Jump to content

spacks13

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. spacks13
    OK...I think the crisis has been adverted. I have attached the logs of what Malwarebytes found and removed. After Malwarebytes finished I had to do repair installations of all of my programs that were effected. The virus seems to have corrupted the section of the registry for Windows Installer. Everything seems to be back to normal accept for Adobe Reader 9.0 and MS Office 2007. I cannot remove/install those programs through Add/Remove Programs and any file associated with those programs lost their icons. However, the programs still seem to work. mbam_log_2009_08_20__23_40_50_.txt mbam_log_2009_08_20__23_03_44_.txt
  2. spacks13
    *UPDATE* I just got Malwarebytes to run and it is currently checking the system by renaming the mbam.exe. I'll keep this thread posted on my findings and if anyone has any suggestions in the meantime, I would love to hear them. Also, I have been able to run procexp.exe and RootRepeal but don't seem to see anything suspicious. Maybe I'm not looking for the right things?
  3. spacks13
    I can not access many .exe's on my laptop and receive this message' "Windows cannot access the specific device, path, or file. You may not have the appropriate permissions to access the item." I have also already followed the instructions for removing it on this page; http://www.2-spyware.com/remove-windows-antivirus-pro.html. Unfortunately, I cannot run Malwarebytes or HiJackThis. From reading some of the posts they have been recommending ComboFix. Here is the log... Please advise. ComboFix 09-08-20.01 - tmcilhenney 08/20/2009 20:53.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2543 [GMT -4:00] Running from: c:\documents and settings\tmcilhenney\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\cleanup.exe c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr0.dat c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr1.dat c:\recycler\S-1-5-21-3438605536-4105128146-2857893889-500 c:\windows\msa.exe c:\windows\ppp3.dat c:\windows\ppp4.dat c:\windows\run.log c:\windows\svchast.exe c:\windows\system32\bennuar.old c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk c:\windows\system32\dddesot.dll c:\windows\system32\desot.exe c:\windows\system32\drivers\kbiwkmjsaowpjn.sys c:\windows\system32\kbiwkmdpulqjns.dat c:\windows\system32\kbiwkmrkumilmm.dll c:\windows\system32\kbiwkmtjwajckx.dat c:\windows\system32\kbiwkmveqoyxxy.dll c:\windows\system32\kbiwkmxoelviyo.dat c:\windows\system32\sonhelp.htm c:\windows\system32\sysnet.dat ----- BITS: Possible infected sites ----- hxxp://megatron Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kbiwkmtumnkjdv -------\Legacy_kbiwkmtumnkjdv -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 ))))))))))))))))))))))))))))))) . 2009-08-21 01:06 . 2009-08-21 01:06 -------- d-sh--w- C:\found.000 2009-08-21 00:29 . 2009-08-21 00:29 574 ----a-w- C:\cleanup.bat 2009-08-21 00:29 . 2009-08-21 00:29 135168 ----a-w- C:\zip.exe 2009-08-20 23:49 . 2009-08-20 23:49 -------- d-----w- c:\documents and settings\tmcilhenney\Application Data\Lavasoft 2009-08-20 23:48 . 2009-08-20 23:48 -------- d-----w- c:\program files\Lavasoft 2009-08-20 22:43 . 2009-08-20 22:43 -------- d-----w- c:\documents and settings\tmcilhenney\Application Data\Malwarebytes 2009-08-20 22:43 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-20 22:43 . 2009-08-21 00:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-20 22:43 . 2009-08-20 22:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes 2009-08-20 22:43 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-20 19:40 . 2009-08-20 19:40 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-08-20 19:21 . 2009-08-20 19:21 54784 ----a-w- c:\windows\system32\drivers\UACrjelxrspne.sys 2009-08-20 19:21 . 2009-08-20 19:21 -------- d-sh--we c:\windows\system32\GroupPolicy\User\Scripts\Logoff\Logoff 2009-08-20 19:21 . 2009-08-20 19:21 -------- d-sh--we c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Shutdown 2009-08-20 14:55 . 2009-08-20 14:55 -------- d-----w- c:\documents and settings\tmcilhenney\Local Settings\Application Data\Installer2408 2009-08-20 14:47 . 2009-08-20 14:47 -------- d-----w- c:\documents and settings\tmcilhenney\Local Settings\Application Data\Installer3404 2009-08-20 14:31 . 2007-03-20 18:49 2781184 ----a-w- c:\documents and settings\tmcilhenney\Application Data\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll 2009-08-20 14:28 . 2009-08-20 14:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet 2009-08-20 14:12 . 2007-02-20 20:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe 2009-08-20 14:12 . 2007-02-20 20:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll 2009-08-20 14:02 . 