Jump to content

panfriedhardrive

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Everything posted by panfriedhardrive

  1. panfriedhardrive
    okay, thanks. can you give me a list of procedures that I can print out and follow and if I have any other oroblems I can get on my laptop and ask you.
  2. panfriedhardrive
    If I were to take it into the shop and pay for them to fix it would they tell me the same thing? The reason being this is the family computer and my uncle wants me to take it into a shop. I would prefer to fix it myself and save the money, I currently do not have my xp cd but I do have my xp upgrade cd to upgrade to windows xp professional.
  3. panfriedhardrive
    bump
  4. panfriedhardrive
    I'm new to malwarebytes forums and my computer has been really messed up lately. I'll get rid of three fourths of all the infections and then they all come back. I curreently have: Malware.Packer.Gen, Backdoor.Bifrose, Worm.Spambot, Trojan.Spambot, Bifrose.Trace, Backdoor.Bot, Virus.Sality, and there are multiple of all listed. I ran ComboFix which will take a lot of them out but then they all come back. Here is the log for my scan with ComboFix. Thanks. ComboFix 10-12-18.01 - Administrator 12/18/2010 16:14:08.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.461 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\windows\system\javapc.dll . ---- Previous Run ------- . C:\Autorun.inf c:\windows\system\java.exe c:\windows\system\javapc.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_amsint32 -------\Service_asc3360pr -------\Legacy_ASC3360PR -------\Service_amsint32 -------\Service_asc3360pr ((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 ))))))))))))))))))))))))))))))) . 2010-12-18 03:49 . 2010-12-18 03:52 -------- d-----w- c:\program files\Active PC Optimizer 2010-12-18 02:48 . 2010-12-18 02:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-12-18 02:30 . 2010-02-22 15:37 147456 ----a-w- c:\windows\system\java.exe 2010-12-17 18:59 . 2010-12-17 18:59 7475200 ----a-w- c:\windows\system32\rmslt.nt 2010-12-17 18:38 . 2010-12-17 18:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert 2010-12-17 17:14 . 2010-12-17 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure 2010-12-17 17:14 . 2010-12-17 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\ParetoLogic 2010-12-17 17:13 . 2010-12-17 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2010-12-17 04:18 . 2010-12-17 04:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment 2010-12-15 22:12 . 2010-12-15 22:24 -------- d-----w- c:\windows\system32\MpEngineStore 2010-12-14 21:41 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-12-12 22:33 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-12 22:33 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-10 17:55 . 2010-12-15 21:55 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2010-12-10 17:33 . 2010-12-10 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2010-12-10 17:15 . 2010-09-11 06:46 887912 ----a-w- c:\windows\system32\nvdispco32.dll 2010-12-10 17:15 . 2010-09-11 06:46 813672 ----a-w- c:\windows\system32\nvgenco32.dll 2010-12-09 03:58 . 2010-12-09 03:58 -------- d-----w- c:\program files\Bonjour 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2010-12-08 17:31 . 2010-12-08 23:46 -------- d--h--w- c:\windows\msdownld.tmp 2010-12-08 14:05 . 2010-12-08 14:05 -------- d-----w- c:\program files\Common Files\xing shared 2010-12-08 14:04 . 2010-12-08 14:05 -------- d-----w- c:\program files\real 2010-12-08 01:33 . 2010-12-08 01:33 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\SoftGrid Client 2010-12-08 01:33 . 2010-12-08 11:58 -------- d-----w- c:\documents and settings\Guest\Application Data\SoftGrid Client 2010-12-01 16:59 . 2010-12-01 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-18 21:31 . 2010-03-02 18:53 9216 ----a-w- c:\windows\base64.exe 2010-12-16 00:03 . 2009-05-15 13:02 90112 ----a-w- c:\windows\DUMP606f.tmp 2010-12-14 22:20 . 2007-04-09 16:32 93696 ----a-w- c:\windows\system32\Ctxfihlp.exe 2010-12-08 14:05 . 2006-07-11 22:35 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-11-18 18:12 . 2009-05-15 17:49 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-15 22:20 . 2010-11-15 22:20 138 ---ha-w- c:\documents and settings\Administrator\Application Data\lakerda1967.sys 2010-11-15 22:20 . 2010-11-15 22:20 360580 ----a-w- c:\windows\eSellerateEngine.dll 2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2009-05-18 13:50 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2009-05-18 13:50 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-21 22:44 . 2010-11-10 19:15 438976 ----a-w- c:\windows\system32\Mshflxgd.ocx 2010-10-21 22:44 . 2010-11-10 19:15 212240 ----a-w- c:\windows\system32\Richtx32.ocx 2010-10-21 22:44 . 2010-11-10 19:15 196608 ----a-w- c:\windows\system32\Utility.dll 2010-10-21 22:44 . 2010-11-10 19:15 117507 ----a-w- c:\windows\system32\msinet.ocx 2010-10-21 22:44 . 2010-11-10 19:15 139264 ----a-w- c:\windows\system32\gswin32c.exe 2010-10-19 20:51 . 2010-11-04 17:28 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-10-12 15:11 . 