Jump to content

dr_langly

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Everything posted by dr_langly

  1. Hello Malwarebytes forum! I recently downloaded an ISO file from a public tracker and am now kicking myself in the butt because out of nowhere, my explorer.exe just STOPPED and half my hard drive dissapeared. Booting works, and i can get into safe mode but nothing is there, not even Internet Explorer and im really freaking out. It must have been latched onto this file because ive never seen anything work this quickly to practically wipe my harddrive out! I'll take any help i can get, im just hoping i can get back all of my work because its really important. Here are my Hijackthis Logs and Malwarebytes logs: Hijackthis: Malwarebytes: THANK YOU!
  2. Ok. MBAM Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4302 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 7/11/2010 10:19:13 AM mbam-log-2010-07-11 (10-19-13).txt Scan type: Quick scan Objects scanned: 143640 Time elapsed: 7 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gmamxjfa (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gmamxjfa (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Local Settings\Application Data\dvipybabb\wlgeyidtssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\0a371cf4.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\320.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. ========================================== DDS Log: DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Owner at 10:20:33.82 on Sun 07/11/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.120 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5577 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Meebo Notifier] "c:\documents and settings\owner\local settings\application data\meebo\meebo notifier\MeeboNotifier.exe" /startup mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartw~1.lnk - c:\program files\netgear\wg111 configuration utility\WG111CFG.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\nwtaphl0.default\ FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-11-17 8944] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-19 47640] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408] S3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2009-1-12 144768] S3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2009-1-12 545088] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-07-11 14:19:36 54016 ----a-w- c:\windows\system32\drivers\rsew.sys 2010-07-11 14:01:53 651264 ----a-w- c:\windows\system32\libeay32.dll 2010-07-11 14:01:53 147456 ----a-w- c:\windows\system32\ssleay32.dll 2010-07-11 14:01:52 929792 ----a-w- c:\windows\system32\AegisE5.dll 2010-07-11 14:01:52 379488 ----a-w- c:\windows\system32\drivers\wg111nd5.sys 2010-07-11 14:01:52 15781 ----a-w- c:\windows\system32\drivers\mdc8021x.sys 2010-07-11 14:01:52 0 d-----w- c:\program files\NETGEAR 2010-07-11 14:01:51 61440 ----a-w- c:\windows\system32\W32N50.dll 2010-07-11 14:01:51 16292 ----a-w- c:\windows\system32\PCANDIS5.SYS 2010-07-11 14:01:51 15577 ----a-w- c:\windows\system32\PCANDIS3.VXD 2010-07-10 19:57:46 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-07-10 19:57:46 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-07-10 19:56:47 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-07-10 19:56:47 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-07-10 19:56:43 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2010-07-10 19:56:43 21504 ----a-w- c:\windows\system32\hidserv.dll 2010-07-10 19:56:32 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-07-10 19:56:32 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-06-19 05:34:23 0 d-----w- c:\program files\iPod 2010-06-19 05:33:37 0 d-----w- c:\program files\iTunes 2010-06-19 05:18:50 0 d-----w- c:\program files\Bonjour ==================== Find3M ==================== 2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2009-01-13 08:06:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011320090114\index.dat ============= FINISH: 10:22:09.42 ===============
  3. Okay, the malwarebytes scan finished, i saved the log but DID NOT remove anything it showed me yet, simply because you instructed me to post a log, not delete whatever it finds. Malwarebytes QuickScan Log: And, DDS log:
  4. Hello, So i have rogue anti-virus programs flooding my desktop computer here. Its windows XP and i've done a hijackthis log. I need all the help I can get with this situation, so thank you in advance!!!! I have installed hijackthis in the ADMINISTRATOR account (which is not the account i normally use, i usually use OWNER) but i've booted into safe mode and chose admin. Just letting you know because sometimes you guys want a scan from each account. Heres the log from the Admin accnt through safe mode:
  5. Thanks to your EXE HElper, i was able to kill the nasty processes and run the xp chkdsk, then just re-formatted. Took the easy way out, hahaha. Again, thank you for your timely response, but i just re-installed this time around. Thanks for all your help! So long!!!
