Jump to content

JK523

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Things are under control, thanks for the help.
  2. I was under attack once again. System Security 2009 among other nasties were on my PC again. I barely managed to remove them with mbam and sas .. I say barely because it wouldn't let me do anything but I finally tried logging onto another user name and it surprisingly worked. My PC is still infected because I'm running sas at the moment and I still see the nasties I just removed with mbam : Adware.Vundo/Variant-EC Adware.Tracking Cookie Rogue.SystemSecurity Rogue.Agent/Gen So either these nasties were not completely removed in the first place and/or my anti virus completely sucks :[ I use AVG Free and I think it's completely useless.. it doesn't even scan.. I press Scan Whole Computer and it doesn't do anything. I just keep it because it supposedly has a working anti-virus and anti-spyware...
  3. Combofix Log ComboFix 09-09-16.01 - Compaq_Owner 09/16/2009 14:07.8.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1470.881 [GMT -7:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Trend Micro Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} FILE :: "c:\windows\msa.exe.vir" "c:\windows\system32\drivers\beep.sys.vir" "c:\windows\system32\drivers\d0aeb8a3.sys" "c:\windows\system32\tanovivo.dll.tmp" "c:\windows\system32\vajafeti.dll.tmp" "c:\windows\system32\zotokohu.dll.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Compaq_Owner\Cookies\dasyhoqa.dat c:\documents and settings\Compaq_Owner\Cookies\eduwily.bat c:\documents and settings\Compaq_Owner\Cookies\ezuhadymem.pif c:\documents and settings\Compaq_Owner\Cookies\imamonasy.bat c:\documents and settings\Compaq_Owner\Cookies\pobosijis._dl c:\documents and settings\Compaq_Owner\Local Settings\Application Data\tawu.vbs c:\windows\msa.exe.vir c:\windows\system32\drivers\beep.sys.vir c:\windows\system32\drivers\d0aeb8a3.sys c:\windows\system32\tanovivo.dll.tmp c:\windows\system32\vajafeti.dll.tmp c:\windows\system32\zotokohu.dll.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_d0aeb8a3 ((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 ))))))))))))))))))))))))))))))) . 2009-09-16 04:20 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-16 04:20 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-09-15 05:56 . 2009-09-16 04:13 1971232 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-15 05:56 . 2009-09-16 04:13 12320 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-14 08:26 . 2009-09-14 08:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-14 02:32 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-14 02:32 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-12 09:04 . 2009-09-14 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 06:17 . 2009-09-14 22:45 -------- d-----w- c:\program files\SpywareBlaster 2009-09-11 21:32 . 2009-09-11 21:42 -------- d--h--w- c:\windows\PIF 2009-09-11 06:05 . 2009-09-11 07:01 -------- d-----w- C:\$AVG8.VAULT$ 2009-09-11 06:03 . 2009-09-11 06:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-11 06:03 . 2009-09-11 06:03 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-11 06:03 . 2009-09-11 06:03 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-11 06:03 . 2009-09-11 06:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-11 06:03 . 2009-09-16 19:36 -------- d-----w- c:\windows\system32\drivers\Avg 2009-09-11 06:03 . 2009-09-11 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-09-11 06:02 . 2009-09-11 06:02 -------- d-----w- c:\program files\AVG 2009-09-11 06:02 . 2009-09-11 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-11 05:56 . 2009-09-11 05:56 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AVG8 2009-09-11 05:27 . 2009-09-11 05:27 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations 2009-09-11 04:53 . 2009-09-11 06:09 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-09-11 04:53 . 2009-09-11 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-09-11 04:53 . 2009-09-11 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE 2009-09-10 05:03 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-10 00:37 . 2009-09-10 00:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Simply Super Software 2009-09-10 00:28 . 2009-09-10 00:28 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\AVG Security Toolbar 2009-09-10 00:09 . 2009-09-14 22:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-10 00:08 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-09-10 00:08 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-09-10 00:08 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2009-09-10 00:08 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2009-09-10 00:08 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2009-09-10 00:08 . 2009-09-10 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-09-10 00:08 . 2009-09-10 00:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software 2009-09-09 23:39 . 2009-09-09 23:40 -------- d-----w- c:\windows\system32\1033 2009-09-09 19:54 . 2009-09-09 19:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-09-09 19:20 . 2009-09-09 19:20 16077 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\dacaziw.dat 2009-09-09 18:26 . 2009-09-09 18:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM 2009-09-09 18:25 . 2009-09-09 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2009-09-09 18:25 . 2009-09-10 04:38 664 ----a-w- c:\windows\system32\d3d9caps.