cucm
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by cucm
-
-
Thanks. I had a strong feeling that it was a MBR related issue. After ruling out HW and doing some research I ran the program RootRepeal which found the rootkit and removed it. After this I had missing ntldr message which was resolved after running xp recovery mode. Original problem was resolved
Today I found that lot of messages were sent from facebook account. I ran MBAM which found switch.dialer and removed it
I am worried and would appreciate some advice by experts
cucm
-
Hi
I have a laptop running Windows XP home edition. Since yesterday it has developed some problem. It boots OK but after few minutes it freezes completely giving continuous annoying beep. Only way to recover is to power off and on. So far I have ran MBAM,Spy-bot and McAfee in safe mode and it was clean. HW diagnostics was clean so no memory issues. I would really appreciate if someone can help me here
cheers
cucm
-
Hi
Sorry I have been away for a while. I did as suggested plus McAfee and MS Online Scanner. They found couple of viruses and got rid of them. Since then it has been working fine. Many thanks for youe help. Do I need to carry out any furtehr scan to be 100% sure about this?
Thanks
Atul
-
Thanks. I ran Combofix yesterday which deleted a few files , I am attaching latest log from Combofix
ComboFix 09-08-10.06 - ati 13/08/2009 10:03.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1396 [GMT 1:00]
Running from: c:\documents and settings\ati\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.
2009-08-12 17:24 . 2009-08-12 17:24 -------- d-----w- c:\program files\ImgBurn
2009-08-12 17:11 . 2009-08-12 17:16 -------- d-----w- C:\pebuilder3110a
2009-08-12 08:56 . 2009-08-12 08:56 -------- d-----w- c:\program files\Trend Micro
2009-08-12 07:02 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 12:09 . 2009-07-31 12:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-27 09:45 . 2009-07-27 09:45 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-07-24 07:12 . 2009-07-24 07:12 1878984 ----a-w- c:\documents and settings\ati\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-07-14 09:29 . 2008-09-04 19:53 10744 ----a-w- c:\windows\system32\drivers\urfltw2k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 06:10 . 2007-05-19 08:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-13 05:50 . 2007-07-27 09:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-08-13 05:50 . 2007-07-27 09:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\VMware
2009-08-12 15:32 . 2007-05-19 08:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-12 15:25 . 2007-08-08 09:06 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-08-12 07:56 . 2008-12-31 12:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 07:41 . 2008-12-06 10:46 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-09 09:40 . 2008-11-23 22:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-09 09:35 . 2009-01-01 22:55 -------- d-----w- c:\program files\McAfee
2009-08-08 09:57 . 2009-01-01 13:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-08-05 15:07 . 2007-05-19 15:00 5954 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-05 15:07 . 2007-05-19 15:00 168 --sh--r- c:\windows\system32\0ABFAD259E.sys
2009-08-05 09:01 . 2004-08-10 11:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 12:36 . 2008-12-31 12:32 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2008-12-31 12:32 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 09:41 . 2007-05-09 21:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 19:01 . 2004-08-10 11:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 11:32 . 2009-01-01 22:56 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-15 10:31 . 2008-06-12 11:28 -------- d-----w- c:\program files\NCH Swift Sound
2009-07-15 10:31 . 2008-06-12 11:31 -------- d-----w- c:\documents and settings\ati\Application Data\NCH Swift Sound
2009-07-15 10:30 . 2007-06-03 14:32 -------- d-----w- c:\program files\DivX
2009-07-12 11:21 . 2004-08-10 11:51 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 07:24 . 2009-01-01 22:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-08 12:44 . 2009-01-01 22:56 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 12:44 . 2009-01-01 22:56 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 12:44 . 2009-01-01 22:56 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-08 12:44 . 2009-01-01 22:56 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 12:43 . 2009-01-01 22:52 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-03 17:09 . 2004-08-10 11:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 13:55 . 2007-07-27 09:31 -------- d-----w- c:\documents and settings\ati\Application Data\VMware
2009-07-02 13:01 . 2009-07-02 13:01 1398 ----a-r- c:\documents and settings\ati\Application Data\Microsoft\Installer\{8288E6AA-CEB4-43F0-8E67-A794AD92B912}\_497f23e.exe
2009-07-02 13:01 . 2009-07-02 13:01 -------- d-----w- c:\program files\Cisco CDR Time Converter
2009-06-30 07:10 . 2007-05-09 21:17 -------- d-----w- c:\program files\Google
2009-06-26 12:26 . 2007-11-06 20:22 42000 ----a-w- c:\windows\system32\drivers\npf.sys