2010-10-01 17:33 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp 2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-27 39408] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 200192] "ares"="c:\program files\Ares\Ares.exe" [2010-07-21 4185088] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 458752] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 278528] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 139264] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 114688] "SetDefPrt"="c:\program files\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 122880] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2010-12-14 1081344] "USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 126976] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1028096] "QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 147456] "PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [2010-12-14 122880] "ScanSoft PDF Professional 4-reminder"="c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe" [2006-11-16 107520] "CTxfiHlp"="CTXFIHLP.EXE" [2010-12-14 93696] "CTHelper"="CTHELPER.EXE" [2009-06-23 89088] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 330256] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 136192] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 242688] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 99840] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 1004544] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1159168] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-08 274608] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 495616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-09-11 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-09-11 13851752] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1824256] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-03-26 1433600] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "shdocvw"="wscript.exe" [2008-05-08 155648] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 393216] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-19 884736] QuickBooks Delivery Agent.lnk - c:\program files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe [2009-5-25 192512] Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2007-12-14 6991872] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\mrtMngr.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"= "c:\\program files\\real\\realplayer\\RealPlay.exe"= "c:\\Program Files\\Microsoft IntelliType Pro\\itype.exe"= "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"= "c:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe"= "c:\\Program Files\\Brother\\Brmfl05b\\BrStDvPt.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Intuit\\QuickBooks\\Components\\QBAgent\\QBDAgent.exe"= "c:\\WINDOWS\\system\\java.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Google\\Update\\1.2.183.39\\GoogleCrashHandler.exe"= "c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"= "c:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"= "c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= "c:\\WINDOWS\\stsystra.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\Microsoft IntelliType Pro\\dpupdchk.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\1.2.183.39\\GoogleCrashHandler.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"= "c:\\Program Files\\Linksys\\WUSB600N\\WUSB600N.exe"= "c:\\Program Files\\Common Files\\Logishrd\\KHAL2\\KHALMNPR.EXE"= "c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"= "c:\\Program Files\\NVIDIA Corporation\\nView\\nwiz.exe"= "c:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe"= "c:\\WINDOWS\\system32\\CTHELPER.EXE"= "c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DW20.EXE"= "c:\\USBStorage\\USBDetector.exe"= "c:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe"= "c:\\Program Files\\Logitech\\SetPoint\\LU\\LULnchr.exe"= "c:\\Documents and Settings\\Administrator\\Desktop\\ComboFix.exe"= "c:\\WINDOWS\\system32\\cmd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [5/19/2009 12:53 PM 45824] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 4:25 PM 14080] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 4:25 PM 36352] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 12:34 PM 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 12:34 PM 555032] R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [6/23/2009 12:36 PM 18840] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 12:34 PM 566296] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [5/19/2009 12:53 PM 56960] R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [5/19/2009 4:32 AM 91830] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 4:25 PM 77056] S1 khichjfa;khichjfa;\??\c:\windows\system32\drivers\khichjfa.sys --> c:\windows\system32\drivers\khichjfa.sys [?] S1 tuptnchl;tuptnchl;\??\c:\windows\system32\drivers\tuptnchl.sys --> c:\windows\system32\drivers\tuptnchl.sys [?] S1 xugkgpwf;xugkgpwf;\??\c:\windows\system32\drivers\xugkgpwf.sys --> c:\windows\system32\drivers\xugkgpwf.