panfriedhardrive
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by panfriedhardrive
-
-
If I were to take it into the shop and pay for them to fix it would they tell me the same thing? The reason being this is the family computer and my uncle wants me to take it into a shop. I would prefer to fix it myself and save the money, I currently do not have my xp cd but I do have my xp upgrade cd to upgrade to windows xp professional.
-
-
I'm new to malwarebytes forums and my computer has been really messed up lately. I'll get rid of three fourths of all the infections and then they all come back. I curreently have: Malware.Packer.Gen, Backdoor.Bifrose, Worm.Spambot, Trojan.Spambot, Bifrose.Trace, Backdoor.Bot, Virus.Sality, and there are multiple of all listed. I ran ComboFix which will take a lot of them out but then they all come back.
Here is the log for my scan with ComboFix. Thanks.
ComboFix 10-12-18.01 - Administrator 12/18/2010 16:14:08.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.461 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\system\javapc.dll
.
---- Previous Run -------
.
C:\Autorun.inf
c:\windows\system\java.exe
c:\windows\system\javapc.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_amsint32
-------\Service_asc3360pr
-------\Legacy_ASC3360PR
-------\Service_amsint32
-------\Service_asc3360pr
((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
.
2010-12-18 03:49 . 2010-12-18 03:52 -------- d-----w- c:\program files\Active PC Optimizer
2010-12-18 02:48 . 2010-12-18 02:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-18 02:30 . 2010-02-22 15:37 147456 ----a-w- c:\windows\system\java.exe
2010-12-17 18:59 . 2010-12-17 18:59 7475200 ----a-w- c:\windows\system32\rmslt.nt
2010-12-17 18:38 . 2010-12-17 18:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2010-12-17 17:14 . 2010-12-17 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure
2010-12-17 17:14 . 2010-12-17 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\ParetoLogic
2010-12-17 17:13 . 2010-12-17 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-12-17 04:18 . 2010-12-17 04:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2010-12-15 22:12 . 2010-12-15 22:24 -------- d-----w- c:\windows\system32\MpEngineStore
2010-12-14 21:41 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-12-12 22:33 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-12 22:33 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 17:55 . 2010-12-15 21:55 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-12-10 17:33 . 2010-12-10 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-12-10 17:15 . 2010-09-11 06:46 887912 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-10 17:15 . 2010-09-11 06:46 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-09 03:58 . 2010-12-09 03:58 -------- d-----w- c:\program files\Bonjour
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-08 17:31 . 2010-12-08 23:46 -------- d--h--w- c:\windows\msdownld.tmp
2010-12-08 14:05 . 2010-12-08 14:05 -------- d-----w- c:\program files\Common Files\xing shared
2010-12-08 14:04 . 2010-12-08 14:05 -------- d-----w- c:\program files\real
2010-12-08 01:33 . 2010-12-08 01:33 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\SoftGrid Client
2010-12-08 01:33 . 2010-12-08 11:58 -------- d-----w- c:\documents and settings\Guest\Application Data\SoftGrid Client
2010-12-01 16:59 . 2010-12-01 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-18 21:31 . 2010-03-02 18:53 9216 ----a-w- c:\windows\base64.exe
2010-12-16 00:03 . 2009-05-15 13:02 90112 ----a-w- c:\windows\DUMP606f.tmp
2010-12-14 22:20 . 2007-04-09 16:32 93696 ----a-w- c:\windows\system32\Ctxfihlp.exe
2010-12-08 14:05 . 2006-07-11 22:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-18 18:12 . 2009-05-15 17:49 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-15 22:20 . 2010-11-15 22:20 138 ---ha-w- c:\documents and settings\Administrator\Application Data\lakerda1967.sys
2010-11-15 22:20 . 2010-11-15 22:20 360580 ----a-w- c:\windows\eSellerateEngine.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2009-05-18 13:50 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2009-05-18 13:50 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-21 22:44 . 2010-11-10 19:15 438976 ----a-w- c:\windows\system32\Mshflxgd.ocx
2010-10-21 22:44 . 2010-11-10 19:15 212240 ----a-w- c:\windows\system32\Richtx32.ocx
2010-10-21 22:44 . 2010-11-10 19:15 196608 ----a-w- c:\windows\system32\Utility.dll
2010-10-21 22:44 . 2010-11-10 19:15 117507 ----a-w- c:\windows\system32\msinet.ocx
2010-10-21 22:44 . 2010-11-10 19:15 139264 ----a-w- c:\windows\system32\gswin32c.exe
2010-10-19 20:51 . 2010-11-04 17:28 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-12 15:11 . 2010-10-01 17:33 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-27 39408]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 200192]
"ares"="c:\program files\Ares\Ares.exe" [2010-07-21 4185088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 458752]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 278528]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 139264]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 114688]
"SetDefPrt"="c:\program files\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 122880]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2010-12-14 1081344]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 126976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1028096]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 147456]
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [2010-12-14 122880]
"ScanSoft PDF Professional 4-reminder"="c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe" [2006-11-16 107520]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-12-14 93696]
