philooza

Members

View Profile See their activity

Posts
7
Joined
October 26, 2009
Last visited
October 18, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by philooza

Backdoor.bot/American Express phishing

philooza replied to philooza's topic in Resolved Malware Removal Logs

DDS and Attach logs: DDS (Ver_2012-10-19.01) - NTFS_x86 Internet Explorer: 9.0.8112.16421 Run by Ed Grossi at 18:57:06 on 2012-10-18 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.904 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe C:\Program Files\Common Files\Nuance\dgnsvc.exe C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\SPBA\upeksvr.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\dell\DBRM\Reminder\DbrmTrayicon.exe C:\Windows\SSDriver\fi5110\SsWiaChecker.exe C:\Program Files\Nuance\PaperPort\pptd40nt.exe C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DYMO\DYMO Label Software\DLSService.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Futiro\Futiro for Skype\FutiroForSkype.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe C:\Users\Ed Grossi\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Tabs3\cmmain.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Tabs3\STMapi.exe C:\Tabs3\dropbox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\ProgramData\LexisNexis\OfficeTaskPaneUIService.exe C:\ProgramData\LexisNexis\OfficeUserStorageService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\notepad.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdfviewerplus\bin\PlusIEContextMenu.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll TB: PracticeMaster: {4E4D87BA-2985-409B-8D81-1F4B0F990902} - c:\tabs3\pmlinkie.dll uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe uRun: [Futiro for Skype] c:\program files\futiro\futiro for skype\FutiroForSkype.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe" mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe mRun: [scanSnap WIA Service Checker] c:\windows\ssdriver\fi5110\SsWiaChecker.exe mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe" mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe" mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini" mRun: [PDFHook] c:\program files\nuance\pdfviewerplus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] c:\program files\nuance\pdfviewerplus\RegistryController.exe mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.ini" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe StartupFolder: c:\users\edgros~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ed grossi\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\edgros~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cardmi~1.lnk - c:\program files\pfu\scansnap\cardminder\CardLauncher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoWelcomeScreen = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: DisableCAD = dword:1 IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Append to existing PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Create PDF file - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files\nuance\pdfviewerplus\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files\nuance\pdfviewerplus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {4E4D87BA-2985-409B-8D81-1F4B0F990902} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vnc.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc1.cab TCP: NameServer = 192.168.1.2 TCP: Interfaces\{0E918401-D87B-4218-B25A-C9894B7A2BD0} : DHCPNameServer = 192.168.1.2 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll Notify: spba - c:\program files\common files\spba\homefus2.dll SSODL: WebCheck - <orphaned> LSA: Authentication Packages = msv1_0 wvauth LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp . ================= FIREFOX =================== . FF - ProfilePath - c:\users\ed grossi\appdata\roaming\mozilla\firefox\profiles\j4ffp2co.default\ FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox/1311761199e6b4a9|http://www.judiciary.state.nj.us/|http://www.law.com/jsp/nj/index.jsp?slreturn=1&hbxlogin=1|http://www.nj.com/starledger/ FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\dymo\dymo label software\framework\npDYMOLabelFramework.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll FF - ExtSQL: 2012-09-30 11:35; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5 . ============= SERVICES / DRIVERS =============== . R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2010-6-29 127488] R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-4 296808] R2 DymoPnpService;DYMO PnP Service;c:\program files\dymo\dymo label software\DymoPnpService.exe [2012-1-30 32336] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374184] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-11-12 47640] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-9 2214504] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-2-10 144672] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088] R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2011-5-26 349224] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-18 40776] R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-9 136176] S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-19 250808] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-9 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 114144] S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-20 126464] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-20 