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 12:22 AM 212480] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [5/15/2009 1:51 PM 20160] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 12:34 PM 99352] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/29/2009 10:13 PM 157184] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 12:34 PM 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 12:35 PM 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 12:35 PM 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 12:34 PM 566296] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4710912] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] --- Other Services/Drivers In Memory --- *NewlyCreated* - ASC3360PR [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 05:22] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 05:22] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-220523388-839522115-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 04:27] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-220523388-839522115-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 04:27] 2010-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-220523388-839522115-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] 2010-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-220523388-839522115-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] 2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{DE3F6AD8-35DF-4765-8202-9AB46C8BB149}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: Copy to &Lightning Note - c:\program files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-18 16:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? CTHelper = CTHELPER.EXE? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1645522239-220523388-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,e4,ad,53,a1,b5,3c,48,a3,76,59,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,e4,ad,53,a1,b5,3c,48,a3,76,59,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(504) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2448) c:\windows\system32\WININET.dll c:\windows\system32\ctagent.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\brsvc01a.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\windows\system32\brss01a.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\PSIService.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\stsystra.exe c:\windows\system32\CTHELPER.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\iPod\bin\iPodService.exe c:\windows\system32\mrtMngr.EXE c:\windows\system\java.exe c:\program files\real\realplayer\RealPlay.exe . ************************************************************************** . Completion time: 2010-12-18 16:36:38 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-18 21:36 ComboFix2.txt 2010-12-17 17:04 Pre-Run: 54,478,782,464 bytes free Post-Run: 54,561,247,232 bytes free - - End Of File - - F4BA7FE55C20F810C47F99FCC5D2EC33
  5. panfriedhardrive
    I'm new to malwarebytes forums and my computer has been really messed up lately. I'll get rid of three fourths of all the infections and then they all come back. I curreently have: Malware.Packer.Gen, Backdoor.Bifrose, Worm.Spambot, Trojan.Spambot, Bifrose.Trace, Backdoor.Bot, Virus.Sality, and there are multiple of all listed. I ran ComboFix which will take a lot of them out but then they all come back. Here is the log for my scan with ComboFix. Thanks. ComboFix 10-12-18.01 - Administrator 12/18/2010 16:14:08.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.461 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\windows\system\javapc.dll . ---- Previous Run ------- . C:\Autorun.inf c:\windows\system\java.exe c:\windows\system\javapc.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_amsint32 -------\Service_asc3360pr -------\Legacy_ASC3360PR -------\Service_amsint32 -------\Service_asc3360pr ((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 ))))))))))))))))))))))))))))))) . 2010-12-18 03:49 . 2010-12-18 03:52 -------- d-----w- c:\program files\Active PC Optimizer 2010-12-18 02:48 . 2010-12-18 02:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-12-18 02:30 . 2010-02-22 15:37 147456 ----a-w- c:\windows\system\java.exe 2010-12-17 18:59 . 2010-12-17 18:59 7475200 ----a-w- c:\windows\system32\rmslt.nt 2010-12-17 18:38 . 2010-12-17 18:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert 2010-12-17 17:14 . 2010-12-17 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure 2010-12-17 17:14 . 2010-12-17 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\ParetoLogic 2010-12-17 17:13 . 2010-12-17 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2010-12-17 04:18 . 2010-12-17 04:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment 2010-12-15 22:12 . 2010-12-15 22:24 -------- d-----w- c:\windows\system32\MpEngineStore 2010-12-14 21:41 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-12-12 22:33 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-12 22:33 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-10 17:55 . 2010-12-15 21:55 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2010-12-10 17:33 . 2010-12-10 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2010-12-10 17:15 . 