 . 2008-12-10 04:45 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 17:36 . 2008-12-10 04:45 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-29 04:53 . 2004-08-04 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:53 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-17 18:55 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 06:18 . 2004-08-04 10:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-26 16:18 . 2006-03-04 03:33 659456 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:18 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-25 18:36 . 2004-08-04 10:00 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-04 10:00 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-04 10:00 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-04 10:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-04 10:00 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2004-08-04 10:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2004-08-04 10:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2004-08-04 10:00 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2004-08-04 10:00 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2004-08-04 10:00 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 18:36 . 2004-08-04 10:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-22 11:49 . 2004-08-04 10:00 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2004-08-04 10:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2004-08-04 10:00 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2004-08-04 10:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-12 11:50 . 2004-08-04 10:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 11:50 . 2004-08-04 10:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:21 . 2004-08-04 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2004-08-04 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 07:42 . 2007-03-19 22:31 655872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-04 10:00 1290752 ----a-w- c:\windows\system32\quartz.dll 2009-05-29 03:34 . 2009-05-29 03:34 11410 ----a-w- c:\documents and settings\iorizzp\Application Data\CyberLink\msgdi.dll 2009-05-29 03:34 . 2009-05-29 03:34 10121 ----a-w- c:\documents and settings\iorizzp\Application Data\Identities\kern.dll 2009-05-29 03:34 . 2009-05-29 03:34 16141 ----a-w- c:\documents and settings\iorizzp\Application Data\BitZipper\lego.exe 2009-05-29 03:34 . 2009-05-29 03:34 145131 ----a-w- c:\documents and settings\iorizzp\Application Data\Apple Computer\nomad.exe 2009-05-29 03:34 . 2009-05-29 03:34 422 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeUM\socks1.exe 2009-05-29 03:34 . 2009-05-29 03:34 13221 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeAUM\rengo.dll 2009-05-29 03:34 . 2009-05-29 03:34 11232 ----a-w- c:\documents and settings\iorizzp\Application Data\Adobe\shalom.exe 2009-03-27 13:10 . 1601-01-01 00:12 61440 --sha-w- c:\windows\system32\vetidika.exe . ((((((((((((((((((((((((((((( SnapShot@2009-08-11_21.10.03 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-19 22:39 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe + 2008-02-19 15:28 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll - 2008-02-19 15:28 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll + 2004-08-04 10:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll - 2004-08-04 10:00 . 2004-08-04 10:00 55808 c:\windows\system32\secur32.dll + 2004-08-04 10:00 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe + 2006-03-04 03:33 . 2009-06-26 16:18 39424 c:\windows\system32\pngfilt.dll - 2006-03-04 03:33 . 2008-10-16 10:37 39424 c:\windows\system32\pngfilt.dll + 2004-08-04 10:00 . 2009-08-12 03:21 41238 c:\windows\system32\perfc009.dat - 2004-08-04 10:00 . 2009-08-11 21:02 41238 c:\windows\system32\perfc009.dat + 2007-03-19 22:31 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll + 2004-08-04 10:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll - 2004-08-04 10:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll - 2007-03-19 22:31 . 2004-08-04 10:00 58880 c:\windows\system32\msdtclog.dll + 2007-03-19 22:31 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll - 2004-08-04 10:00 . 2008-10-16 10:37 16384 c:\windows\system32\jsproxy.dll + 2004-08-04 10:00 . 2009-06-26 16:18 16384 c:\windows\system32\jsproxy.dll + 2006-03-04 03:33 . 2009-06-26 16:18 96256 c:\windows\system32\inseng.dll - 2006-03-04 03:33 . 2008-10-16 10:37 96256 c:\windows\system32\inseng.dll - 2006-03-04 03:33 . 2008-10-16 10:37 55808 c:\windows\system32\extmgr.dll + 2006-03-04 03:33 . 