"CTHelper"="CTHELPER.EXE" [2009-06-23 89088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 330256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 136192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 242688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 99840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 1004544]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1159168]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-08 274608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 495616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-09-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-09-11 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1824256]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-03-26 1433600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"shdocvw"="wscript.exe" [2008-05-08 155648]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 393216]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-19 884736]
QuickBooks Delivery Agent.lnk - c:\program files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe [2009-5-25 192512]
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2007-12-14 6991872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mrtMngr.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"=
"c:\\program files\\real\\realplayer\\RealPlay.exe"=
"c:\\Program Files\\Microsoft IntelliType Pro\\itype.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe"=
"c:\\Program Files\\Brother\\Brmfl05b\\BrStDvPt.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Intuit\\QuickBooks\\Components\\QBAgent\\QBDAgent.exe"=
"c:\\WINDOWS\\system\\java.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Google\\Update\\1.2.183.39\\GoogleCrashHandler.exe"=
"c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Microsoft IntelliType Pro\\dpupdchk.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\1.2.183.39\\GoogleCrashHandler.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Linksys\\WUSB600N\\WUSB600N.exe"=
"c:\\Program Files\\Common Files\\Logishrd\\KHAL2\\KHALMNPR.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\NVIDIA Corporation\\nView\\nwiz.exe"=
"c:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe"=
"c:\\WINDOWS\\system32\\CTHELPER.EXE"=
"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DW20.EXE"=
"c:\\USBStorage\\USBDetector.exe"=
"c:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe"=
"c:\\Program Files\\Logitech\\SetPoint\\LU\\LULnchr.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\ComboFix.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [5/19/2009 12:53 PM 45824]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 4:25 PM 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 4:25 PM 36352]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 12:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 12:34 PM 555032]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [6/23/2009 12:36 PM 18840]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 12:34 PM 566296]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [5/19/2009 12:53 PM 56960]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [5/19/2009 4:32 AM 91830]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 4:25 PM 77056]
S1 khichjfa;khichjfa;\??\c:\windows\system32\drivers\khichjfa.sys --> c:\windows\system32\drivers\khichjfa.sys [?]
S1 tuptnchl;tuptnchl;\??\c:\windows\system32\drivers\tuptnchl.sys --> c:\windows\system32\drivers\tuptnchl.sys [?]
S1 xugkgpwf;xugkgpwf;\??\c:\windows\system32\drivers\xugkgpwf.sys --> c:\windows\system32\drivers\xugkgpwf.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 12:22 AM 212480]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [5/15/2009 1:51 PM 20160]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 12:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/29/2009 10:13 PM 157184]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 12:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 12:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 12:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 12:34 PM 566296]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4710912]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASC3360PR
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 05:22]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 05:22]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-220523388-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 04:27]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-220523388-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 04:27]
2010-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-220523388-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
2010-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-220523388-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{DE3F6AD8-35DF-4765-8202-9AB46C8BB149}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Copy to &Lightning Note - c:\program files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-18 16:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1645522239-220523388-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,e4,ad,53,a1,b5,3c,48,a3,76,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,e4,ad,53,a1,b5,3c,48,a3,76,59,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(504)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2448)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\brsvc01a.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\stsystra.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\mrtMngr.EXE
c:\windows\system\java.exe
c:\program files\real\realplayer\RealPlay.exe
.
**************************************************************************
.