2010-09-11 06:46 887912 ----a-w- c:\windows\system32\nvdispco32.dll 2010-12-10 17:15 . 2010-09-11 06:46 813672 ----a-w- c:\windows\system32\nvgenco32.dll 2010-12-09 03:58 . 2010-12-09 03:58 -------- d-----w- c:\program files\Bonjour 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2010-12-08 17:31 . 2010-12-08 23:46 -------- d--h--w- c:\windows\msdownld.tmp 2010-12-08 14:05 . 2010-12-08 14:05 -------- d-----w- c:\program files\Common Files\xing shared 2010-12-08 14:04 . 2010-12-08 14:05 -------- d-----w- c:\program files\real 2010-12-08 01:33 . 2010-12-08 01:33 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\SoftGrid Client 2010-12-08 01:33 . 2010-12-08 11:58 -------- d-----w- c:\documents and settings\Guest\Application Data\SoftGrid Client 2010-12-01 16:59 . 2010-12-01 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-18 21:31 . 2010-03-02 18:53 9216 ----a-w- c:\windows\base64.exe 2010-12-16 00:03 . 2009-05-15 13:02 90112 ----a-w- c:\windows\DUMP606f.tmp 2010-12-14 22:20 . 2007-04-09 16:32 93696 ----a-w- c:\windows\system32\Ctxfihlp.exe 2010-12-08 14:05 . 2006-07-11 22:35 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-11-18 18:12 . 2009-05-15 17:49 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-15 22:20 . 2010-11-15 22:20 138 ---ha-w- c:\documents and settings\Administrator\Application Data\lakerda1967.sys 2010-11-15 22:20 . 2010-11-15 22:20 360580 ----a-w- c:\windows\eSellerateEngine.dll 2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2009-05-18 13:50 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2009-05-18 13:50 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-21 22:44 . 2010-11-10 19:15 438976 ----a-w- c:\windows\system32\Mshflxgd.ocx 2010-10-21 22:44 . 2010-11-10 19:15 212240 ----a-w- c:\windows\system32\Richtx32.ocx 2010-10-21 22:44 . 2010-11-10 19:15 196608 ----a-w- c:\windows\system32\Utility.dll 2010-10-21 22:44 . 2010-11-10 19:15 117507 ----a-w- c:\windows\system32\msinet.ocx 2010-10-21 22:44 . 2010-11-10 19:15 139264 ----a-w- c:\windows\system32\gswin32c.exe 2010-10-19 20:51 . 2010-11-04 17:28 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-10-12 15:11 . 2010-10-01 17:33 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp 2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-27 39408] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 200192] "ares"="c:\program files\Ares\Ares.exe" [2010-07-21 4185088] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 458752] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 278528] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 139264] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 114688] "SetDefPrt"="c:\program files\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 122880] "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2010-12-14 1081344] "USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 126976] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1028096] "QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 147456] "PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [2010-12-14 122880] "ScanSoft PDF Professional 4-reminder"="c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe" [2006-11-16 107520] "CTxfiHlp"="CTXFIHLP.EXE" [2010-12-14 93696] "CTHelper"="CTHELPER.EXE" [2009-06-23 89088] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 330256] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 136192] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 242688] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 99840] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 1004544] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1159168] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-08 274608] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 495616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-09-11 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-09-11 13851752] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1824256] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-03-26 1433600] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "shdocvw"="wscript.exe" [2008-05-08 155648] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 393216] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-19 884736] QuickBooks Delivery Agent.lnk - c:\program files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe [2009-5-25 192512] Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2007-12-14 6991872] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\mrtMngr.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"= "c:\\program files\\real\\realplayer\\RealPlay.exe"= "c:\\Program Files\\Microsoft IntelliType Pro\\itype.exe"= "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"= "c:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe"= "c:\\Program Files\\Brother\\Brmfl05b\\BrStDvPt.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Intuit\\QuickBooks\\Components\\QBAgent\\QBDAgent.exe"= "c:\\WINDOWS\\system\\java.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Google\\Update\\1.2.183.39\\GoogleCrashHandler.exe"= "c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"= "c:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"= "c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= "c:\\WINDOWS\\stsystra.