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-16 21:12 . 2008-01-29 09:35 -------- d-----w- c:\program files\DNA 2009-09-16 21:12 . 2008-01-29 09:35 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DNA 2009-09-16 04:13 . 2009-09-15 05:56 27476 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-16 04:13 . 2009-09-15 05:56 2228 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-15 21:06 . 2006-09-25 00:50 -------- d-----w- c:\program files\Warcraft III 2009-09-14 08:26 . 2006-04-05 22:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-13 09:01 . 2005-11-14 15:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-11 06:07 . 2009-08-16 15:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0 2009-09-11 04:40 . 2008-02-14 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-11 04:39 . 2009-07-04 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-09 16:41 . 2005-12-26 21:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-09-08 04:58 . 2007-04-27 22:29 -------- d-----w- c:\program files\Winamp 2009-08-25 19:57 . 2008-04-09 12:02 78473 ----a-w- c:\windows\War3Unin.dat 2009-08-23 04:32 . 2009-08-16 04:45 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\HpUpdate 2009-08-14 13:58 . 2009-09-10 02:09 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-08-05 13:07 . 2005-11-14 14:54 -------- d-----w- c:\program files\Java 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-28 08:53 . 2008-09-07 01:30 96 ---ha-w- c:\windows\system32\HsInfo.dat 2009-07-25 12:23 . 2008-12-15 19:18 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 17:08 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2004-08-04 12:00 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll 2007-01-11 17:55 . 2006-02-06 02:11 39908144 --sha-w- c:\windows\system32\srsc.dat . ((((((((((((((((((((((((((((( SnapShot@2009-09-16_04.15.10 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-16 21:12 . 2009-09-16 21:12 16384 c:\windows\temp\Perflib_Perfdata_284.dat + 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe + 2004-08-04 19:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe - 2005-11-14 14:58 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe + 2005-11-14 14:58 . 2007-07-27 17:41 26488 c:\windows\system32\spupdsvc.exe + 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe + 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll + 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll + 2004-08-04 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll - 2004-08-04 12:00 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll + 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll - 2004-08-04 12:00 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll + 2004-08-04 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll - 2004-08-04 12:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll + 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll + 2004-08-04 12:00 . 2009-07-13 17:08 286720 c:\windows\system32\dllcache\wmpdxm.dll + 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll + 2009-07-29 10:42 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll + 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll - 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll + 2009-09-16 07:02 . 2009-09-16 07:02 195584 c:\windows\Installer\9a1d63.msi + 2004-08-04 12:00 . 2009-05-20 19:44 2355200 c:\windows\system32\WMVCore.dll - 2004-08-04 12:00 . 2007-04-30 15:20 5537792 c:\windows\system32\wmp.dll + 2004-08-04 12:00 . 2009-07-13 17:08 5537792 c:\windows\system32\wmp.dll + 2004-08-04 12:00 . 2009-06-10 16:19 2066432 c:\windows\system32\mstscax.dll + 2004-08-04 12:00 . 2009-05-20 19:44 2355200 c:\windows\system32\dllcache\WMVCore.dll - 2004-08-04 12:00 . 2007-04-30 15:20 5537792 c:\windows\system32\dllcache\wmp.dll + 2004-08-04 12:00 . 2009-07-13 17:08 5537792 c:\windows\system32\dllcache\wmp.dll + 2004-08-04 12:00 . 2009-06-10 16:19 2066432 c:\windows\system32\dllcache\mstscax.dll + 2009-09-16 07:05 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 16:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-11 39408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-30 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 185896] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-11 2007832] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-14 27136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-11 06:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Warcraft III\\Frozen Throne.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\EA Games\\Ultima Online 2D Client\\client.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"= "c:\\Program Files\\Mozilla Firefox\\crashreporter.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16910:UDP"= 16910:UDP:CrashOnlineSend "16900:UDP"= 16900:UDP:CrashOnlineRecv "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager "6112:TCP"= 6112:TCP:WarcraftIII "9979:TCP"= 9979:TCP:BitCometLite 9979 TCP "9979:UDP"= 9979:UDP:BitCometLite 9979 UDP R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/10/2009 11:03 PM 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/10/2009 11:03 PM 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/10/2009 11:02 PM 297752] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [3/30/2004 6:35 PM 201984] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/30/2004 6:35 PM 20864] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/11/2009 11:56 AM 24652] S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/10/2009 11:02 PM 908056] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?] S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe --> c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [?] S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe --> c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [?] S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe --> c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [?] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\B.tmp --> c:\windows\system32\B.tmp [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408] S3 XDva005;XDva005;\??\c:\windows\system32\XDva005.sys --> c:\windows\system32\XDva005.sys [?] S3 XDva052;XDva052;\??\c:\windows\system32\XDva052.sys --> c:\windows\system32\XDva052.sys [?] S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?] S3 XoftSpyService;XoftSpyService;"c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe" --> c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder 2009-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html DPF: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC} - hxxp://bombndash.com/common/AppCaller.ocx FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ok1f8xs0.default\ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-16 14:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\controlset002\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\B.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3860988392-394202172-423444945-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CB8AFF88-11E7-FF5F-4B34-C54C65D14204}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abkmfejaedfnleaonmkaaecogflielpgpn"=hex:61,61,00,00 "bbkmfejaedfnleaonmjabhmilneafieoliic"=hex:61,61,00,00 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(792) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(920) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wscntfy.exe c:\program files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe . ************************************************************************** . Completion time: 2009-09-16 14:16 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-16 21:16 Pre-Run: 74,376,105,984 bytes free Post-Run: 74,484,834,304 bytes free Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 308 --- E O F --- 2009-09-16 07:12 Add/Remove Log: Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 7.0 Adobe Shockwave Player AIM 6 Apple Software Update ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver AVG 8.5 BitTorrent BufferChm Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center HydraVision Full ccc-core-preinstall ccc-core-static ccc-utility CCC Help English CCleaner (remove only) Compaq Organize CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_LightScribePlugin CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config CueTour Destinations DeviceManagementQFolder DivX Web Player DNA Full Tilt Poker FullDPAppQFolder Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) HP Boot Optimizer HP Image Zone 5.3 HP Imaging Device Functions 5.3 HP Update HpSdpAppCoreApp InstantShareDevices Java 6 Update 15 Java 6 Update 7 LimeWire 4.16.7 Malwarebytes' Anti-Malware Managed DirectX (0901) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework SDK (English) 1.1 Microsoft ActiveX Control Pad Microsoft AppLocale Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows Application Compatibility Database Microsoft Works Mozilla Firefox (3.5.3) PhotoGallery QuickTime RandMap RealPlayer Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Skins SkinsHP1 Sonic_PrimoSDK SpywareBlaster 4.2 SUPERAntiSpyware Free Edition Ultima Online 2D Client Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.762 VideoLAN VLC media player 0.8.6b Viewpoint Media Player Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Warcraft III: All Products WebFldrs XP Winamp Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 3 Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:22:47 PM, on 9/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\ALCXMNTR.EXE c:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207655416281 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC} (AppCaller Control) - http://bombndash.com/common/AppCaller.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing) O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing) O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing) O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (file missing) O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing) O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: XoftSpyService - Unknown owner - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (file missing) -- End of file - 8831 bytes