2009-08-20 14:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-08-19 19:19 . 2009-08-19 19:19 -------- d-----w- c:\program files\Hewlett-Packard 2009-08-19 19:19 . 2009-08-19 19:19 -------- d-----w- c:\program files\Common Files\HP 2009-08-19 19:17 . 2009-08-19 19:20 174469 ----a-w- c:\windows\hppins12.dat 2009-08-19 19:17 . 2008-07-31 23:33 8239 ------w- c:\windows\hppmdl12.dat 2009-08-19 18:54 . 2009-08-19 18:54 71168 ----a-w- c:\windows\system32\drivers\vtpetixgqfuymbcj.sys 2009-08-18 13:02 . 2009-08-18 13:02 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-08-13 17:22 . 2009-08-13 18:49 -------- d-----w- c:\program files\Citrix 2009-08-12 21:53 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe 2009-08-12 21:53 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe 2009-08-12 21:53 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll 2009-08-12 21:53 . 2009-06-10 14:13 84992 ------w- c:\windows\system32\dllcache\avifil32.dll 2009-08-12 21:53 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll 2009-08-12 21:53 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-12 21:52 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-12 21:52 . 2009-06-25 08:25 54272 ------w- c:\windows\system32\dllcache\wdigest.dll 2009-08-12 21:52 . 2009-06-25 08:25 301568 ------w- c:\windows\system32\dllcache\kerberos.dll 2009-08-12 21:52 . 2009-06-25 08:25 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll 2009-08-12 21:52 . 2009-06-24 11:18 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys 2009-08-08 20:33 . 2009-08-08 20:41 -------- d-----w- c:\documents and settings\tmcilhenney\Application Data\Apple Computer 2009-08-08 20:32 . 2009-08-08 20:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple 2009-08-04 18:21 . 2009-06-29 16:12 17408 ------w- c:\windows\system32\dllcache\corpol.dll 2009-08-04 18:18 . 2009-06-16 14:36 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2009-08-04 18:18 . 2009-06-16 14:36 119808 ------w- c:\windows\system32\dllcache\t2embed.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-20 22:46 . 2008-11-15 00:01 256 ----a-w- c:\windows\system32\pool.bin 2009-08-20 22:46 . 2008-12-22 13:20 -------- d-----w- c:\documents and settings\tmcilhenney\Application Data\FileZilla 2009-08-20 19:54 . 2008-09-30 12:21 -------- d-----w- c:\program files\RegScrubXP 2009-08-20 14:21 . 2008-08-29 15:21 84680 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 14:17 . 2008-08-29 15:01 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-19 19:19 . 2008-12-12 17:49 -------- d-----w- c:\program files\HP 2009-08-18 13:02 . 2009-03-05 13:26 -------- d-----w- c:\program files\DivX 2009-08-18 12:46 . 2009-06-22 12:54 -------- d-----w- c:\program files\FileZilla FTP Client 2009-08-15 12:04 . 2008-09-30 12:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-15 12:04 . 2008-09-30 12:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-15 12:04 . 2008-09-30 12:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-13 07:03 . 2008-08-29 15:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help 2009-08-11 01:50 . 2009-01-27 16:36 -------- d-----w- c:\documents and settings\tmcilhenney\Application Data\.purple 2009-08-09 11:12 . 2009-04-13 13:31 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\VMware 2009-08-09 11:06 . 2009-04-13 13:40 -------- d-----w- c:\documents and settings\tmcilhenney\Application Data\VMware 2009-08-08 20:33 . 2009-08-08 20:33 -------- d-----w- c:\program files\iTunes 2009-08-08 20:33 . 2009-08-08 20:33 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-08-08 20:33 . 2009-08-08 20:33 -------- d-----w- c:\program files\iPod 2009-08-08 20:33 . 2009-08-08 20:32 -------- d-----w- c:\program files\Common Files\Apple 2009-08-08 20:33 . 2009-08-08 20:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer 2009-08-08 20:33 . 2009-08-08 20:33 -------- d-----w- c:\program files\Bonjour 2009-08-08 20:32 . 2009-08-08 20:32 -------- d-----w- c:\program files\QuickTime 2009-08-08 20:32 . 2009-08-08 20:32 -------- d-----w- c:\program files\Apple Software Update 2009-08-08 20:26 . 2009-04-13 13:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware 2009-08-08 15:18 . 2009-04-13 13:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2009-08-05 12:40 . 2008-10-29 21:41 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-05 09:01 . 2006-04-30 06:55 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-08-04 19:28 . 2009-07-16 17:11 -------- d-----w- c:\program files\Microsoft Works 2009-07-23 19:03 . 2009-01-26 21:00 -------- d-----w- c:\documents and settings\tmcilhenney\Application Data\gtk-2.0 2009-07-21 20:32 . 2009-07-21 18:06 -------- d-----w- c:\documents and settings\tmcilhenney\Application Data\Download Manager 2009-07-21 13:55 . 2009-07-21 13:55 -------- d-----w- c:\program files\FLV Player 2009-07-17 19:01 . 