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\Microsoft IntelliType Pro\\dpupdchk.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\1.2.183.39\\GoogleCrashHandler.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"= "c:\\Program Files\\Linksys\\WUSB600N\\WUSB600N.exe"= "c:\\Program Files\\Common Files\\Logishrd\\KHAL2\\KHALMNPR.EXE"= "c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"= "c:\\Program Files\\NVIDIA Corporation\\nView\\nwiz.exe"= "c:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe"= "c:\\WINDOWS\\system32\\CTHELPER.EXE"= "c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DW20.EXE"= "c:\\USBStorage\\USBDetector.exe"= "c:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe"= "c:\\Program Files\\Logitech\\SetPoint\\LU\\LULnchr.exe"= "c:\\Documents and Settings\\Administrator\\Desktop\\ComboFix.exe"= "c:\\WINDOWS\\system32\\cmd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664] R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [5/19/2009 12:53 PM 45824] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 4:25 PM 14080] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 4:25 PM 36352] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 12:34 PM 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 12:34 PM 555032] R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [6/23/2009 12:36 PM 18840] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 12:34 PM 566296] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [5/19/2009 12:53 PM 56960] R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [5/19/2009 4:32 AM 91830] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 4:25 PM 77056] S1 khichjfa;khichjfa;\??\c:\windows\system32\drivers\khichjfa.sys --> c:\windows\system32\drivers\khichjfa.sys [?] S1 tuptnchl;tuptnchl;\??\c:\windows\system32\drivers\tuptnchl.sys --> c:\windows\system32\drivers\tuptnchl.sys [?] S1 xugkgpwf;xugkgpwf;\??\c:\windows\system32\drivers\xugkgpwf.sys --> c:\windows\system32\drivers\xugkgpwf.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 12:22 AM 212480] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [5/15/2009 1:51 PM 20160] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 12:34 PM 99352] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/29/2009 10:13 PM 157184] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 12:34 PM 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 12:35 PM 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 12:35 PM 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 12:34 PM 566296] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4710912] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] --- Other Services/Drivers In Memory --- *NewlyCreated* - ASC3360PR [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 05:22] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 05:22] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-220523388-839522115-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 04:27] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-220523388-839522115-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 04:27] 2010-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-220523388-839522115-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] 2010-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-220523388-839522115-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] 2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{DE3F6AD8-35DF-4765-8202-9AB46C8BB149}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: Copy to &Lightning Note - c:\program files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-18 16:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? CTHelper = CTHELPER.EXE? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1645522239-220523388-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,e4,ad,53,a1,b5,3c,48,a3,76,59,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,e4,ad,53,a1,b5,3c,48,a3,76,59,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(504) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2448) c:\windows\system32\WININET.dll c:\windows\system32\ctagent.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\brsvc01a.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\windows\system32\brss01a.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\PSIService.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\stsystra.exe c:\windows\system32\CTHELPER.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\iPod\bin\iPodService.exe c:\windows\system32\mrtMngr.EXE c:\windows\system\java.exe c:\program files\real\realplayer\RealPlay.exe . ************************************************************************** . Completion time: 2010-12-18 16:36:38 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-18 21:36 ComboFix2.txt 2010-12-17 17:04 Pre-Run: 54,478,782,464 bytes free Post-Run: 54,561,247,232 bytes free - - End Of File - - F4BA7FE55C20F810C47F99FCC5D2EC33
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.