  6. Exe Helper Log: Working on getting on the internet at the moment. Thank you for your update so far.
  7. Hey Inzanity, This seems to be worse than we thought. When my pc is on for no longer than a minute all my icons dissapear and i see a fake microsoft 'security center' pop up. It looks exactly like the WinXP Security Center, except its a rogue program, no doubt about that. I cannot run any of the progs you gave me so far, and when i try and boot into safe mode, when it gets to the MVP file, it stops and reboots to the DELL screen. No 'safe mode' works at all. I even try to tell it to boot from cd so i can wipe the pc, and it still does NOT boot from cd. If i navigate to the cd in the pc, it wont run the setup, saying i dont have permission to run it.
  8. Hello!! I have here a Windows XP Machine that is severely damaged from attacks of malware and possibly rootkits. I cannot boot into ANY safe mode, the computer just loads back to the DELL screen, when i boot normally, its slower than ever, and I get overloaded with Rough anti-virus programs. Right now, i see REGCURE and PERSONAL SECURITY. When i put my Windows XP re-install cd in, i can navigate to the SETUP file, but it will NOT open. Cant run it as ADMINISTRATOR or anything, and im really at a loss here. If you could help me AT ALL, I'd really really appreciate it. I cant even copy MALWAREBYTES onto the desktop. It says i DO copy it, however i see 0 icons. Help!?!?!?!?!?!
  9. I posted this 4 days ago, and didnt get a single response. I have a laptop here that last night, got attacked by a facebook virus. huh.gif I just wanted to post a hijackthis log and see what I can do to make sure the laptop is clean and clear of this infection. Any help is greatly appreciated. A lot of important college work is on this laptop, cant just re-install.
  10. Hey there! I have a laptop here that last night, got attacked by a facebook virus. I just wanted to post a hijackthis log and see what I can do to make sure the laptop is clean and clear of this infection. Any help is greatly appreciated. A lot of important college work is on this laptop, cant just re-install. Hijackthis Log:
  11. Computer seems to be working perfectly. Your amazing! Thank you so much!!!!!!!!!!!!!!!!!!!! Expect a donation around Thursday
  12. Hey, i fixed the Internet Explorer issue, the pc seems to be running smooth right now. I've updated everything like JAVA and all that. Heres a OTL Log from my main user account. Theres another user account on the PC but i never ran any scans from that account. OTL Log:
  13. I just did a malwarebytes update then a quick scan... Took 12 minutes or so and found 5 infections. Cleaned them all and heres the log. Just figured i'd do it one more time while i wait for your response. Still acting funny.
  14. Everything seems to be running fine right now, however Internet Explorer (even after i reload default settings) will not load web pages. Firefox, however surfs the net perfectly fine. Im trying to update the OS and get some good antivirus going. Any idea why IE is crapping the bed?
  15. ComboFix 10-05-02.01 - Rob 05/03/2010 11:22:47.3.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.713 [GMT -4:00] Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 ))))))))))))))))))))))))))))))) . 2010-05-01 19:45 . 2010-05-01 19:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-05-01 19:45 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-01 19:45 . 2010-05-01 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-01 19:45 . 2010-05-01 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-01 19:45 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-01 13:36 . 2010-05-01 13:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\HotSync 2010-05-01 13:36 . 2010-05-01 13:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL 2010-05-01 13:36 . 2010-05-01 13:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL 2010-04-30 18:24 . 2010-04-30 18:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-04-30 18:19 . 2010-04-30 18:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2010-04-30 15:51 . 2010-04-30 15:51 -------- d-----w- c:\program files\uTorrent 2010-04-30 08:41 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-04-30 08:41 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-04-30 02:05 . 2010-04-30 02:05 -------- d-----w- c:\program files\Microsoft Silverlight . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-02 20:46 . 2009-10-01 17:34 -------- d-----w- c:\program files\Steam 2010-05-01 13:38 . 2007-04-09 21:58 -------- d-----w- c:\program files\DellSupport 2010-04-30 03:40 . 2009-07-08 00:35 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-28 11:41 . 2006-04-26 23:26 -------- d-----w- c:\program files\Dl_cats 2010-03-12 17:05 . 2010-03-12 17:05 439816 ----a-w- c:\documents and settings\Maureen\Application Data\Real\Update\setup3.10\setup.exe 2010-03-11 12:38 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2005-08-16 09:18 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2005-08-16 09:18 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-24 13:11 . 