Jump to content

cheliza34

Honorary Members
 View Profile  See their activity

  • Posts

    26

  • Joined

  • Last visited

Reputation

0 Neutral
  1. cheliza34
    I recently purchased a new computer - I just put malwarebytes on it because I love the product - soon my anti-virus that was installed on my computer will expire and I will have to make a decision to subscribe or move on - Norton is the product...I am unfamilar with it - I use to use Trend Micro.... Anyway I would like to tap into the knowledge of this group and see what anti-virus software is the best to partner with Malwarebytes - and also ask do I even need anti-virus software with Malware bytes? Thanks for any suggestions I appreciate the help. ps - I hope its okay to post this here - I din't know where to put it! lol
  2. cheliza34
    Nope still there - I guess it doesn't matter - everything else is working properly - I appreciate your help
  3. cheliza34
    thank you for your time
  4. cheliza34
    wonderful thank you everything loads no re diredts......seems good
  5. cheliza34
    ComboFix 10-07-18.05 - Administrator 07/19/2010 13:56:27.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1614 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\userinit.exe --> c:\windows\system32\userinit.exe . ((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 ))))))))))))))))))))))))))))))) . 2010-07-19 14:46 . 2010-07-19 14:46 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\msvcp71.dll 2010-07-19 14:46 . 2010-07-19 14:46 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\jmc.dll 2010-07-19 14:46 . 2010-07-19 14:46 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\msvcr71.dll 2010-07-15 20:32 . 2010-07-15 20:32 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 20:14 . 2010-07-15 20:14 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-15 13:21 . 2010-07-15 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2010-07-14 20:09 . 2010-07-14 20:09 936960 ----a-w- c:\windows\system32\qtplugin(2).exe 2010-07-14 15:10 . 2010-07-15 20:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-19 15:48 . 2006-02-28 12:00 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys 2010-07-19 15:07 . 2007-08-15 15:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-15 20:32 . 2009-10-02 12:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 20:32 . 2009-10-02 12:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-15 13:53 . 2007-08-16 14:03 -------- d-----w- c:\program files\Lennox Repair Parts 2010-07-15 12:41 . 2010-03-02 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-14 14:34 . 2008-03-21 13:28 36 ---ha-w- c:\windows\system32\f9t.dat 2010-07-13 16:17 . 2010-03-08 13:13 -------- d-----w- c:\program files\CCleaner 2010-07-07 11:54 . 2010-03-08 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-01 11:52 . 2009-08-06 14:39 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-05 16:38 . 2010-06-05 16:38 -------- d-----w- c:\program files\CoffeeCup Software 2010-06-02 13:33 . 2009-10-02 12:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 19:39 . 2010-03-08 13:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2010-03-08 13:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 13:56 . 2009-04-16 15:21 50 ----a-w- c:\windows\system32\d8045def.dat 2006-12-11 19:47 . 2006-12-11 19:47 346 ----a-w- c:\program files\Shortcut to P - FDC.lnk 2002-07-31 23:55 . 2010-06-05 16:40 106 --sh--w- c:\windows\WSYS049.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-11-10 818288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-10-15 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-10-15 114688] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016] "PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108] "IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760] "SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-10-31 45056] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-15 20:32 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-02 11:58 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/2/2009 8:37 AM 216400] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/2/2009 8:37 AM 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 4:32 PM 308136] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/16/2009 11:22 AM 10368] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?] S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.lennoxdavenet.net/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: AdobeControl - hxxp://www.lennoxdavenet.net/webdynpro/resources/sap.com/tc~wd~dispwda/global/activeComp/AdobeControl.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-19 14:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-484763869-2139871995-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,04,97,f5,bb,fa,58,41,8c,76,5b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,04,97,f5,bb,fa,58,41,8c,76,5b,\ [HKEY_USERS\S-1-5-21-484763869-2139871995-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1A9A94C-5E56-04B6-8794-23B544266D99}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "kaodfihodobakabmpakbfk"=hex:67,61,6f,64,65,66,6d,6a,62,65,6c,6d,66,62,00,00 "kaodfihodobakabmpakbkk"=hex:66,61,64,70,69,66,6f,6c,64,6a,64,68,00,62 "maoejmenpgakbkppahfmppkaog"=hex:62,61,6a,66,00,fa . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(664) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(3404) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\brss01a.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\Brmfrmps.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\BRMFRSMG.EXE . ************************************************************************** . Completion time: 2010-07-19 14:12:17 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-19 18:12 ComboFix2.txt 2010-07-19 16:35 Pre-Run: 23,663,513,600 bytes free Post-Run: 23,660,126,208 bytes free - - End Of File - - 11698784EE7CB53B915E2F818ABE37E7
  6. cheliza34