  4. Okay, couldn't find Content.IE5 but found and deleted ~.exe.vir. I'm not sure about this Combo-Fix /u command as it gives me an error message... I assume it starts up Combofix which I did manually and it finally fully scanned. Looks like things are getting clean. As for how the PC runs, it runs seemingly normal now. And here is the log from Combofix: ComboFix 09-09-14.02 - Compaq_Owner 09/15/2009 21:08.7.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1470.550 [GMT -7:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\cfix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Trend Micro Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\xuvipigigy.bin c:\documents and settings\All Users\Application Data\yjufoz.pif c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk c:\windows\igypisucu.vbs c:\windows\isyxaq.reg c:\windows\nodiwute.exe c:\windows\osuxuse._dl c:\windows\pinor.bat c:\windows\system32\cyfusedi.ban c:\windows\system32\ivynalod.ban c:\windows\system32\jolup.bin c:\windows\system32\mygig.dl c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job c:\windows\xynigig._dl c:\windows\ycafa.pif . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 ))))))))))))))))))))))))))))))) . 2009-09-15 05:56 . 2009-09-16 04:13 1971232 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-15 05:56 . 2009-09-16 04:13 12320 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-14 08:26 . 2009-09-14 08:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-14 02:32 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-14 02:32 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-12 09:04 . 2009-09-14 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 06:17 . 2009-09-14 22:45 -------- d-----w- c:\program files\SpywareBlaster 2009-09-11 21:32 . 2009-09-11 21:42 -------- d--h--w- c:\windows\PIF 2009-09-11 06:05 . 2009-09-11 07:01 -------- d-----w- C:\$AVG8.VAULT$ 2009-09-11 06:03 . 2009-09-11 06:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-11 06:03 . 2009-09-11 06:03 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-11 06:03 . 2009-09-11 06:03 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-11 06:03 . 2009-09-11 06:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-11 06:03 . 2009-09-16 01:09 -------- d-----w- c:\windows\system32\drivers\Avg 2009-09-11 06:03 . 2009-09-11 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-09-11 06:02 . 2009-09-11 06:02 -------- d-----w- c:\program files\AVG 2009-09-11 06:02 . 2009-09-11 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-11 04:53 . 2009-09-11 06:09 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-09-11 04:53 . 2009-09-11 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-09-11 04:53 . 2009-09-11 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE 2009-09-10 05:03 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-10 00:12 . 2009-09-10 00:12 28160 ----a-w- c:\windows\system32\drivers\beep.sys.vir 2009-09-10 00:09 . 2009-09-14 22:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-10 00:08 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-09-10 00:08 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-09-09 18:16 . 2005-11-14 15:24 -------- d-----w- c:\documents and settings\Administrator\WINDOWS 2009-09-09 18:16 . 2009-09-11 06:03 -------- d-----w- c:\documents and settings\Administrator 2009-09-09 17:33 . 2009-09-09 23:50 0 ----a-w- c:\windows\system32\drivers\d0aeb8a3.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-16 04:14 . 2008-01-29 09:35 -------- d-----w- c:\program files\DNA 2009-09-16 04:13 . 2009-09-15 05:56 27476 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-16 04:13 . 2009-09-15 05:56 2228 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-15 21:06 . 2006-09-25 00:50 -------- d-----w- c:\program files\Warcraft III 2009-09-14 08:26 . 2006-04-05 22:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-13 09:01 . 2005-11-14 15:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-11 06:07 . 2009-08-16 15:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0 2009-09-11 04:40 . 2008-02-14 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-11 04:39 . 2009-07-04 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-10 04:38 . 2009-09-09 18:25 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-09-10 00:08 . 2009-09-10 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-09-09 18:18 . 2009-09-09 18:18 152576 ----a-w- c:\windows\msa.exe.vir 2009-09-09 16:41 . 2005-12-26 21:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec 2009-09-08 04:58 . 2007-04-27 22:29 -------- d-----w- c:\program files\Winamp 2009-08-25 19:57 . 2008-04-09 12:02 78473 ----a-w- c:\windows\War3Unin.dat 2009-08-14 13:58 . 2009-09-10 02:09 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-08-05 13:07 . 2005-11-14 14:54 -------- d-----w- c:\program files\Java 2009-07-28 08:53 . 2008-09-07 01:30 96 ---ha-w- c:\windows\system32\HsInfo.dat 2009-07-25 12:23 . 2008-12-15 19:18 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-08 17:28 . 2009-08-16 15:21 2920112 -c----w- c:\documents and settings\All Users\Application Data\~0\Ad-AwareAE.exe 2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll 2007-01-11 17:55 . 2006-02-06 02:11 39908144 --sha-w- c:\windows\system32\srsc.dat 2009-06-09 17:32 . 2009-06-09 17:32 49152 --sha-w- c:\windows\system32\tanovivo.dll.tmp 2009-06-09 17:32 . 2009-06-09 17:32 49152 --sha-w- c:\windows\system32\vajafeti.dll.tmp 2009-06-09 17:32 . 2009-06-09 17:32 49152 --sha-w- c:\windows\system32\zotokohu.dll.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 16:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-11 39408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-30 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 185896] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-11 2007832] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-11 06:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Warcraft III\\Frozen Throne.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\EA Games\\Ultima Online 2D Client\\client.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"= "c:\\Program Files\\Mozilla Firefox\\crashreporter.