2009-06-25 09:19 . 2007-05-14 11:05 90112 -c--a-w- c:\documents and settings\ati\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 08:31 . 2009-06-25 08:31 79812 ----a-w- c:\windows\Fonts\SP77N.ttf
2009-06-22 14:23 . 2009-06-22 14:23 239088 ----a-w- c:\documents and settings\ati\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-22 12:57 . 2009-05-13 13:47 -------- d-----w- c:\program files\freeFTPd
2009-06-16 14:36 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 11:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 13:54 . 2007-10-11 15:58 -------- d-----w- c:\program files\Cisco Systems
2009-06-16 13:51 . 2008-02-14 22:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Cisco
2009-06-14 21:02 . 2009-06-14 20:50 -------- d-----w- c:\documents and settings\ati\Application Data\PC Suite
2009-06-14 20:58 . 2009-06-14 20:58 -------- d-----w- c:\documents and settings\ati\Application Data\Nokia Multimedia Player
2009-06-14 20:54 . 2009-06-14 20:53 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PC Suite
2009-06-14 20:52 . 2009-06-14 20:52 -------- d-----w- c:\documents and settings\ati\Application Data\Nokia
2009-06-14 20:51 . 2009-06-14 20:51 -------- d-----w- c:\program files\DIFX
2009-06-14 20:51 . 2009-06-14 20:51 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-14 20:51 . 2009-06-14 20:51 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-14 20:51 . 2009-06-14 20:50 -------- d-----w- c:\program files\Nokia
2009-06-14 20:50 . 2009-06-14 20:50 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-14 20:49 . 2009-06-14 20:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Installations
2009-06-14 11:46 . 2009-06-14 11:46 390664 ----a-w- c:\documents and settings\ati\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-12 12:31 . 2004-08-10 11:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 11:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2004-08-10 12:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-05-15 12:50 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-04 13:38 . 2009-06-04 13:37 2440754 ----a-w- c:\program files\Common Files\UnifiedClientInstall.log
2009-06-03 19:09 . 2004-08-10 11:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-03-24 12:11 . 2009-03-24 12:12 1897 ----a-w- c:\program files\Common Files\pcc.ssl
.
((((((((((((((((((((((((((((( SnapShot@2009-08-12_18.45.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 05:50 . 2009-08-13 05:50 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2009-08-13 05:50 . 2009-08-13 05:50 16384 c:\windows\Temp\Perflib_Perfdata_3c4.dat
+ 2004-08-10 11:51 . 2009-08-13 05:55 74188 c:\windows\system32\perfc009.dat
- 2004-08-10 11:51 . 2009-08-12 18:41 74188 c:\windows\system32\perfc009.dat
+ 2007-05-14 11:01 . 2009-08-13 05:48 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-05-14 11:01 . 2009-08-12 17:01 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-05-14 11:01 . 2009-08-13 05:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-14 11:01 . 2009-08-12 17:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-14 11:01 . 2009-08-12 17:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-05-14 11:01 . 2009-08-13 05:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-08-12 17:06 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\spcustom.dll
- 2009-08-12 17:06 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\spmsg.dll
- 2009-06-25 08:41 . 2009-06-25 08:41 54272 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\wdigest.dll
- 2009-06-25 08:41 . 2009-06-25 08:41 56832 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\secur32.dll
- 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\ksecdd.sys
- 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\wdigest.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 56832 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\secur32.dll
- 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\ksecdd.sys
+ 2004-08-10 11:51 . 2009-08-13 05:55 448622 c:\windows\system32\perfh009.dat
- 2004-08-10 11:51 . 2009-08-12 18:41 448622 c:\windows\system32\perfh009.dat
+ 2009-05-16 11:29 . 2009-08-13 05:48 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-05-16 11:29 . 2009-08-12 17:01 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-08-12 17:06 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\updspapi.dll
- 2009-08-12 17:06 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe
- 2009-08-12 17:06 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\spuninst.exe
- 2009-06-25 08:41 . 2009-06-25 08:41 147456 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\schannel.dll
- 2009-06-25 08:41 . 2009-06-25 08:41 136704 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\msv1_0.dll
- 2009-06-26 09:41 . 2009-06-26 09:41 730112 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\lsasrv.dll