    ComboFix 10-07-18.05 - Administrator 07/19/2010 12:25:49.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1605 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf . ((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 ))))))))))))))))))))))))))))))) . 2010-07-19 14:46 . 2010-07-19 14:46 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\msvcp71.dll 2010-07-19 14:46 . 2010-07-19 14:46 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\jmc.dll 2010-07-19 14:46 . 2010-07-19 14:46 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\msvcr71.dll 2010-07-15 20:32 . 2010-07-15 20:32 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 20:14 . 2010-07-15 20:14 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-15 13:21 . 2010-07-15 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2010-07-14 20:09 . 2010-07-14 20:09 936960 ----a-w- c:\windows\system32\qtplugin(2).exe 2010-07-14 15:10 . 2010-07-15 20:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-19 15:48 . 2006-02-28 12:00 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys 2010-07-19 15:07 . 2007-08-15 15:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-15 20:32 . 2009-10-02 12:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 20:32 . 2009-10-02 12:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-15 13:53 . 2007-08-16 14:03 -------- d-----w- c:\program files\Lennox Repair Parts 2010-07-15 12:41 . 2010-03-02 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-14 14:34 . 2008-03-21 13:28 36 ---ha-w- c:\windows\system32\f9t.dat 2010-07-13 16:17 . 2010-03-08 13:13 -------- d-----w- c:\program files\CCleaner 2010-07-07 11:54 . 2010-03-08 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-01 11:52 . 2009-08-06 14:39 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-05 16:38 . 2010-06-05 16:38 -------- d-----w- c:\program files\CoffeeCup Software 2010-06-02 13:33 . 2009-10-02 12:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 19:39 . 2010-03-08 13:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2010-03-08 13:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 13:56 . 2009-04-16 15:21 50 ----a-w- c:\windows\system32\d8045def.dat 2006-12-11 19:47 . 2006-12-11 19:47 346 ----a-w- c:\program files\Shortcut to P - FDC.lnk 2002-07-31 23:55 . 2010-06-05 16:40 106 --sh--w- c:\windows\WSYS049.SYS . ------- Sigcheck ------- [7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 00:12 . 835E4A9281BEA15FBCD47E2ED335CD97 . 26112 . . [------] . . c:\windows\system32\userinit.exe [7] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-11-10 818288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-10-15 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-10-15 114688] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016] "PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108] "IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760] "SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-10-31 45056] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-15 20:32 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-02 11:58 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/2/2009 8:37 AM 216400] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/2/2009 8:37 AM 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 4:32 PM 308136] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/16/2009 11:22 AM 10368] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?] S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - KLMDB *Deregistered* - klmdb . Contents of the 'Scheduled Tasks' folder 2009-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.lennoxdavenet.net/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: AdobeControl - hxxp://www.lennoxdavenet.net/webdynpro/resources/sap.com/tc~wd~dispwda/global/activeComp/AdobeControl.CAB . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SafeBoot-klmdb.sys ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-19 12:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-484763869-2139871995-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,04,97,f5,bb,fa,58,41,8c,76,5b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,04,97,f5,bb,fa,58,41,8c,76,5b,\ [HKEY_USERS\S-1-5-21-484763869-2139871995-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1A9A94C-5E56-04B6-8794-23B544266D99}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "kaodfihodobakabmpakbfk"=hex:67,61,6f,64,65,66,6d,6a,62,65,6c,6d,66,62,00,00 "kaodfihodobakabmpakbkk"=hex:66,61,64,70,69,66,6f,6c,64,6a,64,68,00,62 "maoejmenpgakbkppahfmppkaog"=hex:62,61,6a,66,00,fa . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Completion time: 2010-07-19 12:35:05 ComboFix-quarantined-files.txt 2010-07-19 16:34 Pre-Run: 23,421,030,400 bytes free Post-Run: 23,650,816,000 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - E8A6F30E7D4BDED5F71E43666033FC4A
  7. cheliza34
    11:47:09:265 2652 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 11:47:09:265 2652 ================================================================================ 11:47:09:265 2652 SystemInfo: 11:47:09:265 2652 OS Version: 5.1.2600 ServicePack: 3.0 11:47:09:265 2652 Product type: Workstation 11:47:09:265 2652 ComputerName: JEN 11:47:09:265 2652 UserName: Administrator 11:47:09:265 2652 Windows directory: C:\WINDOWS 11:47:09:265 2652 System windows directory: C:\WINDOWS 11:47:09:265 2652 Processor architecture: Intel x86 11:47:09:265 2652 Number of processors: 1 11:47:09:265 2652 Page size: 0x1000 11:47:09:265 2652 Boot type: Normal boot 11:47:09:265 2652 ================================================================================ 11:47:09:687 2652 Initialize success 11:47:09:687 2652 11:47:09:687 2652 Scanning Services ... 11:47:10:234 2652 Raw services enum returned 320 services 11:47:10:234 2652 11:47:10:234 2652 Scanning Drivers ... 