2009-06-26 16:18 55808 c:\windows\system32\extmgr.dll + 2004-08-04 10:00 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe + 2004-08-04 10:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe + 2004-08-04 10:00 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll - 2004-08-04 10:00 . 2004-08-04 10:00 55808 c:\windows\system32\dllcache\secur32.dll + 2004-08-04 10:00 . 2009-02-06 09:54 35328 c:\windows\system32\dllcache\sc.exe - 2006-03-04 03:33 . 2008-10-16 10:37 39424 c:\windows\system32\dllcache\pngfilt.dll + 2006-03-04 03:33 . 2009-06-26 16:18 39424 c:\windows\system32\dllcache\pngfilt.dll + 2007-03-19 22:31 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll + 2004-08-04 10:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll - 2004-08-04 10:00 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll + 2007-03-19 22:31 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll - 2007-03-19 22:31 . 2004-08-04 10:00 58880 c:\windows\system32\dllcache\msdtclog.dll + 2004-08-04 10:00 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll - 2004-08-04 10:00 . 2007-07-06 12:46 48640 c:\windows\system32\dllcache\mqupgrd.dll - 2004-08-04 10:00 . 2007-07-06 12:46 95744 c:\windows\system32\dllcache\mqsec.dll + 2004-08-04 10:00 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll + 2004-08-04 10:00 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll - 2004-08-04 10:00 . 2007-07-06 12:46 16896 c:\windows\system32\dllcache\mqise.dll + 2004-08-04 10:00 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll - 2004-08-04 10:00 . 2007-07-06 12:46 47104 c:\windows\system32\dllcache\mqdscli.dll - 2004-08-04 10:00 . 2004-08-04 10:00 19968 c:\windows\system32\dllcache\mqbkup.exe + 2004-08-04 10:00 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe + 2004-08-04 10:00 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys - 2004-08-04 10:00 . 2008-10-16 10:37 16384 c:\windows\system32\dllcache\jsproxy.dll + 2004-08-04 10:00 . 2009-06-26 16:18 16384 c:\windows\system32\dllcache\jsproxy.dll - 2006-03-04 03:33 . 2008-10-16 10:37 96256 c:\windows\system32\dllcache\inseng.dll + 2006-03-04 03:33 . 2009-06-26 16:18 96256 c:\windows\system32\dllcache\inseng.dll - 2004-08-04 10:00 . 2004-08-04 10:00 81920 c:\windows\system32\dllcache\ieencode.dll + 2004-08-04 10:00 . 2009-06-26 16:18 81920 c:\windows\system32\dllcache\ieencode.dll - 2007-03-19 22:33 . 2008-10-15 09:45 18432 c:\windows\system32\dllcache\iedw.exe + 2007-03-19 22:33 . 2009-06-22 11:38 18432 c:\windows\system32\dllcache\iedw.exe + 2004-08-04 10:00 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll + 2006-03-04 03:33 . 2009-06-26 16:18 55808 c:\windows\system32\dllcache\extmgr.dll - 2006-03-04 03:33 . 2008-10-16 10:37 55808 c:\windows\system32\dllcache\extmgr.dll + 2007-03-19 22:31 . 2005-07-26 04:20 60416 c:\windows\system32\dllcache\colbact.dll - 2007-03-19 22:31 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll + 2004-08-04 10:00 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll - 2004-08-04 10:00 . 2004-08-04 10:00 84992 c:\windows\system32\dllcache\avifil32.dll + 2004-08-04 10:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll - 2004-08-04 10:00 . 2004-08-04 10:00 58880 c:\windows\system32\dllcache\atl.dll + 2007-03-19 22:31 . 2005-07-26 04:20 60416 c:\windows\system32\colbact.dll - 2007-03-19 22:31 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll - 2004-08-04 10:00 . 2004-08-04 10:00 4608 c:\windows\system32\dllcache\mqsvc.exe + 2004-08-04 10:00 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe + 2007-03-19 22:36 . 2009-06-22 11:26 352768 c:\windows\system32\xpsp3res.dll - 2004-08-04 10:00 . 2004-08-04 10:00 351232 c:\windows\system32\winhttp.dll + 2004-08-04 10:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll + 2007-03-19 22:31 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe + 2007-03-19 22:31 . 2009-02-10 22:31 453120 c:\windows\system32\wbem\wmiprvsd.dll + 2007-03-19 22:31 . 2009-02-09 10:01 473088 c:\windows\system32\wbem\fastprox.dll + 2006-03-18 11:09 . 2009-06-26 16:18 616448 c:\windows\system32\urlmon.dll - 2006-03-04 03:33 . 2008-10-16 10:37 474112 c:\windows\system32\shlwapi.dll + 2006-03-04 03:33 . 2009-06-26 16:18 474112 c:\windows\system32\shlwapi.dll + 2004-08-04 10:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll + 2004-08-04 10:00 . 2009-02-06 10:22 110592 c:\windows\system32\services.exe + 2004-08-04 10:00 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll - 2004-08-04 10:00 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll + 2004-08-04 10:00 . 