19456] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-14 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-10-18 22:31:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-10-18 19:44:39 -------- d-----w- c:\program files\ESET 2012-10-18 17:54:45 -------- d-----w- c:\users\ed grossi\appdata\roaming\Malwarebytes 2012-10-18 17:53:39 -------- d-----w- c:\programdata\Malwarebytes 2012-10-18 17:53:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-18 17:53:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-17 17:46:34 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4ae5e1c0-baf2-4ee3-944c-f13e6b8a2b97}\mpengine.dll 2012-10-10 05:29:01 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-03 17:25:59 -------- d-----w- c:\users\ed grossi\appdata\local\DDMSettings 2012-09-25 21:56:22 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-22 18:34:09 -------- d-----w- c:\users\ed grossi\appdata\roaming\Intuit 2012-09-22 18:32:29 -------- d-----w- c:\users\ed grossi\appdata\local\IsolatedStorage 2012-09-22 18:32:27 -------- d-----w- c:\program files\common files\Intuit 2012-09-22 18:32:13 -------- d-----w- c:\program files\TurboTax 2012-09-22 18:32:01 -------- d-----w- c:\programdata\Intuit 2012-09-19 19:41:20 -------- d-----w- c:\program files\common files\DivX Shared 2012-09-19 19:41:10 -------- d-----w- c:\program files\DivX 2012-09-19 19:40:52 -------- d-----w- c:\programdata\DivX . ==================== Find3M ==================== . 2012-10-09 16:27:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 16:27:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe 2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-08-10 23:56:14 542208 ----a-w- c:\windows\system32\kerberos.dll 2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll . ============= FINISH: 18:57:41.64 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-19.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/11/2011 2:00:16 PM System Uptime: 10/18/2012 3:34:54 PM (3 hours ago) . Motherboard: Dell Inc. | | 0HN7XN Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz | CPU | 3200/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 221 GiB total, 149.782 GiB free. D: is CDROM () E: is FIXED (NTFS) - 1863 GiB total, 1842.612 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP186: 10/2/2012 4:04:20 AM - Windows Update RP187: 10/5/2012 12:26:18 PM - Windows Update RP188: 10/9/2012 4:23:39 AM - Windows Update RP189: 10/10/2012 3:00:36 AM - Windows Update RP190: 10/16/2012 5:50:30 AM - Windows Update . ==== Installed Programs ====================== . ABBYY FineReader for ScanSnap 4.1 Adobe Acrobat 9 Standard - English, Français, Deutsch Adobe Acrobat 9.5.2 - CPSID_83708 Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Apple Application Support Apple Mobile Device Support Apple Software Update BioAPI Framework Bonjour Broadcom NetXtreme-I Netlink Driver and Management Installer CardMinder CardMinder V4.1 Custom CyberLink PowerDVD 9.5 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Backup and Recovery Manager Dell Data Protection | Access Dell Data Protection | Access | Drivers Dell Data Protection | Access | Middleware Dell Edoc Viewer DellAccess DirectX 9 Runtime DivX Setup Dragon NaturallySpeaking 11 Dropbox DYMO Label v.8 DYMO LabelWriter Drivers EMBASSY Security Center ESET Online Scanner v3 Evernote v. 4.5.2 Futiro for Skype Gemalto Google Calendar Sync Google Chrome Google Update Helper GoToMeeting 4.8.0.723 iCloud Intel® Graphics Media Accelerator Driver iTunes Java Auto Updater Java 6 Update 24 Junk Mail filter update Lexis® for Microsoft® Office LogMeIn Malwarebytes Anti-Malware version 1.65.1.1000 Memeo Instant Backup Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 4.0 ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) NTRU TCG Software Stack Nuance PaperPort 12 Nuance PDF Viewer Plus NVIDIA Control Panel 275.33 NVIDIA Graphics Driver 275.33 NVIDIA Install Application NVIDIA Update 1.3.5 NVIDIA Update Components PaperPort Image Printer PC-CCID PhotoShowExpress Preboot Manager Private Information Manager QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup ScanSnap ScanSnap Manager ScanSnap Organizer Scansoft PDF Professional Seagate Dashboard Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition SimplyFile (remove only) Skype Click to Call Skype™ 5.10 Sonic CinePlayer Decoder Pack SPBA 5.9 Stamps.com Stamps.com Application Support for Microsoft Outlook 2000-2010 Stamps.com Application Support for Microsoft Word 2000-2010 Stamps.com support for Microsoft Outlook 2000-2010 Stamps.com support for Microsoft Word 2000-2010 System Requirements Lab Tabs3/PracticeMaster Programs Trusted Drive Manager TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wnjiper TurboTax 2011 wrapper Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Upek Touchchip Fingerprint Reader VC80CRTRedist - 8.0.50727.6195 Visual C++ 9.0 Runtime for Dragon NaturallySpeaking Wave Infrastructure Installer Wave Support Software Installer WebEx Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 10/18/2012 3:35:15 PM, Error: Service Control Manager [7000] - The GoToMyPC service failed to start due to the following error: The system cannot find the file specified. 10/18/2012 3:35:12 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully. 10/18/2012 2:48:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. . ==== End Of File ===========================
- October 18, 2012
- 4 replies
Backdoor.bot/American Express phishing