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16910:UDP"= 16910:UDP:CrashOnlineSend "16900:UDP"= 16900:UDP:CrashOnlineRecv "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager "6112:TCP"= 6112:TCP:WarcraftIII "9979:TCP"= 9979:TCP:BitCometLite 9979 TCP "9979:UDP"= 9979:UDP:BitCometLite 9979 UDP R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/10/2009 11:03 PM 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/10/2009 11:03 PM 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/10/2009 11:02 PM 297752] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [3/30/2004 6:35 PM 201984] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/30/2004 6:35 PM 20864] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/11/2009 11:56 AM 24652] S1 d0aeb8a3;d0aeb8a3;c:\windows\system32\drivers\d0aeb8a3.sys [9/9/2009 10:33 AM 0] S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/10/2009 11:02 PM 908056] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?] S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe --> c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [?] S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe --> c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [?] S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe --> c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [?] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\B.tmp --> c:\windows\system32\B.tmp [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408] S3 XDva005;XDva005;\??\c:\windows\system32\XDva005.sys --> c:\windows\system32\XDva005.sys [?] S3 XDva052;XDva052;\??\c:\windows\system32\XDva052.sys --> c:\windows\system32\XDva052.sys [?] S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?] S3 XoftSpyService;XoftSpyService;"c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe" --> c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder 2009-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html DPF: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC} - hxxp://bombndash.com/common/AppCaller.ocx FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\ok1f8xs0.default\ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) URLSearchHooks-EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) SharedTaskScheduler-{b507b37b-4b56-4635-9ebe-c58420add4f9} - (no file) SSODL-dederifor-{b507b37b-4b56-4635-9ebe-c58420add4f9} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-15 21:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\controlset002\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\B.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3860988392-394202172-423444945-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CB8AFF88-11E7-FF5F-4B34-C54C65D14204}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abkmfejaedfnleaonmkaaecogflielpgpn"=hex:61,61,00,00 "bbkmfejaedfnleaonmjabhmilneafieoliic"=hex:61,61,00,00 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(792) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1856) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\tcpsvcs.exe c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\wdfmgr.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-16 21:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-16 04:18 Pre-Run: 74,351,169,536 bytes free Post-Run: 74,360,471,552 bytes free Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 286 --- E O F --- 2009-07-28 22:18
  5. Success. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, September 15, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, September 15, 2009 16:38:10 Records in database: 2824043 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Objects scanned: 72911 Threats found: 4 Infected objects found: 6 Suspicious objects found: 0 Scan duration: 04:00:58 File name / Threat / Threats count C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G5IRODAN\blattodea[1].htm Infected: Trojan-Downloader.JS.LuckySploit.q 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChafjyyylkt.dll.vir Infected: Packed.Win32.TDSS.y 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChihensvxdq.dll.vir Infected: Packed.Win32.TDSS.y 1 C:\WINDOWS\system32\~.exe.vir Infected: Packed.Win32.Krap.x 1 D:\I386\Apps\APP32073\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1 D:\I386\Apps\APP32073\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1 Selected area has been scanned.
  6. SuperAntiSpyware actually let's me finish a scan so some progress is being made. It detected a lot more viruses... I don't know if they keep multiplying or what.
  7. Did a full scan and sure enough found more. Malwarebytes' Anti-Malware 1.41 Database version: 2794 Windows 5.1.2600 Service Pack 3 9/13/2009 10:12:01 PM mbam-log-2009-09-13 (22-12-01).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 170523 Time elapsed: 1 hour(s), 36 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\eventlog.dll (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UAClguhtkmbfm.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpulkapidlk.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP0\A0000003.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP0\A0000005.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G5IRODAN\bqqaob[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GXQVK9E3\qwxhuhvvjw[1].htm (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ODIVK9MN\xdajk[1].htm (Spyware.Banker) -> Quarantined and deleted successfully.