- 2009-06-25 08:41 . 2009-06-25 08:41 301568 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3qfe\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 147456 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\schannel.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\msv1_0.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 730112 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\lsasrv.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp3gdr\kerberos.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-31 1392640]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-28 198160]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"PD0620 STISvc"="P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\ati\Start Menu\Programs\Startup\
lab route.bat [2009-3-15 51]
OneNote Table Of Contents.onetoc2 [2008-7-29 3656]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^ati^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\ati\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Belkin\\All-in-One Print Server\\MFPAgent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Dynamips\\dynamips.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=
"c:\\Program Files\\IP blue\\VTGO\\bin\\VTGOhttpServer.exe"=
"c:\\Program Files\\IP blue\\VTGO\\Media\\BlueMedia.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\AudioTuningWizard.exe"=
"c:\\Documents and Settings\\ati\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\ati\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"=
"c:\\Documents and Settings\\ati\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco Unified Personal Communicator\\CUPCK9.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [24/01/2008 19:47 35692]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28/10/2008 17:42 156968]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [01/01/2009 23:59 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 21:22 42000]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [04/09/2008 20:53 33400]
R3 WUSBVBus;MFP Server Detector;c:\windows\system32\drivers\mfpvbus.sys [24/06/2007 12:18 9472]
S2 ALIWEHCD;Belkin All-In-One Print Server Enhanced Controller;c:\windows\system32\drivers\mfpec.sys [24/06/2007 12:18 53152]
S2 gupdate1c994fa5f5c1598;Google Update Service (gupdate1c994fa5f5c1598);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2009 15:32 133104]
S2 kbxauq;kbxauq;c:\windows\system32\drivers\wmbbn.sys --> c:\windows\system32\drivers\wmbbn.sys [?]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [14/07/2009 10:29 10744]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [01/10/2006 13:37 26624]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070509
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Dial with VT&GO - file:///c:\program files\IP blue\VTGO\Scripts\dialer.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {50F851B0-0BBE-11D2-A237-00C04FBBD1CD} - hxxp://172.16.11.104/ciscopca/controls/MediaMasENU.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 10:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-08-13 10:13
ComboFix-quarantined-files.txt 2009-08-13 09:13
ComboFix2.txt 2009-08-12 18:48
ComboFix3.txt 2009-01-03 09:51
Pre-Run: 9,789,427,712 bytes free
Post-Run: 9,745,068,032 bytes free
261 --- E O F --- 2009-08-12 15:26
-
Hi ,
Last night my computer got infected and I was able to remove few infections using MBAM but can't get rid of this one. I am attaching MBAM and hijackthis log.
Any help will be greatly appreciated as it is driving me crazy
Malwarebytes' Anti-Malware 1.40
Database version: 2610
Windows 5.1.2600 Service Pack 3
12/08/2009 09:54:16
mbam-log-2009-08-12 (09-54-16).txt
Scan type: Quick Scan
Objects scanned: 119510
Time elapsed: 7 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:57:28, on 12/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\vmnetdhcp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\cmd.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070509
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=5070509
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: lab route.bat
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Startup: Show VQManager.lnk = C:\ManageEngine\VQManager\bin\VQManager.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Dial with VT&GO - file:///C:\Program Files\IP blue\VTGO\Scripts\dialer.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://remote.harrow.gov.uk/vdesk/terminal...0,2008,904,1951
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://remote.harrow.gov.uk/vdesk/terminal...0,2008,904,1947
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {50F851B0-0BBE-11D2-A237-00C04FBBD1CD} (AvMediaMasterCtrl Class) - http://172.16.11.104/ciscopca/controls/MediaMasENU.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://remote.harrow.gov.uk/vdesk/terminal...0,2008,904,1945
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ciscosales.webex.com/client/T26L10N...bex/ieatgpc.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://remote.harrow.gov.uk/vdesk/terminal...0,2008,904,1940
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://secure.peterborough.gov.uk/dana-cac...perSetupSP1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c994fa5f5c1598) (gupdate1c994fa5f5c1598) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 12879 bytes
-
Hi There,
Its all looking good .great start of 2009
. Many thanks for your kind helpcucm
-
Hello Mate.....