2009-02-09 10:01 401408 c:\windows\system32\rpcss.dll + 2004-08-04 10:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll - 2004-08-04 10:00 . 2007-07-09 13:09 584192 c:\windows\system32\rpcrt4.dll + 2004-08-04 10:00 . 2009-08-12 03:21 315076 c:\windows\system32\perfh009.dat - 2004-08-04 10:00 . 2009-08-11 21:02 315076 c:\windows\system32\perfh009.dat + 2004-08-04 10:00 . 2009-03-06 14:00 284160 c:\windows\system32\pdh.dll + 2004-08-04 10:00 . 2009-02-09 10:01 715264 c:\windows\system32\ntdll.dll - 2006-03-04 03:33 . 2008-10-16 10:37 532480 c:\windows\system32\mstime.dll + 2006-03-04 03:33 . 2009-06-26 16:18 532480 c:\windows\system32\mstime.dll + 2006-03-04 03:33 . 2009-06-26 16:18 146432 c:\windows\system32\msrating.dll - 2006-03-04 03:33 . 2008-10-16 10:37 146432 c:\windows\system32\msrating.dll - 2006-03-04 03:33 . 2008-10-16 10:37 449024 c:\windows\system32\mshtmled.dll + 2006-03-04 03:33 . 2009-06-26 16:18 449024 c:\windows\system32\mshtmled.dll + 2007-03-19 22:31 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll + 2007-03-19 22:31 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll + 2007-03-19 22:31 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll + 2004-08-04 10:00 . 2009-02-09 10:01 728576 c:\windows\system32\lsasrv.dll + 2004-08-04 10:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll + 2004-08-04 10:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll - 2006-03-04 03:33 . 2008-10-16 10:37 251392 c:\windows\system32\iepeers.dll + 2006-03-04 03:33 . 2009-06-26 16:18 251392 c:\windows\system32\iepeers.dll + 2007-03-19 17:18 . 2009-08-12 02:46 254272 c:\windows\system32\FNTCACHE.DAT - 2007-03-19 17:18 . 2009-02-13 14:52 254272 c:\windows\system32\FNTCACHE.DAT + 2006-03-04 03:33 . 2009-06-26 16:18 205312 c:\windows\system32\dxtrans.dll - 2006-03-04 03:33 . 2008-10-16 10:37 205312 c:\windows\system32\dxtrans.dll + 2004-08-04 10:00 . 2009-06-26 16:18 357888 c:\windows\system32\dxtmsft.dll - 2004-08-04 10:00 . 2008-10-16 10:37 357888 c:\windows\system32\dxtmsft.dll + 2007-03-19 22:31 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe + 2004-08-04 10:00 . 2009-07-13 06:18 233472 c:\windows\system32\dllcache\wmpdxm.dll - 2004-08-04 10:00 . 2004-08-04 10:00 233472 c:\windows\system32\dllcache\wmpdxm.dll + 2007-03-19 22:31 . 2009-02-06 09:41 227840 c:\windows\system32\dllcache\wmiprvse.exe + 2007-03-19 22:31 . 2009-02-10 22:31 453120 c:\windows\system32\dllcache\wmiprvsd.dll - 2004-08-04 10:00 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll + 2004-08-04 10:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll + 2006-03-04 03:33 . 2009-06-26 16:18 659456 c:\windows\system32\dllcache\wininet.dll - 2006-03-04 03:33 . 2008-10-16 10:37 659456 c:\windows\system32\dllcache\wininet.dll - 2004-08-04 10:00 . 2004-08-04 10:00 351232 c:\windows\system32\dllcache\winhttp.dll + 2004-08-04 10:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll + 2006-03-18 11:09 . 2009-06-26 16:18 616448 c:\windows\system32\dllcache\urlmon.dll + 2004-08-04 10:00 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll + 2006-03-04 03:33 . 2009-06-26 16:18 474112 c:\windows\system32\dllcache\shlwapi.dll - 2006-03-04 03:33 . 2008-10-16 10:37 474112 c:\windows\system32\dllcache\shlwapi.dll + 2004-08-04 10:00 . 2009-02-06 10:22 110592 c:\windows\system32\dllcache\services.exe - 2004-08-04 10:00 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll + 2004-08-04 10:00 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll + 2004-08-04 10:00 . 2009-02-09 10:01 401408 c:\windows\system32\dllcache\rpcss.dll - 2004-08-04 10:00 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll + 2004-08-04 10:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll + 2004-08-04 10:00 . 2009-03-06 14:00 284160 c:\windows\system32\dllcache\pdh.dll + 2004-08-04 10:00 . 2009-02-09 10:01 715264 c:\windows\system32\dllcache\ntdll.dll + 2004-08-04 10:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll + 2007-03-19 22:31 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll - 2006-03-04 03:33 . 2008-10-16 10:37 532480 c:\windows\system32\dllcache\mstime.dll + 2006-03-04 03:33 . 2009-06-26 16:18 532480 c:\windows\system32\dllcache\mstime.dll - 2006-03-04 03:33 . 2008-10-16 10:37 146432 c:\windows\system32\dllcache\msrating.dll + 2006-03-04 03:33 . 2009-06-26 16:18 146432 c:\windows\system32\dllcache\msrating.dll + 2004-08-04 10:00 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll - 2006-03-04 03:33 . 