11:47:11:390 2652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 11:47:11:500 2652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 11:47:11:687 2652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 11:47:11:796 2652 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 11:47:12:406 2652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 11:47:12:546 2652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 11:47:12:687 2652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 11:47:12:781 2652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 11:47:12:906 2652 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys 11:47:13:000 2652 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys 11:47:13:109 2652 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys 11:47:13:218 2652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 11:47:13:312 2652 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys 11:47:13:406 2652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 11:47:13:578 2652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 11:47:13:703 2652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 11:47:13:812 2652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 11:47:14:187 2652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 11:47:14:312 2652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 11:47:14:750 2652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 11:47:15:015 2652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 11:47:15:109 2652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 11:47:15:265 2652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 11:47:15:375 2652 E100B (fe9cb643a034285031502d3369e5a869) C:\WINDOWS\system32\DRIVERS\e100b325.sys 11:47:15:500 2652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 11:47:15:609 2652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 11:47:15:703 2652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 11:47:15:796 2652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 11:47:15:906 2652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 11:47:15:984 2652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 11:47:16:093 2652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 11:47:16:187 2652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 11:47:16:343 2652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 11:47:16:593 2652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 11:47:16:718 2652 ialm (483e123d057f9cab066402239c0a0b3f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 11:47:16:875 2652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 11:47:17:046 2652 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 11:47:17:171 2652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 11:47:17:296 2652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 11:47:17:390 2652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 11:47:17:515 2652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 11:47:17:609 2652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 11:47:17:703 2652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 11:47:17:812 2652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 11:47:17:921 2652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 11:47:18:078 2652 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 11:47:18:234 2652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 11:47:18:343 2652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 11:47:18:562 2652 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 11:47:18:734 2652 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 11:47:18:828 2652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 11:47:18:937 2652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 11:47:19:031 2652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 11:47:19:125 2652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 11:47:19:296 2652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 11:47:19:406 2652 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 11:47:19:562 2652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 11:47:19:671 2652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 11:47:19:781 2652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 11:47:19:906 2652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 11:47:19:984 2652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 11:47:20:093 2652 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 11:47:20:203 2652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 11:47:20:281 2652 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 11:47:20:390 2652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 11:47:20:500 2652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 11:47:20:593 2652 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 11:47:20:703 2652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 11:47:20:796 2652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 11:47:20:906 2652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 11:47:21:015 2652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 11:47:21:156 2652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 11:47:21:250 2652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 11:47:21:390 2652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 11:47:21:531 2652 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys 11:47:21:656 2652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 11:47:21:781 2652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 11:47:21:906 2652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 11:47:22:000 2652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 11:47:22:125 2652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 11:47:22:203 2652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 11:47:22:515 2652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 11:47:22:609 2652 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 11:47:22:703 2652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 11:47:22:796 2652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 11:47:22:890 2652 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 11:47:23:281 2652 RasAcd (652d260be3046dd1b08ab6ba2bd0861e) C:\WINDOWS\system32\DRIVERS\rasacd.sys 11:47:23:281 2652 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 652d260be3046dd1b08ab6ba2bd0861e, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c 11:47:23:281 2652 File "C:\WINDOWS\system32\DRIVERS\rasacd.sys" infected by TDSS rootkit ... 