yes things are looking better.....nothing reported in latest MBAM scan. I still have spy-bot disabled ........pls let me know what you think. Your help over WE is highly appreciated ....
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Malwarebytes' Anti-Malware 1.31
Database version: 1603
Windows 5.1.2600 Service Pack 3
03/01/2009 20:04:07
mbam-log-2009-01-03 (20-04-07).txt
Scan type: Quick Scan
Objects scanned: 68798
Time elapsed: 6 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Hi
Posting the last log from Kas......took a while
cheers
cucm
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 3, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 03, 2009 10:03:19
Records in database: 1553339
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 111511
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:19:26
No malware has been detected. The scan area is clean.
The selected area was scanned.
-
Hi,
Posting Gmer.txt...will post Kaspersky once completed. It seems it is going to take a while to finish
cheers
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-03 10:17:59
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT sptd.sys ZwCreateKey [0xB9ED10B0]
SSDT sptd.sys ZwEnumerateKey [0xB9ED684C]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED6BEC]
SSDT sptd.sys ZwOpenKey [0xB9ED1090]
SSDT sptd.sys ZwQueryKey [0xB9ED6CC4]
SSDT sptd.sys ZwQueryValueKey [0xB9ED6B44]
SSDT sptd.sys ZwSetValueKey [0xB9ED6D56]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA92039CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA9203978]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA920398C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA9203A7B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA9203AA7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA9203A0A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA9203B41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA9203950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA9203964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA92039DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA9203AE9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA9203A91]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA9203B69]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA9203B55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA92039B6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA92039A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9203A39]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA9203B2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA9203A20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA92039F4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8A88B1D8
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 8A82A5A0
Device \Driver\usbuhci \Device\USBPDO-1 8A82A5A0
Device \Driver\usbuhci \Device\USBPDO-2 8A82A5A0
Device \Driver\usbehci \Device\USBPDO-3 8A7671D8
Device \Driver\usbuhci \Device\USBPDO-4 8A82A5A0
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8FE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8FE1D8
Device \Driver\Cdrom \Device\CdRom0 8A728708
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A8FE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A8FE1D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A02E1D8
Device \Driver\usbhub \Device\00000090 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\NetBT \Device\NetbiosSmb 8A02E1D8
Device \Driver\usbhub \Device\00000092 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000094 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{A930F8A5-06FF-401D-B4D9-B90BE5F818DD} 8A02E1D8
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\usbhub \Device\00000096 hcmon.sys (VMware USB monitor/VMware, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\usbhub \Device\00000098 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 8A82A5A0
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 8A82A5A0
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 8A82A5A0
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A02B1D8
Device \Driver\usbuhci \Device\USBFDO-3 8A82A5A0
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A02B1D8
Device \Driver\usbehci \Device\USBFDO-4 8A7671D8
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Ftdisk \Device\FtControl 8A8FE1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{97356776-AC10-4A3C-B1B7-7E501BFC9CC0} 8A02E1D8
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\Fastfat \Fat 89B9D1D8
Device \FileSystem\Fastfat \Fat A79F6297
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Cdfs \Cdfs 8A0231D8
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1021613300
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 2042680831
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0xFF 0x27 0x67 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0xFF 0x27 0x67 ...