Completion time: 2010-12-18 16:36:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-18 21:36
ComboFix2.txt 2010-12-17 17:04
Pre-Run: 54,478,782,464 bytes free
Post-Run: 54,561,247,232 bytes free
- - End Of File - - F4BA7FE55C20F810C47F99FCC5D2EC33
-
I'm new to malwarebytes forums and my computer has been really messed up lately. I'll get rid of three fourths of all the infections and then they all come back. I curreently have: Malware.Packer.Gen, Backdoor.Bifrose, Worm.Spambot, Trojan.Spambot, Bifrose.Trace, Backdoor.Bot, Virus.Sality, and there are multiple of all listed. I ran ComboFix which will take a lot of them out but then they all come back.
Here is the log for my scan with ComboFix. Thanks.
ComboFix 10-12-18.01 - Administrator 12/18/2010 16:14:08.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.461 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\windows\system\javapc.dll
.
---- Previous Run -------
.
C:\Autorun.inf
c:\windows\system\java.exe
c:\windows\system\javapc.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_amsint32
-------\Service_asc3360pr
-------\Legacy_ASC3360PR
-------\Service_amsint32
-------\Service_asc3360pr
((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
.
2010-12-18 03:49 . 2010-12-18 03:52 -------- d-----w- c:\program files\Active PC Optimizer
2010-12-18 02:48 . 2010-12-18 02:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-18 02:30 . 2010-02-22 15:37 147456 ----a-w- c:\windows\system\java.exe
2010-12-17 18:59 . 2010-12-17 18:59 7475200 ----a-w- c:\windows\system32\rmslt.nt
2010-12-17 18:38 . 2010-12-17 18:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2010-12-17 17:14 . 2010-12-17 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure
2010-12-17 17:14 . 2010-12-17 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\ParetoLogic
2010-12-17 17:13 . 2010-12-17 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-12-17 04:18 . 2010-12-17 04:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2010-12-15 22:12 . 2010-12-15 22:24 -------- d-----w- c:\windows\system32\MpEngineStore
2010-12-14 21:41 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-12-12 22:33 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-12 22:33 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 17:55 . 2010-12-15 21:55 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-12-10 17:33 . 2010-12-10 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-12-10 17:15 . 2010-09-11 06:46 887912 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-10 17:15 . 2010-09-11 06:46 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-09 03:58 . 2010-12-09 03:58 -------- d-----w- c:\program files\Bonjour
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-08 17:31 . 2010-12-08 23:46 -------- d--h--w- c:\windows\msdownld.tmp
2010-12-08 14:05 . 2010-12-08 14:05 -------- d-----w- c:\program files\Common Files\xing shared
2010-12-08 14:04 . 2010-12-08 14:05 -------- d-----w- c:\program files\real
2010-12-08 01:33 . 2010-12-08 01:33 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\SoftGrid Client
2010-12-08 01:33 . 2010-12-08 11:58 -------- d-----w- c:\documents and settings\Guest\Application Data\SoftGrid Client
2010-12-01 16:59 . 2010-12-01 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-18 21:31 . 2010-03-02 18:53 9216 ----a-w- c:\windows\base64.exe
2010-12-16 00:03 . 2009-05-15 13:02 90112 ----a-w- c:\windows\DUMP606f.tmp
2010-12-14 22:20 . 2007-04-09 16:32 93696 ----a-w- c:\windows\system32\Ctxfihlp.exe
2010-12-08 14:05 . 2006-07-11 22:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-18 18:12 . 2009-05-15 17:49 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-15 22:20 . 2010-11-15 22:20 138 ---ha-w- c:\documents and settings\Administrator\Application Data\lakerda1967.sys
2010-11-15 22:20 . 2010-11-15 22:20 360580 ----a-w- c:\windows\eSellerateEngine.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2009-05-18 13:50 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2009-05-18 13:50 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-21 22:44 . 2010-11-10 19:15 438976 ----a-w- c:\windows\system32\Mshflxgd.ocx
2010-10-21 22:44 . 2010-11-10 19:15 212240 ----a-w- c:\windows\system32\Richtx32.ocx
2010-10-21 22:44 . 2010-11-10 19:15 196608 ----a-w- c:\windows\system32\Utility.dll
2010-10-21 22:44 . 2010-11-10 19:15 117507 ----a-w- c:\windows\system32\msinet.ocx
2010-10-21 22:44 . 2010-11-10 19:15 139264 ----a-w- c:\windows\system32\gswin32c.exe
2010-10-19 20:51 . 2010-11-04 17:28 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-12 15:11 . 2010-10-01 17:33 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-27 39408]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 200192]
"ares"="c:\program files\Ares\Ares.exe" [2010-07-21 4185088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 458752]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 278528]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 139264]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 114688]
"SetDefPrt"="c:\program files\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 122880]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2010-12-14 1081344]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 126976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1028096]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 147456]
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [2010-12-14 122880]
"ScanSoft PDF Professional 4-reminder"="c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe" [2006-11-16 107520]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-12-14 93696]