2008-10-16 10:37 449024 c:\windows\system32\dllcache\mshtmled.dll + 2006-03-04 03:33 . 2009-06-26 16:18 449024 c:\windows\system32\dllcache\mshtmled.dll + 2007-03-19 22:31 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll + 2007-03-19 22:31 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll + 2007-03-19 22:31 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll + 2004-08-04 10:00 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll - 2004-08-04 10:00 . 2007-07-06 12:46 471552 c:\windows\system32\dllcache\mqutil.dll - 2004-08-04 10:00 . 2004-08-04 10:00 186880 c:\windows\system32\dllcache\mqtrig.dll + 2004-08-04 10:00 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll + 2004-08-04 10:00 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe - 2004-08-04 10:00 . 2004-08-04 10:00 117248 c:\windows\system32\dllcache\mqtgsvc.exe + 2004-08-04 10:00 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll - 2004-08-04 10:00 . 2004-08-04 10:00 123392 c:\windows\system32\dllcache\mqrtdep.dll + 2004-08-04 10:00 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll + 2004-08-04 10:00 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll - 2004-08-04 10:00 . 2007-07-06 12:46 177152 c:\windows\system32\dllcache\mqrt.dll + 2004-08-04 10:00 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll + 2004-08-04 10:00 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll - 2004-08-04 10:00 . 2004-08-04 10:00 225280 c:\windows\system32\dllcache\mqoa.dll - 2004-08-04 10:00 . 2007-07-06 12:46 138240 c:\windows\system32\dllcache\mqad.dll + 2004-08-04 10:00 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll + 2004-08-04 10:00 . 2009-02-09 10:01 728576 c:\windows\system32\dllcache\lsasrv.dll + 2004-08-04 10:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll + 2004-08-04 10:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll - 2006-03-04 03:33 . 2008-10-16 10:37 251392 c:\windows\system32\dllcache\iepeers.dll + 2006-03-04 03:33 . 2009-06-26 16:18 251392 c:\windows\system32\dllcache\iepeers.dll + 2007-03-19 22:31 . 2009-02-09 10:01 473088 c:\windows\system32\dllcache\fastprox.dll + 2006-03-04 03:33 . 2009-06-26 16:18 205312 c:\windows\system32\dllcache\dxtrans.dll - 2006-03-04 03:33 . 2008-10-16 10:37 205312 c:\windows\system32\dllcache\dxtrans.dll - 2004-08-04 10:00 . 2008-10-16 10:37 357888 c:\windows\system32\dllcache\dxtmsft.dll + 2004-08-04 10:00 . 2009-06-26 16:18 357888 c:\windows\system32\dllcache\dxtmsft.dll + 2006-03-04 03:33 . 2009-06-26 16:18 151040 c:\windows\system32\dllcache\cdfview.dll - 2006-03-04 03:33 . 2008-10-16 10:37 151040 c:\windows\system32\dllcache\cdfview.dll + 2004-08-04 10:00 . 2009-02-09 10:01 617984 c:\windows\system32\dllcache\advapi32.dll - 2006-03-04 03:33 . 2008-10-16 10:37 151040 c:\windows\system32\cdfview.dll + 2006-03-04 03:33 . 2009-06-26 16:18 151040 c:\windows\system32\cdfview.dll + 2004-08-04 10:00 . 2009-02-09 10:01 617984 c:\windows\system32\advapi32.dll + 2004-08-04 10:00 . 2009-07-13 06:18 4960256 c:\windows\system32\wmp.dll + 2004-08-04 10:00 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys + 2006-03-30 09:16 . 2009-07-18 16:20 1506304 c:\windows\system32\shdocvw.dll + 2005-03-30 01:23 . 2009-02-06 10:32 2186112 c:\windows\system32\ntoskrnl.exe - 2005-03-30 01:01 . 2008-08-14 09:18 2062976 c:\windows\system32\ntkrnlpa.exe + 2005-03-30 01:01 . 2009-02-06 09:49 2062976 c:\windows\system32\ntkrnlpa.exe + 2006-03-23 17:32 . 2009-07-18 16:20 3062272 c:\windows\system32\mshtml.dll + 2004-08-04 10:00 . 2009-07-13 06:18 4960256 c:\windows\system32\dllcache\wmp.dll + 2004-08-04 10:00 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys + 2006-03-30 09:16 . 2009-07-18 16:20 1506304 c:\windows\system32\dllcache\shdocvw.dll + 2004-08-04 10:00 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll + 2006-12-19 16:51 . 2009-02-06 10:32 2186112 c:\windows\system32\dllcache\ntoskrnl.exe - 2006-12-19 16:12 . 2008-08-14 09:18 2020864 c:\windows\system32\dllcache\ntkrpamp.exe + 2006-12-19 16:12 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe - 2006-12-19 16:12 . 2008-08-14 09:18 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe + 2006-12-19 16:12 . 2009-02-06 09:49 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe + 2006-12-19 16:49 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe - 2006-12-19 16:49 . 2008-08-14 09:55 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe + 2007-03-19 22:33 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll + 2006-03-23 17:32 . 2009-07-18 16:20 3062272 c:\windows\system32\dllcache\mshtml.dll + 2006-03-04 03:33 . 