philooza posted a topic in Resolved Malware Removal Logs

Had this thing on my computer; tricked me into giving out personal information on American Express website, only popping up after I successfully logged in to the amex site. It also prevented me from making any online payment on the amex website. I removed it with malware bytes and could then make an online payment. I want to make sure it's gone completely. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.18.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Ed Grossi :: EDGROSSI-PC [administrator] 10/18/2012 1:55:50 PM mbam-log-2012-10-18 (14-09-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 268215 Time elapsed: 13 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{1DB3E0C7-D2BE-AD40-3CF6-D7220DC3F43F} (Backdoor.Bot) -> Data: "C:\Users\Ed Grossi\AppData\Roaming\Axnam\exxeez.exe" -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Ed Grossi\AppData\Roaming\Axnam\exxeez.exe (Backdoor.Bot) -> No action taken. (end)
- October 18, 2012
- 4 replies
MBAM won't run for me too

philooza replied to philooza's topic in Resolved Malware Removal Logs

Comparing the 2 Hijack logs the problem seems to be these two: O4 - HKLM\..\Run: [debapitof] Rundll32.exe "c:\windows\system32\foburune.dll",a O4 - HKLM\..\Run: [hagodudodi] Rundll32.exe "pokumala.dll",s Should I delete them?
- October 27, 2009
- 7 replies
MBAM won't run for me too