"CTHelper"="CTHELPER.EXE" [2009-06-23 89088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 330256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 136192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 242688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 99840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 1004544]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1159168]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-08 274608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 495616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-09-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-09-11 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1824256]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-03-26 1433600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"shdocvw"="wscript.exe" [2008-05-08 155648]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 393216]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-19 884736]
QuickBooks Delivery Agent.lnk - c:\program files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe [2009-5-25 192512]
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2007-12-14 6991872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mrtMngr.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"=
"c:\\program files\\real\\realplayer\\RealPlay.exe"=
"c:\\Program Files\\Microsoft IntelliType Pro\\itype.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe"=
"c:\\Program Files\\Brother\\Brmfl05b\\BrStDvPt.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Intuit\\QuickBooks\\Components\\QBAgent\\QBDAgent.exe"=
"c:\\WINDOWS\\system\\java.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Google\\Update\\1.2.183.39\\GoogleCrashHandler.exe"=
"c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\WINDOWS\\stsystra.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Microsoft IntelliType Pro\\dpupdchk.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\1.2.183.39\\GoogleCrashHandler.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Linksys\\WUSB600N\\WUSB600N.exe"=
"c:\\Program Files\\Common Files\\Logishrd\\KHAL2\\KHALMNPR.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\NVIDIA Corporation\\nView\\nwiz.exe"=
"c:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe"=
"c:\\WINDOWS\\system32\\CTHELPER.EXE"=
"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DW20.EXE"=
"c:\\USBStorage\\USBDetector.exe"=
"c:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe"=
"c:\\Program Files\\Logitech\\SetPoint\\LU\\LULnchr.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\ComboFix.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [5/19/2009 12:53 PM 45824]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 4:25 PM 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 4:25 PM 36352]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 12:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 12:34 PM 555032]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [6/23/2009 12:36 PM 18840]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 12:34 PM 566296]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [5/19/2009 12:53 PM 56960]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [5/19/2009 4:32 AM 91830]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 4:25 PM 77056]
S1 khichjfa;khichjfa;\??\c:\windows\system32\drivers\khichjfa.sys --> c:\windows\system32\drivers\khichjfa.sys [?]
S1 tuptnchl;tuptnchl;\??\c:\windows\system32\drivers\tuptnchl.sys --> c:\windows\system32\drivers\tuptnchl.sys [?]
S1 xugkgpwf;xugkgpwf;\??\c:\windows\system32\drivers\xugkgpwf.sys --> c:\windows\system32\drivers\xugkgpwf.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 12:22 AM 212480]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [5/15/2009 1:51 PM 20160]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 12:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/29/2009 10:13 PM 157184]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 12:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 12:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 12:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 12:34 PM 566296]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4710912]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASC3360PR
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 05:22]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 05:22]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-220523388-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 04:27]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-220523388-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 04:27]
2010-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-220523388-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
2010-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-220523388-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{DE3F6AD8-35DF-4765-8202-9AB46C8BB149}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Copy to &Lightning Note - c:\program files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-18 16:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1645522239-220523388-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,e4,ad,53,a1,b5,3c,48,a3,76,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,e4,ad,53,a1,b5,3c,48,a3,76,59,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(504)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2448)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\brsvc01a.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\stsystra.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\mrtMngr.EXE
c:\windows\system\java.exe
c:\program files\real\realplayer\RealPlay.exe
.
**************************************************************************
.
Completion time: 2010-12-18 16:36:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-18 21:36
ComboFix2.txt 2010-12-17 17:04
Pre-Run: 54,478,782,464 bytes free
Post-Run: 54,561,247,232 bytes free
- - End Of File - - F4BA7FE55C20F810C47F99FCC5D2EC33
Virus.Sality
in Resolved Malware Removal Logs
Posted
okay, thanks. can you give me a list of procedures that I can print out and follow and if I have any other oroblems I can get on my laptop and ask you.