---- EOF - GMER 1.0.14 ----
-
Good Morning,
Copying the log as suggested......many thanks for continued support
ComboFix 09-01-01.02 - ati 2009-01-03 9:46:51.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1560 [GMT 0:00]
Running from: c:\documents and settings\ati\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ati\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\26ef3f82c3a146be4dfd0de24c50ee
c:\26ef3f82c3a146be4dfd0de24c50ee\atl80.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\cert.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\conflictingappmodule.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\de-at\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\de-at\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\de-ch\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\de-ch\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\de-de\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\de-de\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\en-au\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\en-au\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\en-ca\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\en-ca\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\en-gb\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\en-gb\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\en-hk\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\en-hk\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\en-ie\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\en-ie\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\en-in\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\en-in\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\en-nz\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\en-nz\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\en-sg\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\en-sg\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\es-es\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\es-es\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\es-mx\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\es-mx\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\es-us\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\es-us\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\fr-be\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\fr-be\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\fr-ca\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\fr-ca\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\fr-ch\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\fr-ch\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\fr-fr\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\fr-fr\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\it-it\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\it-it\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\ja-jp-psloc\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\ja-jp-psloc\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\ja-jp\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\ja-jp\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\ko-kr\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\ko-kr\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\microsoft.vc80.atl.manifest
c:\26ef3f82c3a146be4dfd0de24c50ee\microsoft.vc80.crt.manifest
c:\26ef3f82c3a146be4dfd0de24c50ee\msvcp80.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\msvcr80.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\nl-be\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\nl-be\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\nl-nl\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\nl-nl\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\ochelpagent.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\ocsetup.exe
c:\26ef3f82c3a146be4dfd0de24c50ee\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\pt-br\eula.rtf
c:\26ef3f82c3a146be4dfd0de24c50ee\pt-br\ocsetupro.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\service.xml