philooza replied to philooza's topic in Resolved Malware Removal Logs

The problem seemed to be fixed this afternoon. After running combofix the pop-ups stopped and I could run MBAM. But was on tonight and the pop-ups started up again, and now I can't open MBAM. This time there is no response when I try and load MBAM, whereas before it would search for the program and couldn't find it. Here are the second combofix and hijack logs: ComboFix 09-10-26.01 - Administrator 10/26/2009 20:45.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.471 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\foburune.dll c:\windows\system32\juhiruma.dll c:\windows\system32\karozeza.dll c:\windows\system32\pokumala.dll . ((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 ))))))))))))))))))))))))))))))) . 2009-10-26 01:02 . 2009-10-26 01:02 -------- d-----w- c:\program files\Trend Micro 2009-10-26 00:23 . 2009-10-26 00:23 0 ----a-w- c:\documents and settings\Administrator\settings.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-27 00:56 . 2006-07-19 16:41 -------- d-----w- c:\program files\Symantec AntiVirus 2009-10-27 00:09 . 2008-12-03 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-26 22:29 . 2009-02-19 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-26 00:19 . 2008-12-03 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2009-10-22 22:49 . 2006-07-19 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-13 15:25 . 2008-09-22 01:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft 2009-09-10 18:54 . 2008-12-03 19:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2008-12-03 19:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 09:35 . 2006-07-19 16:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2009-09-02 09:03 . 2009-08-19 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-08-18 12:50 . 2006-07-19 16:30 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-06 23:24 . 2004-12-05 21:52 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-12-05 21:52 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2006-07-19 15:34 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-12-05 21:52 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2004-12-05 21:52 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2004-12-05 22:41 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-12-05 21:52 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2004-12-05 21:52 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2008-07-16 01:39 . 2008-07-16 01:39 14290 ----a-w- c:\program files\settings.dat 2009-07-24 18:38 . 2009-07-24 18:38 51712 --sha-w- c:\windows\system32\biwapuyu.dll.tmp 2009-07-24 18:43 . 2009-07-24 18:43 90112 --sha-w- c:\windows\system32\famiriri.dll 2009-07-27 00:09 . 2009-07-27 00:09 51200 --sha-w- c:\windows\system32\gagoliro.dll 2009-07-24 18:38 . 2009-07-24 18:38 51712 --sha-w- c:\windows\system32\jufevedu.dll.tmp 2009-07-24 18:38 . 2009-07-24 18:38 51712 --sha-w- c:\windows\system32\jukihoda.dll.tmp 2009-07-25 13:05 . 2009-07-25 13:05 89600 --sha-w- c:\windows\system32\vebojefa.dll 2009-07-27 00:10 . 2009-07-27 00:10 51200 --sha-w- c:\windows\system32\wepejapu.dll 2009-07-25 13:05 . 2009-07-25 13:05 51712 --sha-w- c:\windows\system32\wutevoki.dll 2009-07-25 13:06 . 2009-07-25 13:06 51712 --sha-w- c:\windows\system32\ziliginu.dll.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{df4dacee-1e9c-458e-9ab6-da0d6b6eb634}] 2009-07-27 00:10 51200 --sha-w- c:\windows\system32\wepejapu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "debapitof"="c:\windows\system32\foburune.dll" [bU] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] "hagodudodi"="pokumala.dll" [bU] c:\documents and settings\All Users\Start Menu\Programs\Startup\ PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-9-20 40960] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideFastUserSwitching"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"= "c:\\WINDOWS\\system32\\igfxpers.exe"= R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [7/18/2006 8:51 AM 218112] R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [7/18/2006 8:51 AM 48140] R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [7/18/2006 8:51 AM 204800] R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [7/18/2006 8:51 AM 17664] R2 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [11/13/2008 2:17 PM 439616] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/9/2008 1:06 PM 24652] R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilDrvI9.sys [10/16/2009 9:36 PM 102448] S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?] S2 gupdate1c9929c6b304de;Google Update Service (gupdate1c9929c6b304de);c:\program files\Google\Update\GoogleUpdate.exe [2/19/2009 10:11 AM 133104] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 7:27 PM 124608] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-10-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-19 14:49] 2009-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 14:11] 2009-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 14:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/?src=aim uInternet Connection Wizard,ShellNext = hxxp://law.wfu.edu/ uInternet Settings,ProxyOverride = *.local IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\220mlp88.default\ FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . - - - - ORPHANS REMOVED - - - - HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe SharedTaskScheduler-{f7606afa-6e52-42f4-96ef-6eaace1877df} - c:\windows\system32\foburune.dll SSODL-herirojit-{f7606afa-6e52-42f4-96ef-6eaace1877df} - c:\windows\system32\foburune.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-26 20:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\windows\TEMP\mc23.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1116) c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\System32\SCardSvr.exe c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\progra~1\PHAROS~1\Core\CTskMstr.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\wbem\unsecapp.exe c:\combofix\CF2989.exe c:\windows\system32\igfxsrvc.exe c:\program files\Apoint\HidFind.exe c:\program files\Apoint\Apntex.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-27 21:01 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-27 01:01 ComboFix2.txt 2009-10-26 14:39 Pre-Run: 42,211,807,232 bytes free Post-Run: 42,218,319,872 bytes free - - End Of File - - E2319D2753FCA503C6E415CBE247FF46 HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:24:15 PM, on 10/26/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://law.wfu.edu/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: (no name) - {df4dacee-1e9c-458e-9ab6-da0d6b6eb634} - wepejapu.dll (file missing) O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [debapitof] Rundll32.exe "c:\windows\system32\foburune.dll",a O4 - HKLM\..\Run: [hagodudodi] Rundll32.exe "pokumala.dll",s O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153323251440 O20 - AppInit_DLLs: karozeza.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe O23 - Service: Google Update Service (gupdate1c9929c6b304de) (gupdate1c9929c6b304de) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11207 bytes
- October 27, 2009
- 7 replies
MBAM won't run for me too