2009-06-26 16:18 1054208 c:\windows\system32\dllcache\danim.dll - 2006-03-04 03:33 . 2008-10-16 10:37 1054208 c:\windows\system32\dllcache\danim.dll + 2006-03-04 03:33 . 2009-06-26 16:18 1023488 c:\windows\system32\dllcache\browseui.dll - 2006-03-04 03:33 . 2008-10-16 10:37 1023488 c:\windows\system32\dllcache\browseui.dll + 2006-03-04 03:33 . 2009-06-26 16:18 1054208 c:\windows\system32\danim.dll - 2006-03-04 03:33 . 2008-10-16 10:37 1054208 c:\windows\system32\danim.dll + 2006-03-04 03:33 . 2009-06-26 16:18 1023488 c:\windows\system32\browseui.dll - 2006-03-04 03:33 . 2008-10-16 10:37 1023488 c:\windows\system32\browseui.dll + 2007-03-19 22:37 . 2009-02-06 10:32 2186112 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2007-03-19 22:37 . 2008-08-14 09:18 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2007-03-19 22:37 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2007-03-19 22:37 . 2008-08-14 09:18 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2007-03-19 22:37 . 2009-02-06 09:49 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2007-03-19 22:37 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2007-03-19 22:37 . 2008-08-14 09:55 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-27 342848] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-1-17 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024] R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-08-08 18816] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-06-22 106808] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-03-19 87936] R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2009-03-25 58240] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464] S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-08-11 92464] . Contents of the 'Scheduled Tasks' folder 2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-08-12 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.espn.com/ uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f mStart Page = hxxp://www.google.com mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: tusharep Trusted Zone: TUPATCHLINK01 Trusted Zone: tusharep FF - ProfilePath - c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\ FF - plugin: c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-11 23:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\TEMP\TMP00000087766C166AE8AF171C 524288 bytes scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\2.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}\InProcServer32] @DACL=(02 0000) @="c:\\WINDOWS\\system32\\iehelper.dll" "ThreadingModel"="Apartment" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1080) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2009-08-12 23:33 ComboFix-quarantined-files.txt 2009-08-12 03:33 ComboFix2.txt 2009-08-11 21:15 Pre-Run: 68,744,839,168 bytes free Post-Run: 68,720,021,504 bytes free 434 --- E O F --- 2009-08-11 23:19
  8. NeedHelp
    Thanks for the help, Spy. The good news is that everything worked. But wow, what a mess. As you can see, MalwareBytes found more than 50 infected files. Here are the logs: Avenger: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "c:\scecli.dll|C:\WINDOWS\system32\scecli.dll" completed successfully. Completed script processing. ******************* Finished! Terminate. Combofix: ComboFix 09-08-10.06 - iorizzp 2009-08-11 17:00.9.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.216 [GMT -4:00] Running from: c:\documents and settings\iorizzp\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-1132837576 c:\documents and settings\iorizzp\Application Data\EurekaLog c:\documents and settings\iorizzp\nah_qkuj.exe c:\program files\AskSearch\bin\DefaultSearch.dll c:\program files\Mozilla Firefox\extensions\{62C54186-F506-43F5-9F60-01652338F84C} c:\program files\Mozilla Firefox\extensions\{62C54186-F506-43F5-9F60-01652338F84C}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{62C54186-F506-43F5-9F60-01652338F84C}\chrome\content\overlay.xul c:\program files\Mozilla Firefox\extensions\{62C54186-F506-43F5-9F60-01652338F84C}\install.rdf c:\program files\Mozilla Firefox\searchplugins\search.xml C:\vkywt.exe c:\windows\system32\enumusul.ini c:\windows\system32\odipojin.ini c:\windows\system32\opumuyep.ini c:\windows\system32\wisdstr.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 ))))))))))))))))))))))))))))))) . 2009-08-11 19:56 . 2009-08-11 20:02 -------- d-----w- C:\VIPRERESCUE1 2009-08-11 16:39 . 2009-08-11 20:02 0 ----a-w- c:\windows\system32\SBRC.dat 2009-08-11 16:38 . 