c:\26ef3f82c3a146be4dfd0de24c50ee\winsscommon.dll
c:\26ef3f82c3a146be4dfd0de24c50ee\winssplatform.dll
c:\windows\system32\ltvoypej.exe
.
---- Previous Run -------
.
c:\windows\system32\_003284_.tmp.dll
c:\windows\system32\_003285_.tmp.dll
c:\windows\system32\_003286_.tmp.dll
c:\windows\system32\_003287_.tmp.dll
c:\windows\system32\_003292_.tmp.dll
c:\windows\system32\_003293_.tmp.dll
c:\windows\system32\_003294_.tmp.dll
c:\windows\system32\_003295_.tmp.dll
c:\windows\system32\_003296_.tmp.dll
c:\windows\system32\_003297_.tmp.dll
c:\windows\system32\_003298_.tmp.dll
c:\windows\system32\_003299_.tmp.dll
c:\windows\system32\_003300_.tmp.dll
c:\windows\system32\_003301_.tmp.dll
c:\windows\system32\_003302_.tmp.dll
c:\windows\system32\_003303_.tmp.dll
c:\windows\system32\_003304_.tmp.dll
c:\windows\system32\_003305_.tmp.dll
c:\windows\system32\_003306_.tmp.dll
c:\windows\system32\_003307_.tmp.dll
c:\windows\system32\_003308_.tmp.dll
c:\windows\system32\_003309_.tmp.dll
c:\windows\system32\_003310_.tmp.dll
c:\windows\system32\_003311_.tmp.dll
c:\windows\system32\_003313_.tmp.dll
c:\windows\system32\_003314_.tmp.dll
c:\windows\system32\_003316_.tmp.dll
c:\windows\system32\_003317_.tmp.dll
c:\windows\system32\_003318_.tmp.dll
c:\windows\system32\_003319_.tmp.dll
c:\windows\system32\_003320_.tmp.dll
c:\windows\system32\_003321_.tmp.dll
c:\windows\system32\_003323_.tmp.dll
c:\windows\system32\_003324_.tmp.dll
c:\windows\system32\_003325_.tmp.dll
c:\windows\system32\_003326_.tmp.dll
c:\windows\system32\_003327_.tmp.dll
c:\windows\system32\_003328_.tmp.dll
c:\windows\system32\_003329_.tmp.dll
c:\windows\system32\_003330_.tmp.dll
c:\windows\system32\_003333_.tmp.dll
c:\windows\system32\_003334_.tmp.dll
c:\windows\system32\_003335_.tmp.dll
c:\windows\system32\_003336_.tmp.dll
c:\windows\system32\_003337_.tmp.dll
c:\windows\system32\_003338_.tmp.dll
c:\windows\system32\_003339_.tmp.dll
c:\windows\system32\_003341_.tmp.dll
c:\windows\system32\_003342_.tmp.dll
c:\windows\system32\_003343_.tmp.dll
c:\windows\system32\_003344_.tmp.dll
c:\windows\system32\_003345_.tmp.dll
c:\windows\system32\_003346_.tmp.dll
c:\windows\system32\_003347_.tmp.dll
c:\windows\system32\_003348_.tmp.dll
c:\windows\system32\_003349_.tmp.dll
c:\windows\system32\_003350_.tmp.dll
c:\windows\system32\_003351_.tmp.dll
c:\windows\system32\_003352_.tmp.dll
c:\windows\system32\_003354_.tmp.dll
c:\windows\system32\_003355_.tmp.dll
c:\windows\system32\_003356_.tmp.dll
c:\windows\system32\_003357_.tmp.dll
c:\windows\system32\_003359_.tmp.dll
c:\windows\system32\_003361_.tmp.dll
c:\windows\system32\_003362_.tmp.dll
c:\windows\system32\_003363_.tmp.dll
c:\windows\system32\_003364_.tmp.dll
c:\windows\system32\_003365_.tmp.dll
c:\windows\system32\_003366_.tmp.dll
c:\windows\system32\_003367_.tmp.dll
c:\windows\system32\_003369_.tmp.dll
c:\windows\system32\_003370_.tmp.dll
c:\windows\system32\_003371_.tmp.dll
c:\windows\system32\_003372_.tmp.dll
c:\windows\system32\_003373_.tmp.dll
c:\windows\system32\_003374_.tmp.dll
c:\windows\system32\_003375_.tmp.dll
c:\windows\system32\_003376_.tmp.dll
c:\windows\system32\_003378_.tmp.dll
c:\windows\system32\_003379_.tmp.dll
c:\windows\system32\_003381_.tmp.dll
c:\windows\system32\_003382_.tmp.dll
c:\windows\system32\_003384_.tmp.dll
c:\windows\system32\_003385_.tmp.dll
c:\windows\system32\_003389_.tmp.dll
c:\windows\system32\_003390_.tmp.dll
c:\windows\system32\_003392_.tmp.dll
c:\windows\system32\_003395_.tmp.dll
c:\windows\system32\_003397_.tmp.dll
c:\windows\system32\_003398_.tmp.dll
c:\windows\system32\_003399_.tmp.dll
c:\windows\system32\_003400_.tmp.dll
c:\windows\system32\_003403_.tmp.dll
c:\windows\system32\_003404_.tmp.dll
c:\windows\system32\_003405_.tmp.dll
c:\windows\system32\_003406_.tmp.dll
c:\windows\system32\_003407_.tmp.dll
c:\windows\system32\_003412_.tmp.dll
c:\windows\system32\_003414_.tmp.dll
c:\windows\system32\_003415_.tmp.dll
c:\windows\system32\Config.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PACKET
-------\Service_Packet
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.