2006-04-30 06:55 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 18:24 . 2009-06-05 17:31 -------- d-----w- c:\documents and settings\tmcilhenney\Application Data\FuskerClient 2009-07-16 17:11 . 2008-09-30 12:00 -------- d-----w- c:\program files\MSBuild 2009-07-16 17:11 . 2009-07-16 17:11 -------- d-----w- c:\program files\Microsoft.NET 2009-07-16 17:09 . 2009-07-16 17:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-07-14 03:43 . 2006-04-30 06:56 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-13 18:23 . 2009-07-13 18:23 16608 ------w- c:\windows\gdrv.sys 2009-07-10 16:05 . 2009-07-14 12:53 765952 ------w- c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\mediaplayers@zeevee.com\platform\WINNT\mtn\bgd.dll 2009-07-10 16:05 . 2009-07-14 12:53 74240 ------w- c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\mediaplayers@zeevee.com\platform\WINNT\mtn\zlib1.dll 2009-07-10 16:05 . 2009-07-14 12:53 51200 ------w- c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\mediaplayers@zeevee.com\platform\WINNT\mtn\mtn.exe 2009-07-10 16:05 . 2009-07-14 12:53 343040 ------w- c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\mediaplayers@zeevee.com\platform\WINNT\mtn\avformat-51.dll 2009-07-10 16:05 . 2009-07-14 12:53 31232 ------w- c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\mediaplayers@zeevee.com\platform\WINNT\mtn\avutil-49.dll 2009-07-10 16:05 . 2009-07-14 12:53 150528 ------w- c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\mediaplayers@zeevee.com\platform\WINNT\mtn\swscale-0.dll 2009-07-10 16:05 . 2009-07-14 12:53 2358784 ------w- c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\mediaplayers@zeevee.com\platform\WINNT\mtn\avcodec-51.dll 2009-07-09 16:16 . 2009-08-08 20:32 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-09 16:16 . 2009-08-08 20:32 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-29 16:12 . 2006-04-30 06:56 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2006-04-30 06:55 78336 ------w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll 2009-06-26 13:58 . 2008-08-29 15:00 -------- d-----w- c:\program files\Common Files\Lenovo 2009-06-26 13:58 . 2008-08-29 15:11 33536 ------w- c:\windows\system32\drivers\tvtfilter.sys 2009-06-26 13:43 . 2009-06-26 13:43 -------- d-----w- c:\program files\Web CEO 2009-06-25 08:25 . 2006-04-30 06:56 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2006-04-30 06:55 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2006-04-30 06:55 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2006-04-30 06:55 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2006-04-30 06:55 730112 ------w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2006-04-30 06:55 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2006-04-30 06:55 92928 ------w- c:\windows\system32\drivers\ksecdd.sys 2009-06-23 19:34 . 2009-01-30 19:02 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PCDr 2009-06-23 19:30 . 2009-06-23 19:30 -------- d-----w- c:\documents and settings\tmcilhenney\Application Data\Leadertech 2009-06-23 17:52 . 2009-06-23 17:52 -------- d-----w- c:\program files\Common Files\Intel 2009-06-23 17:52 . 2008-08-29 14:49 -------- d-----w- c:\program files\Intel 2009-06-23 17:37 . 2008-08-29 15:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lenovo 2009-06-23 17:37 . 2009-01-30 19:01 -------- d-----w- c:\documents and settings\tmcilhenney\Application Data\Downloaded Installations 2009-06-23 17:36 . 2008-08-29 14:50 -------- d-----w- c:\program files\Lenovo 2009-06-16 14:36 . 2006-04-30 06:56 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2006-04-30 06:55 81920 ------w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2006-04-30 06:56 80896 ------w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2006-04-30 06:55 76288 ------w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2006-04-30 06:55 84992 ------w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2006-04-30 07:09 2066432 ------w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2006-04-30 06:56 132096 ------w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2006-04-30 06:55 1291264 ------w- c:\windows\system32\quartz.dll 2009-05-31 22:01 . 2009-05-31 22:01 664 ------w- c:\windows\system32\d3d9caps.dat 2009-05-25 04:24 . 2008-05-27 05:18 350208 ------w- c:\windows\system32\mssph.