  8. Miraculously, I got mbam to work with some help and it detected 12 infected files, which was then removed. But I still believe that some are leftover. Anyway, here is the log from the scan: Malwarebytes' Anti-Malware 1.41 Database version: 2794 Windows 5.1.2600 Service Pack 3 9/13/2009 7:46:35 PM mbam-log-2009-09-13 (19-46-35).txt Scan type: Quick Scan Objects scanned: 99171 Time elapsed: 12 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 10 Folders Infected: 1 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{bca9b86c-91bc-11de-b1cd-35c755d89593} (Rogue.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\skynetxtlirsip (Rootkit.TDSS) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\15631714 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\braviax.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wisdstr.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\_scui.cpl.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\smss.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\braviax.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\15631714\15631714 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\15631714\pc15631714ins (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\system32\busoguze.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nowuvaku.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SKYNETvakcpbqe.dat (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SKYNETxpimmrsf.dat (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  9. No go on the ComboFix. However I did get Hijackthis to work : Logfile of HijackThis v1.99.1 Scan saved at 2:28:18 AM, on 9/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\tcpsvcs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\ALCXMNTR.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll F2 - REG:system.ini: Shell=Explorer.exe tapi.nfo beforeglav F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file) O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207655416281 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC} (AppCaller Control) - http://bombndash.com/common/AppCaller.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: dederifor - {b507b37b-4b56-4635-9ebe-c58420add4f9} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing) O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing) O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing) O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (file missing) O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing) O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: XoftSpyService - Unknown owner - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe (file missing)
  10. Thank you for replying, sjpritch25! I followed your instructions and everything was working fine but.. ComboFix just got stuck while it was scanning my PC. It reached stage 50 and just refused to go any further.. I don't believe it's a case of me not waiting long enough. It did however let me know that my PC is definitely infected by rootkit : windows\system32\drivers\UACrrjxfqpppq.sys windows\system32\drivers\UAChihensvxdq.dll windows\system32\drivers\pulkapidlk.dll windows\system32\drivers\UAChltdopejsv.dat windows\system32\drivers\hafjyyylkt.dll windows\system32\drivers\lguhtkmbfm.dll I'll run it again and make sure.
  11. My computer is infected with some kind of malicious file(s) and I can't even clean it out. I'm unable to run any cleaners (mbam, SAS, AVG scanner). I've been able to download and install some programs by changing the name, but that's as far as this virus will let me go. I try to scan but it immediately closes and then says I don't have permission to access the file when I try to reopen it. I'm also unable to use Hijackthis and Smitfraud etc. to produce a scan log. Desperate for help.
  12. Well I used RSIT and got a log file: Logfile of random's system information tool 1.06 (written by random/random) Run by Compaq_Owner at 2009-09-11 16:12:35 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 71 GB (80%) free of 88 GB Total RAM: 1470 MB (65% free) ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\ParetoLogic Registration.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-10 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - [] {32099AAC-C132-4136-9E9A-4E364A424E17} - [] {D0943516-5076-4020-A3B5-AEFAF26AB263} - [] {A057A204-BACC-4D26-9990-79A187E2698E} {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-01 259696] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576] ""= [] "ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-25 185896] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-10 2007832] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-11 39408] "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-03-30 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-09-10 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616] dederifor - {b507b37b-4b56-4635-9ebe-c58420add4f9} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] ghya673gidh87we9inkff - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} mujuzedij - {b507b37b-4b56-4635-9ebe-c58420add4f9} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\WINDOWS\system32\pipiwuhi.