11:47:25:546 2652 Backup copy found, using it.. 11:47:25:546 2652 will be cured on next reboot 11:47:25:671 2652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 11:47:25:781 2652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 11:47:25:906 2652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 11:47:26:015 2652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 11:47:26:125 2652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 11:47:26:218 2652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 11:47:26:312 2652 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 11:47:26:437 2652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 11:47:26:609 2652 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 11:47:26:734 2652 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 11:47:26:843 2652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 11:47:26:984 2652 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 11:47:27:078 2652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 11:47:27:171 2652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 11:47:27:437 2652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 11:47:27:578 2652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 11:47:27:687 2652 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 11:47:27:828 2652 STAC97 (37dcf0d0efa88b05d07cc6c46bdca797) C:\WINDOWS\system32\drivers\STAC97.sys 11:47:27:953 2652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 11:47:28:078 2652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 11:47:28:406 2652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 11:47:28:593 2652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 11:47:28:765 2652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 11:47:28:890 2652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 11:47:29:000 2652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 11:47:29:218 2652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 11:47:29:453 2652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 11:47:29:609 2652 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys 11:47:29:734 2652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 11:47:29:843 2652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 11:47:30:000 2652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 11:47:30:125 2652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 11:47:30:234 2652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 11:47:30:359 2652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 11:47:30:484 2652 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 11:47:30:734 2652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 11:47:31:421 2652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 11:47:31:515 2652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 11:47:31:687 2652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 11:47:31:812 2652 {6080A529-897E-4629-A488-ABA0C29B635E} (9b808527870ebae0b1dfb90ef3f861b9) C:\WINDOWS\system32\drivers\ialmsbw.sys 11:47:31:906 2652 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (dba29fe70d66f5a82c860894c91b42c7) C:\WINDOWS\system32\drivers\ialmkchw.sys 11:47:31:921 2652 Reboot required for cure complete.. 11:47:32:328 2652 Cure on reboot scheduled successfully 11:47:32:328 2652 11:47:32:328 2652 Completed 11:47:32:328 2652 11:47:32:328 2652 Results: 11:47:32:328 2652 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 11:47:32:328 2652 File objects infected / cured / cured on reboot: 1 / 0 / 1 11:47:32:328 2652 11:47:32:343 2652 KLMD(ARK) unloaded successfully JavaRa.zip
  8. cheliza34
    Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4326 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/19/2010 10:45:57 AM mbam-log-2010-07-19 (10-45-57).txt Scan type: Quick scan Objects scanned: 141522 Time elapsed: 13 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 8:31:07.70 on Mon 07/19/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1402 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\BRMFRSMG.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINTAC\Office\MSACCESS.EXE C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.lennoxdavenet.net/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No File TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [setDefPrt] c:\program files\brother\brmfl03a\BrStDvPt.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: AdobeControl - hxxp://www.lennoxdavenet.net/webdynpro/resources/sap.com/tc~wd~dispwda/global/activeComp/AdobeControl.CAB DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll Notify: LMIinit - LMIinit.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-2 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-2 29584] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-2 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-11 47640] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-4-16 10368] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?] S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-07-19 12:29:31 0 ----a-w- c:\documents and settings\administrator\defogger_reenable 2010-07-15 20:32:45 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 20:14:34 0 d-----w- c:\windows\system32\wbem\Repository 2010-07-15 13:21:37 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan 2010-07-15 13:11:06 0 d-----w- c:\windows\pss 2010-07-14 20:09:32 936960 ----a-w- c:\windows\system32\qtplugin(2).exe ==================== Find3M ==================== 2010-07-15 20:32:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 20:32:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2006-12-11 19:47:16 346 ----a-w- c:\program files\Shortcut to P - FDC.lnk 2002-07-31 23:55:12 106 --sh--w- c:\windows\WSYS049.SYS ============= FINISH: 8:37:03.00 =============== Attach.zip ark.zip
  9. cheliza34
    zipped SystemLook.zip
  10. cheliza34
    i ran a scan because computer was running slow - malware bytes found issues - deleted them upon restart no explorer.exe - i have to use task manager to open it... please help i have posted the log from the scan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4312 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/14/2010 1:24:37 PM mbam-log-2010-07-14 (13-24-37).txt Scan type: Full scan (C:\|) Objects scanned: 196296 Time elapsed: 1 hour(s), 51 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\Userinitxx.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
  11. cheliza34
    zipped SystemLook.zip
  12. cheliza34
    when i turn off trend micro and check security center still shows avg running
  13. cheliza34
    ugh still there.....somewhere
  14. cheliza34
    zipped again SystemLook.zip
  15. cheliza34
    yes i used your previous avg remover - i used the avg free version and im not sure of the number updated version it was at then - it was april 18th that i installed trend micro...not sure if that helps
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.