philooza replied to philooza's topic in Resolved Malware Removal Logs

Here is the combofix report: ComboFix 09-10-25.02 - Administrator 10/26/2009 10:21.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.400 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . The following files were disabled during the run: c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk c:\recycler\S-1-5-21-1123561945-1364589140-839522115-500 c:\windows\system32\joruteka.dll c:\windows\system32\logon.exe c:\windows\system32\nijozaka.dll c:\windows\system32\nohijali.dll c:\windows\system32\tetupaha.dll c:\windows\system32\tubijeki.dll c:\windows\system32\zofepaso.dll . ((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 ))))))))))))))))))))))))))))))) . 2009-10-26 01:02 . 2009-10-26 01:02 -------- d-----w- c:\program files\Trend Micro 2009-10-26 00:23 . 2009-10-26 00:23 0 ----a-w- c:\documents and settings\Administrator\settings.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-26 14:33 . 2006-07-19 16:41 -------- d-----w- c:\program files\Symantec AntiVirus 2009-10-26 00:19 . 2008-12-03 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2009-10-26 00:19 . 2008-12-03 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-25 21:28 . 2009-02-19 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-22 22:49 . 2006-07-19 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-13 15:25 . 2008-09-22 01:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft 2009-09-10 18:54 . 2008-12-03 19:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2008-12-03 19:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-02 09:35 . 2006-07-19 16:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2009-09-02 09:03 . 2009-08-19 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-08-18 12:50 . 2006-07-19 16:30 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-06 23:24 . 2004-12-05 21:52 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-12-05 21:52 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2006-07-19 15:34 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-12-05 21:52 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2004-12-05 21:52 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2004-12-05 22:41 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-12-05 21:52 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2004-12-05 21:52 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2008-07-16 01:39 . 2008-07-16 01:39 14290 ----a-w- c:\program files\settings.dat 2009-07-24 18:38 . 2009-07-24 18:38 51712 --sha-w- c:\windows\system32\biwapuyu.dll.tmp 2009-07-24 18:43 . 2009-07-24 18:43 90112 --sha-w- c:\windows\system32\famiriri.dll 2009-07-24 18:38 . 2009-07-24 18:38 51712 --sha-w- c:\windows\system32\jufevedu.dll.tmp 2009-07-24 18:38 . 2009-07-24 18:38 51712 --sha-w- c:\windows\system32\jukihoda.dll.tmp 2009-07-25 13:05 . 2009-07-25 13:05 89600 --sha-w- c:\windows\system32\vebojefa.dll 2009-07-25 13:05 . 2009-07-25 13:05 51712 --sha-w- c:\windows\system32\wutevoki.dll 2009-07-25 13:06 . 2009-07-25 13:06 51712 --sha-w- c:\windows\system32\ziliginu.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{df4dacee-1e9c-458e-9ab6-da0d6b6eb634}] 2009-07-25 13:06 51712 --sha-w- c:\windows\system32\ziliginu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 420176] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-9-20 40960] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideFastUserSwitching"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"= R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [7/18/2006 8:51 AM 218112] R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [7/18/2006 8:51 AM 48140] R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [7/18/2006 8:51 AM 204800] R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [7/18/2006 8:51 AM 17664] R2 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [11/13/2008 2:17 PM 439616] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/9/2008 1:06 PM 24652] S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?] S2 gupdate1c9929c6b304de;Google Update Service (gupdate1c9929c6b304de);c:\program files\Google\Update\GoogleUpdate.exe [2/19/2009 10:11 AM 133104] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 7:27 PM 124608] --- Other Services/Drivers In Memory --- *Deregistered* - EraserUtilDrvI9 *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-10-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-19 14:49] 2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 14:11] 2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 14:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/?src=aim uInternet Connection Wizard,ShellNext = hxxp://law.wfu.edu/ uInternet Settings,ProxyOverride = *.local IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\220mlp88.default\ FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) HKLM-Run-debapitof - c:\windows\system32\joruteka.dll HKLM-Run-hagodudodi - nijozaka.dll SharedTaskScheduler-{e5a95d6f-4f4e-4a7d-8bf1-5e764e8d5e1e} - c:\windows\system32\joruteka.dll SSODL-rukewukoz-{e5a95d6f-4f4e-4a7d-8bf1-5e764e8d5e1e} - c:\windows\system32\joruteka.dll AddRemove-ExtegrityExam40 - c:\program files\Extegrity\Exam4\Uninstall.exe AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-26 10:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\wbem\unsecapp.exe c:\combofix\CF19929.exe c:\windows\system32\igfxsrvc.exe c:\program files\Apoint\HidFind.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac c:\program files\Apoint\Apntex.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-26 10:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-26 14:39 Pre-Run: 40,654,258,176 bytes free Post-Run: 42,255,241,216 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 03798F1DE895858A306067010681CA57 And here is the new hijack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:39:59 AM, on 10/26/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Apoint\Apntex.exe C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://law.wfu.edu/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: (no name) - {df4dacee-1e9c-458e-9ab6-da0d6b6eb634} - ziliginu.dll (file missing) O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153323251440 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe O23 - Service: Google Update Service (gupdate1c9929c6b304de) (gupdate1c9929c6b304de) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10757 bytes
- October 26, 2009
- 7 replies
MBAM won't run for me too