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848] "LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-20 77824] "LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-16 315392] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-15 2007832] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2009-02-03 181536] c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "RecycleBinSize"= 3 (0x3) "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2008-06-25 00:31 95496 ------w- c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 20:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-08-09 00:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2009-04-17 18:15 32768 ------w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-15 12:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [1/28/2009 5:58 PM 117800] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 5:57 PM 20520] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/30/2008 8:37 AM 335240] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [8/29/2008 11:09 AM 4442] R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 8:50 AM 46144] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/30/2008 8:37 AM 297752] R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [8/29/2008 11:06 AM 208896] R2 PDSched;PDScheduler;c:\program files\RAXCO\PerfectDisk\PDSched.exe [11/29/2005 2:16 PM 241731] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/29/2008 11:09 AM 53248] R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [6/24/2008 8:07 PM 12560] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 7:25 PM 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 AM 360448] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [8/29/2008 10:55 AM 108032] S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?] S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?] S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [6/5/2006 1:00 AM 35824] S3 ESISp50;ESISp50 NDIS Protocol Driver;c:\windows\system32\drivers\ESISp50.sys [11/29/2006 4:46 AM 27072] S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 3:13 AM 34064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {A2025525-F6F4-42E8-9B06-11F908BE2DBD} = 10.21.113.11,10.21.113.1 FF - ProfilePath - c:\docume~1\TMCILH~1\APPLIC~1\Mozilla\Firefox\Profiles\362rxgax.default\ FF - component: c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\mediaplayers@zeevee.com\platform\WINNT\components\itunesplugin.dll FF - component: c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\mediaplayers@zeevee.com\platform\WINNT\components\quicktime_plugin.dll FF - component: c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\mediaplayers@zeevee.com\platform\WINNT\components\UnboxPlugin.dll FF - component: c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\zvcore@zeevee.com\platform\WINNT\components\applauncher.dll FF - component: c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\zvcore@zeevee.com\platform\WINNT\components\mozilla_remote.dll FF - component: c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\zviewer@zeevee.com\platform\WINNT\components\filefinder.dll FF - component: c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\zviewer@zeevee.com\platform\WINNT\components\filewatcher.dll FF - component: c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\zviewer@zeevee.com\platform\WINNT\components\mediainfo_plugin.dll FF - plugin: c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll FF - plugin: c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\zviewer@zeevee.com\platform\WINNT_x86-msvc\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\tmcilhenney\Application Data\Mozilla\Firefox\Profiles\362rxgax.default\extensions\zviewer@zeevee.com\platform\WINNT_x86-msvc\plugins\npzvgui.dll FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJPI150_16.dll FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPOJI610.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-20 21:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1172) c:\windows\system32\vrlogon.dll c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\qlbase.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\Lenovo\HOTKEY\tphklock.dll c:\program files\ThinkVantage Fingerprint Software\pscssint.dll c:\program files\ThinkVantage Fingerprint Software\vti.dll - - - - - - - > 'lsass.exe'(1228) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll - - - - - - - > 'explorer.exe'(5584) c:\windows\system32\WININET.dll c:\program files\RocketDock\RocketDock.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Lenovo\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\windows\system32\igfxsrvc.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\ZOOM\TpScrex.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\system32\TPHDEXLG.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\system32\searchindexer.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\notepad.exe c:\windows\system32\searchprotocolhost.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Completion time: 2009-08-21 21:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-21 01:14 Pre-Run: 86,182,854,656 bytes free Post-Run: 86,052,233,216 bytes free 406 --- E O F --- 2009-08-13 07:03
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.