2009-03-17 17:26 65320 ----a-w- c:\windows\system32\sbbd.exe 2009-08-11 16:38 . 2008-10-22 21:08 92464 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-08-11 16:38 . 2009-08-11 16:43 -------- d-----w- C:\VIPRERESCUE 2009-08-10 15:01 . 2009-08-11 16:54 -------- d-----w- c:\program files\Malewarebytes 2009-08-09 21:07 . 2009-08-09 21:08 -------- d-----w- c:\program files\MBytes 2009-08-09 03:42 . 2009-08-09 03:42 -------- d-----w- c:\program files\MBam 2009-08-09 03:26 . 2009-06-18 16:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\documents and settings\iorizzp\Application Data\GRETECH 2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\program files\GRETECH 2009-08-08 21:03 . 2009-08-08 21:03 -------- d-----w- c:\program files\Sophos 2009-08-08 20:45 . 2009-08-08 20:45 0 ----a-w- C:\settings.dat 2009-08-08 19:33 . 2009-08-08 19:33 -------- d-----w- c:\program files\install.com 2009-08-08 18:17 . 2009-08-08 18:18 -------- d-----w- c:\program files\ThisOne 2009-08-08 12:22 . 2009-08-08 12:22 -------- d-----w- c:\program files\mine 2009-08-08 12:19 . 2009-08-08 12:19 -------- d-----w- c:\program files\tryingagain 2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\Iorizzoee 2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\IorizzoHi 2009-08-07 02:58 . 2009-08-07 02:59 -------- d-----w- c:\program files\MyAPP 2009-08-07 02:55 . 2009-08-07 02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3 2009-08-07 02:45 . 2009-08-07 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2009-08-06 22:04 . 2009-08-06 22:04 19968 ----a-w- c:\program files\Common Files\axerylym.bin 2009-08-06 22:04 . 2009-08-06 22:04 17536 ----a-w- c:\windows\xecyc.bin 2009-08-06 22:04 . 2009-08-06 22:04 17175 ----a-w- c:\windows\system32\efakihumux.scr 2009-08-06 22:04 . 2009-08-06 22:04 17014 ----a-w- c:\windows\ikyqupezak.bin 2009-08-06 22:04 . 2009-08-06 22:04 14386 ----a-w- c:\program files\Common Files\aqitulu.bin 2009-08-06 22:04 . 2009-08-06 22:04 12867 ----a-w- c:\program files\Common Files\apaxuj.dat 2009-08-06 22:04 . 2009-08-06 22:04 11025 ----a-w- c:\program files\Common Files\oxut.scr 2009-08-06 22:04 . 2009-08-06 22:04 10944 ----a-w- c:\windows\ahidi.exe 2009-08-06 22:04 . 2009-08-06 22:04 16910 ----a-w- c:\program files\Common Files\lixuneg.vbs 2009-08-06 21:50 . 2009-08-06 21:50 -------- d-----w- C:\_OTM 2009-08-06 21:29 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images 2009-08-06 21:09 . 2009-08-06 21:48 4 ----a-w- c:\windows\system32\bincd32.dat 2009-08-06 21:09 . 2009-08-06 21:50 2 ----a-w- c:\windows\ppp3.dat 2009-08-06 21:09 . 2009-08-06 21:50 64 ----a-w- c:\windows\ppp4.dat 2009-08-06 21:09 . 2009-08-06 21:09 36 ----a-w- c:\windows\system32\sysnet.dat 2009-08-06 21:08 . 2009-08-06 21:13 -------- d-----w- c:\program files\Windows Antivirus Pro 2009-08-06 19:33 . 2009-08-06 19:33 90624 ----a-w- C:\criqmsck.exe 2009-08-06 19:33 . 2009-08-06 19:33 27136 ----a-w- C:\ibts.exe 2009-08-06 19:32 . 2009-08-06 23:12 19456 ----a-w- C:\hcel.exe 2009-08-06 19:32 . 2009-08-06 23:12 19456 ----a-w- C:\niawndos.exe 2009-08-05 22:24 . 2009-08-09 02:09 -------- d-----w- c:\documents and settings\iorizzp\Application Data\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-11 21:09 . 2008-12-27 18:02 -------- d-----w- c:\program files\DNA 2009-08-11 21:09 . 2008-12-27 18:02 -------- d-----w- c:\documents and settings\iorizzp\Application Data\DNA 2009-08-11 15:30 . 2009-03-13 03:12 117760 ----a-w- c:\documents and settings\iorizzp\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-08-11 13:49 . 2008-09-06 14:56 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-07 13:16 . 2008-12-07 20:04 -------- d-----w- c:\program files\Trend Micro 2009-08-06 22:04 . 2009-08-06 22:04 16580 ----a-w- c:\program files\Common Files\aguhipib.inf 2009-08-06 22:04 . 2009-08-06 22:04 14741 ----a-w- c:\program files\Common Files\yzod._sy 2009-08-06 22:04 . 2009-08-06 22:04 10879 ----a-w- c:\program files\Common Files\ojywohahuf.ban 2009-08-06 22:04 . 2009-08-06 22:04 10477 ----a-w- c:\documents and settings\All Users\Application Data\ofusyteku.bin 2009-08-06 22:00 . 2008-12-10 04:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-06 22:00 . 2009-02-15 18:18 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-03 17:36 . 2008-12-10 04:45 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 17:36 . 2008-12-10 04:45 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-29 03:34 . 2009-05-29 03:34 11410 ----a-w- c:\documents and settings\iorizzp\Application Data\CyberLink\msgdi.dll 2009-05-29 03:34 . 