2006-04-20 12:42 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-19 01:17 . 2010-02-19 01:17 29320 ---ha-w- c:\windows\system32\mlfcache.dat 2010-02-19 00:53 . 2010-02-19 00:53 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-16 14:08 . 2005-08-16 09:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-04 03:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2005-08-16 09:18 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2005-08-16 09:18 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2008-02-28 00:46 . 2008-02-28 00:46 0 -c--a-w- c:\program files\temp01 2007-05-16 08:35 . 2007-03-31 14:23 135168 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2006-12-12 02:30 . 2006-05-08 03:45 88 --sh--r- c:\windows\system32\34DB9B2CF4.sys 2006-12-12 02:23 . 2006-04-26 23:39 56 -csh--r- c:\windows\system32\F42C9BDB34.sys 2006-12-12 02:30 . 2006-04-26 23:39 5852 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2010-05-02_20.13.01 ))))))))))))))))))))))))))))))))))))))))) . + 2005-08-16 09:18 . 2010-05-02 20:51 71732 c:\windows\system32\perfc009.dat - 2005-08-16 09:18 . 2010-05-02 20:03 71732 c:\windows\system32\perfc009.dat + 2005-08-16 09:18 . 2010-05-02 20:51 442466 c:\windows\system32\perfh009.dat - 2005-08-16 09:18 . 2010-05-02 20:03 442466 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2010-04-30 1238352] "fgwenqtg"="c:\documents and settings\Rob\Local Settings\Application Data\dyexrvfye\mkaeklrtssd.exe" [2010-04-30 270080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "HostManager"="c:\program files\Common Files\AOL\1169211361\ee\AOLSoftware.exe" [2006-09-26 50736] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7323648] c:\documents and settings\Maureen\Start Menu\Programs\Startup\ Palm Registration.lnk - c:\program files\Palm\register.exe [2005-8-8 2494464] c:\documents and settings\All Users\Start Menu\Programs\Startup\ America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-20 156784] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-20 24576] Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432] HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor.lnk backup=c:\windows\pss\Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCCCATS] 2005-09-14 05:50 73728 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlcctime.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2005-12-15 01:51 7323648 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2006-08-07 16:28 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Common Files\\AOL\\1169211361\\ee\\aolsoftware.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\WINDOWS\\system32\\dlcccoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Steam\\steamapps\\cannar27\\counter-strike\\hl.exe"= "c:\\Program Files\\Steam\\steamapps\\cannar27\\counter-strike source\\hl2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "41478:TCP"= 41478:TCP:null "23904:TCP"= 23904:TCP:null "36391:TCP"= 36391:TCP:null "5788:TCP"= 5788:TCP:null "29372:TCP"= 29372:TCP:null "56121:TCP"= 56121:TCP:null "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 "3776:UDP"= 3776:UDP:Media Center Extender Service "3390:TCP"= 3390:TCP:Remote Media Center Experience S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 4:25 PM 24652] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\trnh5irh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www3.sunysuffolk.edu/index.asp FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\trnh5irh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - HiddenExtension: XULRunner: {DE6E9F62-433C-4B09-AA52-151716E48187} - c:\documents and settings\Rob\Local Settings\Application Data\{DE6E9F62-433C-4B09-AA52-151716E48187} FF - HiddenExtension: XULRunner: {67D59710-67EC-4936-BD5F-A66E09660721} - c:\documents and settings\Rob\Local Settings\Application Data\{67D59710-67EC-4936-BD5F-A66E09660721} ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-03 11:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\L3CODECA.ACM - - - - - - - > 'explorer.exe'(516) c:\windows\system32\WININET.dll . Completion time: 2010-05-03 11:29:59 ComboFix-quarantined-files.txt 2010-05-03 15:29 ComboFix2.txt 2010-05-02 20:38 ComboFix3.txt 2010-05-02 20:14 Pre-Run: 88,324,595,712 bytes free Post-Run: 88,298,479,616 bytes free - - End Of File - - 7030E050F8251CB68C6E2338C768A373
  16. Good to hear back from you, Elise! I've been refreshing the page, so eager to fix this! hahahaha Copied ComboFix to this account desktop, running scan now. I HOPE THIS DOES IT!!!!
  17. Ok, logged into the main of the 2 accounts on this pc. Scanned w/ OTL. heres the log:
  18. Also, i just booted into normal mode....the ANTIVIRUS SOFT program is STILLLLLL running and tearing things apart :)
  19. Ok, after running the script, it scanned again and heres the log:
  20. Restarted and its running 10x smoother, will post log when finished
  21. it is running in safemode. its stuck at the system restore screen ...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.