2009-01-02 15:09 . 2009-01-02 16:15 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-02 11:13 . 2009-01-02 11:25 <DIR> d-------- c:\documents and settings\ati\DoctorWeb
2009-01-02 10:17 . 2009-01-02 10:17 250 --a------ c:\windows\gmer.ini
2009-01-02 09:35 . 2009-01-02 09:35 <DIR> d-------- c:\program files\ERUNT
2009-01-02 09:02 . 2004-06-11 15:33 290,304 --a------ c:\windows\system32\subinacl.exe
2009-01-01 23:01 . 2009-01-03 09:43 8,677 --a------ c:\windows\system32\Config.MPF
2009-01-01 22:59 . 2009-01-01 22:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-01-01 22:56 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-01-01 22:56 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-01-01 22:56 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-01-01 22:56 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-01-01 22:55 . 2009-01-01 22:55 <DIR> d-------- c:\program files\McAfee.com
2009-01-01 22:55 . 2009-01-02 23:07 <DIR> d-------- c:\program files\McAfee
2009-01-01 22:55 . 2009-01-01 22:56 <DIR> d-------- c:\program files\Common Files\McAfee
2009-01-01 22:52 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-01-01 22:47 . 2009-01-01 23:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-01-01 22:19 . 2009-01-01 22:19 <DIR> d-------- C:\VundoFix Backups
2009-01-01 13:25 . 2009-01-01 14:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-12-31 12:32 . 2008-12-31 12:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-31 12:32 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-31 12:32 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 12:20 . 2008-12-30 12:20 <DIR> d-------- c:\windows\system32\IOSUBSYS
2008-12-18 15:28 . 2008-12-18 15:28 754 --a------ c:\windows\WORDPAD.INI
2008-12-17 18:33 . 2008-12-17 18:33 0 --ah----- c:\windows\SwSys2.bmp
2008-12-17 18:33 . 2008-12-17 18:33 0 --ah----- c:\windows\SwSys1.bmp
2008-12-17 01:20 . 2008-12-17 01:20 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-16 10:26 . 2008-12-16 10:26 <DIR> d-------- c:\program files\RealVNC
2008-12-15 01:11 . 2008-12-15 01:11 <DIR> d-------- c:\program files\VoIP Integration Tools
2008-12-14 21:38 . 2008-12-14 21:38 <DIR> d-------- c:\program files\Windows Defender
2008-12-08 19:37 . 2008-12-08 19:37 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-12-08 17:36 . 2009-01-01 18:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-07 11:05 . 2008-12-07 12:34 <DIR> d-------- C:\AVG
2008-12-06 23:11 . 2008-12-06 23:11 <DIR> d-------- c:\documents and settings\ati\Application Data\Malwarebytes
2008-12-06 23:11 . 2008-12-06 23:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-06 21:45 . 2008-12-06 21:45 <DIR> d-------- c:\documents and settings\ati\Application Data\InfraRecorder
2008-12-06 21:44 . 2008-12-06 21:44 <DIR> d-------- c:\program files\InfraRecorder
2008-12-06 10:46 . 2008-12-31 18:11 <DIR> d-------- c:\program files\Windows Live Safety Center
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 09:39 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-01-03 09:39 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-01-01 22:45 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-01 22:15 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-01 22:15 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-01 22:15 --------- d-----w c:\documents and settings\ati\Application Data\SUPERAntiSpyware.com
2009-01-01 18:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-01 13:25 --------- d-----w c:\program files\Google
2008-12-31 16:56 --------- d-----w c:\program files\MSECache
2008-12-31 09:20 --------- d-----w c:\documents and settings\ati\Application Data\VMware
2008-12-17 12:19 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-17 01:20 --------- d-----w c:\program files\Common Files\Real
2008-12-16 23:44 5,642 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-10 09:30 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-27 08:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-27 07:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-23 21:46 --------- d-----w c:\program files\Network Associates
2008-11-22 11:25 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
2008-11-16 20:33 --------- d-----w c:\program files\wfavvid
2008-11-13 15:22 --------- d-----w c:\documents and settings\ati\Application Data\Corel
2008-11-13 14:20 --------- d-----w c:\program files\Alcohol Soft
2008-11-13 14:13 639,224 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-12 10:13 --------- d-----w c:\documents and settings\ati\Application Data\OpenOffice.org2
2008-11-07 16:45 2,174,976 ----a-w c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-04-12 22:06 290 -c--a-w c:\documents and settings\ati\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-03_ 0.11.48.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2009-01-03\ERDNT.EXE
+ 2009-01-03 00:08:59 12,435,456 ----a-w c:\windows\ERDNT\AutoBackup\2009-01-03\Users\00000001\NTUSER.DAT
+ 2009-01-03 00:09:00 364,544 ----a-w c:\windows\ERDNT\AutoBackup\2009-01-03\Users\00000002\UsrClass.dat
- 2009-01-02 23:04:37 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-03 09:31:16 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-02 23:04:37 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-03 09:31:16 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-02 23:04:37 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-03 09:31:16 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-03 09:38:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_740.dat
+ 2009-01-03 09:38:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_784.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\ati\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-31 1392640]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-17 185896]
"Claritel-i750"="c:\program files\Clarisys\Claritel-i750\Ipnappgw.exe" [2003-09-25 471040]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\ati\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote Table Of Contents.onetoc2 [2008-07-29 3656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Cisco Systems\\ASDM\\asdm-launcher.exe"=
"c:\\Program Files\\Belkin\\All-in-One Print Server\\MFPAgent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Dynamips\\dynamips.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IP blue\\VTGO\\bin\\VTGOhttpServer.exe"=
"c:\\Program Files\\IP blue\\VTGO\\Media\\BlueMedia.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\AudioTuningWizard.exe"=
"c:\\Documents and Settings\\ati\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\ati\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\DRIVERS\CdpPacket.sys [2008-01-24 35692]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2009-01-01 206096]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [2007-06-24 9472]
S2 0085111230937697mcinstcleanup;McAfee Application Installer Cleanup (0085111230937697);c:\windows\TEMP\008511~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 ALIWEHCD;Belkin All-In-One Print Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [2007-06-24 53152]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
.