2009-05-29 03:34 10121 ----a-w- c:\documents and settings\iorizzp\Application Data\Identities\kern.dll 2009-05-29 03:34 . 2009-05-29 03:34 16141 ----a-w- c:\documents and settings\iorizzp\Application Data\BitZipper\lego.exe 2009-05-29 03:34 . 2009-05-29 03:34 145131 ----a-w- c:\documents and settings\iorizzp\Application Data\Apple Computer\nomad.exe 2009-05-29 03:34 . 2009-05-29 03:34 422 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeUM\socks1.exe 2009-05-29 03:34 . 2009-05-29 03:34 13221 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeAUM\rengo.dll 2009-05-29 03:34 . 2009-05-29 03:34 11232 ----a-w- c:\documents and settings\iorizzp\Application Data\Adobe\shalom.exe 2009-03-27 13:10 . 1601-01-01 00:12 61440 --sha-w- c:\windows\system32\vetidika.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-27 342848] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-1-17 118784] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024] R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-08-08 18816] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-06-22 106808] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-03-19 87936] R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2009-03-25 58240] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464] S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-08-11 92464] . Contents of the 'Scheduled Tasks' folder 2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-08-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.espn.com/ uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f mStart Page = hxxp://www.google.com mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: tusharep Trusted Zone: TUPATCHLINK01 Trusted Zone: tusharep FF - ProfilePath - c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\ FF - plugin: c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-11 17:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\2.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}\InProcServer32] @DACL=(02 0000) @="c:\\WINDOWS\\system32\\iehelper.dll" "ThreadingModel"="Apartment" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1104) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\windows\system32\scardsvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\rundll32.exe c:\windows\system32\igfxsrvc.exe c:\program files\Symantec AntiVirus\DoScan.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe . ************************************************************************** . Completion time: 2009-08-11 17:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-11 21:15 Pre-Run: 69,131,862,016 bytes free Post-Run: 69,170,700,288 bytes free 223 --- E O F --- 2009-03-06 14:49 MalwareBytes: Malwarebytes' Anti-Malware 1.40 Database version: 2605 Windows 5.1.2600 Service Pack 2 2009-08-11 17:57:55 mbam-log-2009-08-11 (17-57-55).txt Scan type: Full Scan (C:\|) Objects scanned: 129898 Time elapsed: 36 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 4 Files Infected: 47 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.FakeAlert) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Documents and Settings\iorizzp\Start Menu\Programs\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. Files Infected: C:\criqmsck.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\hcel.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\ibts.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\niawndos.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Program Files\Windows Antivirus Pro\tmp\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\vkywt.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\08062009_175040\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\08062009_175040\WINDOWS\system32\desot.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\msvcm80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\msvcp80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\msvcr80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\wispex.html (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\i1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\i2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\i3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\j1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\j2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\j3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\jj1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\jj2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\jj3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\l1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\l2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\l3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\pix.