philooza replied to philooza's topic in Resolved Malware Removal Logs

Should've put this in... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:03:04 PM, on 10/25/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\HidFind.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://law.wfu.edu/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll F2 - REG:system.ini: Shell=Explorer.exe logon.exe O1 - Hosts: ::1 localhost O1 - Hosts: 78.26.179.107 browser-security.microsoft.com O1 - Hosts: 78.26.179.107 spywareprotector-2009.com O1 - Hosts: 78.26.179.107 www.spywareprotector-2009.com O1 - Hosts: 78.26.179.107 secure.spywareprotector-2009.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [CleanUp] c:\dell\ib\rmall.bat O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [debapitof] Rundll32.exe "c:\windows\system32\vebojefa.dll",a O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153323251440 O20 - AppInit_DLLs: c:\windows\system32\vebojefa.dll,tubijeki.dll O21 - SSODL: feberalos - {762ffe0a-d346-4fb9-9e71-73d9eda65887} - c:\windows\system32\vebojefa.dll O22 - SharedTaskScheduler: mujuzedij - {762ffe0a-d346-4fb9-9e71-73d9eda65887} - c:\windows\system32\vebojefa.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe O23 - Service: Google Update Service (gupdate1c9929c6b304de) (gupdate1c9929c6b304de) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11901 bytes
- October 26, 2009
- 7 replies
MBAM won't run for me too

philooza posted a topic in Resolved Malware Removal Logs

MBAM will not run. When try to run it says it is searching for the file. Pop-up ads also are coming up and computer is slow. GMER 1.0.15.15163 - http://www.gmer.net Rootkit quick scan 2009-10-25 20:48:37 Windows 5.1.2600 Service Pack 2 Running: rqpo8yyn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) ---- EOF - GMER 1.0.15 ----
- October 26, 2009
- 7 replies

Sign In

philooza

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by philooza

Backdoor.bot/American Express phishing

Backdoor.bot/American Express phishing

MBAM won't run for me too

MBAM won't run for me too

MBAM won't run for me too

MBAM won't run for me too

MBAM won't run for me too

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information