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 "NoSetActiveDesktop"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= "NoSetActiveDesktop"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne" "C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III" "C:\Program Files\EA Games\Ultima Online 2D Client\client.exe"="C:\Program Files\EA Games\Ultima Online 2D Client\client.exe:*:Enabled:Ultima Online Client" "C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe:*:Enabled:KCSDownloaderEngine" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer" "C:\WINDOWS\system32\winupdate.exe"="C:\WINDOWS\system32\winupdate.exe:*:Enabled:winupdate" "C:\WINDOWS\system32\sorihade.exe"="C:\WINDOWS\system32\sorihade.exe:*:Enabled:sorihade" "C:\WINDOWS\Temp\lsass.exe"="C:\WINDOWS\Temp\lsass.exe:*:Enabled:lsass" "C:\WINDOWS\Temp\install.exe"="C:\WINDOWS\Temp\install.exe:*:Enabled:install" "C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon" "C:\Program Files\Mozilla Firefox\crashreporter.exe"="C:\Program Files\Mozilla Firefox\crashreporter.exe:*:Enabled:crashreporter" "C:\WINDOWS\Temp\svchost.exe"="C:\WINDOWS\Temp\svchost.exe:*:Enabled:svchost" "C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"="C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox" "C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe" "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] shell\AutoRun\command - E:\autoplay.exe ======List of files/folders created in the last 1 months====== 2009-09-11 16:12:35 ----D---- C:\rsit 2009-09-11 16:04:35 ----D---- C:\Program Files\Trend Micro 2009-09-11 14:51:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-11 14:32:10 ----HD---- C:\WINDOWS\PIF 2009-09-11 01:17:53 ----D---- C:\Program Files\Sophos 2009-09-10 23:10:54 ----A---- C:\WINDOWS\system32\aswBoot.exe 2009-09-10 23:10:52 ----D---- C:\Program Files\Alwil Software 2009-09-10 23:07:01 ----SHD---- C:\Config.Msi 2009-09-10 23:05:45 ----HD---- C:\$AVG8.VAULT$ 2009-09-10 23:03:33 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-09-10 23:03:01 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar 2009-09-10 23:02:34 ----D---- C:\Program Files\AVG 2009-09-10 23:02:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2009-09-10 22:56:51 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AVG8 2009-09-10 21:53:54 ----D---- C:\Program Files\Common Files\ParetoLogic 2009-09-10 21:53:54 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic 2009-09-10 21:53:49 ----D---- C:\Documents and Settings\All Users\Application Data\XoftSpySE 2009-09-10 21:49:04 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-10 21:37:04 ----A---- C:\WINDOWS\ntbtlog.txt 2009-09-10 21:27:55 ----N---- C:\WINDOWS\system32\SKYNETfjwxfyab.dll 2009-09-09 17:37:27 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Simply Super Software 2009-09-09 17:09:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-09-09 17:08:56 ----A---- C:\WINDOWS\system32\ztvunrar36.dll 2009-09-09 17:08:56 ----A---- C:\WINDOWS\system32\ztvunace26.dll 2009-09-09 17:08:56 ----A---- C:\WINDOWS\system32\ztvcabinet.dll 2009-09-09 17:08:56 ----A---- C:\WINDOWS\system32\UNRAR3.dll 2009-09-09 17:08:56 ----A---- C:\WINDOWS\system32\unacev2.dll 2009-09-09 17:08:55 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2009-09-09 16:39:59 ----D---- C:\WINDOWS\system32\1033 2009-09-09 16:39:59 ----D---- C:\Program Files\xerox 2009-09-09 16:39:59 ----D---- C:\Program Files\windows nt 2009-09-09 16:39:58 ----D---- C:\Program Files\msn gaming zone 2009-09-09 13:04:39 ----A---- C:\WINDOWS\system32\braviax.exe.vir 2009-09-09 12:20:39 ----A---- C:\WINDOWS\pinor.bat 2009-09-09 12:20:39 ----A---- C:\WINDOWS\nodiwute.exe 2009-09-09 12:20:39 ----A---- C:\WINDOWS\igypisucu.vbs 2009-09-09 11:46:29 ----A---- C:\WINDOWS\system32\wisdstr.exe.vir 2009-09-09 11:18:20 ----A---- C:\WINDOWS\msa.exe.vir 2009-09-09 10:43:27 ----A---- C:\WINDOWS\braviax.exe.vir 2009-09-09 10:33:44 ----D---- C:\Documents and Settings\All Users\Application Data\15631714 2009-09-09 10:32:07 ----A---- C:\WINDOWS\system32\~.exe.vir 2009-08-16 08:22:35 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-08-16 08:17:05 ----HDC---- C:\Documents and Settings\All Users\Application Data\~0 2009-08-16 08:05:43 ----D---- C:\Program Files\Mozilla Firefox 2009-08-15 21:45:56 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\HpUpdate 2009-08-15 21:45:53 ----D---- C:\WINDOWS\Hewlett-Packard ======List of files/folders modified in the last 1 months====== 2009-09-11 16:07:20 ----D---- C:\WINDOWS\Temp 2009-09-11 16:07:20 ----D---- C:\WINDOWS\system3
  13. Wow. I just downloaded Hijackthis and I had to change the name to install it. Then I chose to scan and keep a log and it immediately closed. I tried to re open it and I get a message saying: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. This actually happened before as I was trying to scan my PC with other programs. This virus doesn't let you get very far.
  14. Hello possible hero of my PC I had this nasty program called Security Center ( Not Windows Security Center ) which I'm pretty sure is another version of Advanced Virus Remover. I may have removed it as it doesn't pop up anymore. But I know for sure my PC is still infected with something as I can't open my anti virus programs and I get invisible pop ups ( I'm watching a DVD movie in full screen and suddenly it goes to my desktop screen. ) I would like some help in getting rid of this unwanted guest once and for all.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.