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\t1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\t2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\up1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\up2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\w1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\w11.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\w2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.jpg (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\wt1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\wt2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Program Files\Windows AntiVirus Pro\tmp\images\wt3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\Documents and Settings\iorizzp\Start Menu\Programs\Windows AntiVirus Pro\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\onhelp.htm (Rogue.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
  9. NeedHelp
    Hello, and thanks for the help. Unfortunately, I can't run Combofix. The green status bar comes up, then disappears. Just to be sure it didn't work, I went to c:combofix looking for a log. There was none. I also tried running it in safe mode with no success. Also, I downloaded the +++.exe tool and ran it first. It said it didn't find any infections and therefore did not restart my computer.
  10. NeedHelp
    Hello all, and thanks in advance for the help. I think I've been afflicted with the nasty little rootkit that seems to be going around. Here are my symptoms, which probably are beginning to sound familiar: When I try to scan with MalwareBytes, HiJackThis, RootRepel, etc., the window disappears after a few seconds and the program becomes essentially locked; if I try to click on the icon, I get a message saying, bascially, that I don't have permission to access the file. This happens in normal and in safe mode. I've tried running D.D.S. -- again in normal and safe mode -- but it never produces a log. Oh, and here's the most obvious symptom: Written on the background on my desktop is "DANGER!!! YOU ARE INFECTED ..." SuperAntiSpyware will run just fine, but it does not detect the problem. I'm able to run GMAER about 80 percent of the way through before it quits. I stopped a scan before it quit and captured a log, which I will post below. Again, thanks for any help you can offer: GMER 1.0.15.15020 [88nztk45[1].exe] - http://www.gmer.net Rootkit scan 2009-08-10 16:43:13 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT 82EF3358 ZwConnectPort SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAAE92350] SSDT 82E18628 ZwQueryValueKey SSDT 82DAAF38 ZwResumeThread SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAAE92580] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) Device \Driver\BTHUSB \Device\0000009c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\BTHUSB \Device\0000009e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [564] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [584] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.exe [1012] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1340] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1420] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1524] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [1604] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1616] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [1760] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\PROGRA~1\SYMANT~1\VPTray.exe [1768] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\Program Files\DNA\btdna.exe [1792] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [2036] 0x35670000 Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [4040] 0x35670000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0010c6960890 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c6960890 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164173906a Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0010c6960890 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00164173906a (not active ControlSet) Reg HKLM\SOFTWARE\Classes\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}\InProcServer32@ C:\WINDOWS\system32\iehelper.dll Reg HKLM\SOFTWARE\Classes\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}\InProcServer32@ThreadingModel Apartment ---- EOF - GMER 1.0.15 ----
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.