Contents of the 'Scheduled Tasks' folder
2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
2009-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2751221988-1012368364-2767497333-1006.job
- c:\documents and settings\ati\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-03 09:39]
2009-01-01 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
2009-01-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2008-12-28 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2007-07-27 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{1787b124-49fa-442f-84cf-e66ec75db118} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070509
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Dial with VT&GO - file:///c:\program files\IP blue\VTGO\Scripts\dialer.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ati\Application Data\Mozilla\Firefox\Profiles\48ll4z22.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\ati\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ati\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 09:49:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-03 9:51:49
ComboFix-quarantined-files.txt 2009-01-03 09:50:47
Pre-Run: 12,429,676,544 bytes free
Post-Run: 12,406,583,296 bytes free
438 --- E O F --- 2009-01-03 00:13:52
-
Hi there
I followed the instructions but the PC showed me Blue Screen while Combi was dumping the log. I am copying both files as requested.. Your help is much appreciated
1) Add-Remove Programs.txt-------------->
**********************************************************************
2007 Microsoft Office Suite Service Pack 1 (SP1)
3CDaemon
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Belkin All-in-One Print Server
Boson Utilities\Calc
Boson Utilities\SubnetCalc
Broadcom Management Programs
ChmDecompiler v 3.40 Build 535
Cisco ASDM Launcher
Cisco CallManager Serviceability Real-Time Monitoring Tool
Cisco CRS Editor
Cisco IP Communicator
Cisco Systems VPN Client 5.0.01.0600
Cisco Unified Communications Manager Attendant Console
Collaboration Data Objects 1.2.1
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Creative Photo Manager
Creative WebCam Center
Creative WebCam Instant Driver (1.03.02.0425)
Creative WebCam Instant User's Guide (English)
Dell Driver Reset Tool
Dell Network Assistant
Dell Support 3.2.1
Dell System Restore
Dell Wireless WLAN Card
Desktop Publisher
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DIY DataRecovery iRecover 3
Dynagen 0.11.0
EPSON Printer Software
ERUNT 1.1j
Ethereal 0.99.0
Express Burn
Express Rip
FileOpen Plug-in for Adobe Acrobat
-
Hi All,
It seems my PC is infected with this Virus. Spy-bot, McAfee does not detect it but everytime I run Malware Bytes it detects it. If removes it but bang it comes back again. I tried deleting the entry manually without any luck
I have attached the log . Any help will be greatly appreciated
Malwarebytes' Anti-Malware 1.31
Database version: 1594
Windows 5.1.2600 Service Pack 3
02/01/2009 09:31:22
mbam-log-2009-01-02 (09-31-22).txt
Scan type: Full Scan (C:\|)
Objects scanned: 37286
Time elapsed: 16 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
. Many thanks for your kind help
Windows XP home edition, freezing with continuous beeping
in Malwarebytes for Windows Support Forum
Posted
Hi
I have changed passwords etc. No infections reported in MBAM ,MacAfee and Spy-bot. I ran Conbofix yesterday , copying the log here