Jump to content

Kyo

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ah! Sorry! I forgot to add the MBAM log, and the lack of edit verb annoys me. MBAM Log; Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8192 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/19/2011 3:22:10 AM mbam-log-2011-11-19 (03-22-10).txt Scan type: Quick scan Objects scanned: 142622 Time elapsed: 2 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix Log; ComboFix 11-11-19.01 - Me 11/19/2011 2:59.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.416 [GMT -5:00] Running from: c:\documents and settings\Me\My Documents\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\drvrtmp . Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys . . ((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 ))))))))))))))))))))))))))))))) . . 2011-11-17 16:31 . 2011-11-17 16:31 -------- d-----w- C:\Perfect World Entertainment 2011-11-04 08:33 . 2011-11-04 08:33 -------- d-----w- C:\Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-28 07:06 . 2004-08-12 13:56 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2004-08-12 14:02 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2004-08-12 14:02 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:20 . 2004-08-12 14:09 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:48 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48 . 2004-08-12 13:59 43520 ------w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56 . 2004-08-12 13:57 385024 ------w- c:\windows\system32\html.iec 2011-11-10 19:20 . 2011-11-04 08:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\documents and settings\Me\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-17 3303000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-03-14 08:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-11-14 02:13 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] 2008-08-29 21:27 143360 ----a-w- c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BYOND\\bin\\byond.exe"= "c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"= "c:\\Documents and Settings\\Me\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1058:TCP"= 1058:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/4/2011 2:22 AM 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2011 2:22 AM 320856] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/12/2004 9:06 AM 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/4/2011 2:22 AM 20568] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/19/2011 2:44 AM 366152] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/19/2011 2:44 AM 22216] R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [11/4/2011 9:55 AM 254720] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [11/4/2011 9:55 AM 398720] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2011 4:34 AM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2011 4:34 AM 136176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 09:34] . 2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 09:34] . 2011-11-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\f6qp92fc.default\ . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-UIUCU - c:\docume~1\Me\LOCALS~1\Temp\UIUCU.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-19 03:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(676) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(4072) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-11-19 03:13:34 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-19 08:13 . Pre-Run: 17,162,739,712 bytes free Post-Run: 17,130,532,864 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - C785BEF05E928F38E40CAFEFCA964704 DDS will be attached below. dds.txt
  2. MBAM Log; ComboFix Log; ComboFix 11-11-19.01 - Me 11/19/2011 2:59.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.416 [GMT -5:00] Running from: c:\documents and settings\Me\My Documents\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\drvrtmp . Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys . . ((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 ))))))))))))))))))))))))))))))) . . 2011-11-17 16:31 . 2011-11-17 16:31 -------- d-----w- C:\Perfect World Entertainment 2011-11-04 08:33 . 2011-11-04 08:33 -------- d-----w- C:\Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-28 07:06 . 2004-08-12 13:56 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2004-08-12 14:02 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2004-08-12 14:02 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:20 . 2004-08-12 14:09 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:48 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48 . 2004-08-12 13:59 43520 ------w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56 . 2004-08-12 13:57 385024 ------w- c:\windows\system32\html.iec 2011-11-10 19:20 . 2011-11-04 08:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\documents and settings\Me\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-17 3303000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-03-14 08:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-11-14 02:13 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] 2008-08-29 21:27 143360 ----a-w- c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BYOND\\bin\\byond.exe"= "c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"= "c:\\Documents and Settings\\Me\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1058:TCP"= 1058:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/4/2011 2:22 AM 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2011 2:22 AM 320856] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/12/2004 9:06 AM 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/4/2011 2:22 AM 20568] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/19/2011 2:44 AM 366152] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/19/2011 2:44 AM 22216] R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [11/4/2011 9:55 AM 254720] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [11/4/2011 9:55 AM 398720] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2011 4:34 AM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2011 4:34 AM 136176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 09:34] . 2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 09:34] . 2011-11-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\f6qp92fc.default\ . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-UIUCU - c:\docume~1\Me\LOCALS~1\Temp\UIUCU.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-19 03:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(676) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(4072) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-11-19 03:13:34 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-19 08:13 . Pre-Run: 17,162,739,712 bytes free Post-Run: 17,130,532,864 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - C785BEF05E928F38E40CAFEFCA964704 DDS will be attached below.
  3. Right, so recently, I restored my computer due to Avast finding a couple of viruses during a scan (didn't bother looking into how to remove them). Once I finished restoring the computer, I went along and downloaded the free version of Malwarebytes and SUPERAntispyware. All was well for a few days, but I noticed that Malwarebytes was blocking quite a few incoming IP's. Only tonight has the program started to pick up outgoing IP's. I figured this isn't normal, and I should reach out for help. I scanned with Malwarebytes (Quick Scan) first, but I found nothing. Just to be safe though, I came here and followed the steps found in the sticky. I'll attach the DDS logs to this post. Please Ignore the last two attachments. I had Avast running and I'm fairly certain that messed with the results. Okay... someone deleted my second post and cluster the two. Please Download THE SECOND PAIR of attachments, not the first. I didn't have an edit verb. :T . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01 Run by Me at 21:42:52 on 2011-11-10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.85 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe . ============== Pseudo HJT Report =============== . BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab TCP: DhcpNameServer = 68.87.73.246 68.87.71.230 TCP: Interfaces\{1D10BD5F-7C7B-4897-9DCE-32CB2C89676D} : DhcpNameServer = 68.87.73.246 68.87.71.230 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\me\application data\mozilla\firefox\profiles\f6qp92fc.default\ FF - plugin: c:\program files\byond\bin\npbyond.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-4 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-4 320856] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-4 20568] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-4 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-6 366152] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-6 22216] R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2011-11-4 254720] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2011-11-4 398720] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-4 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-4 136176] . =============== Created Last 30 ================ . 2011-11-11 02:20:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-11-06 15:37:34 -------- d-----w- c:\program files\Smart-ActiveX 2011-11-06 15:30:54 -------- d-----w- c:\windows\pss 2011-11-06 15:11:16 -------- d-sh--w- c:\documents and settings\me\PrivacIE 2011-11-06 14:50:58 -------- d-----w- c:\documents and settings\me\Shared 2011-11-06 14:50:58 -------- d-----w- c:\documents and settings\me\Incomplete 2011-11-06 14:48:57 69632 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-06 14:40:46 -------- d-----w- c:\documents and settings\me\application data\MP3Rocket 2011-11-06 14:40:30 -------- d-----w- c:\program files\MP3 Rocket 2011-11-06 10:02:14 -------- d-----w- c:\documents and settings\me\application data\Malwarebytes 2011-11-06 10:01:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-11-06 10:00:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-06 10:00:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-06 09:52:36 -------- d-----w- c:\documents and settings\me\application data\SUPERAntiSpyware.com 2011-11-06 09:51:55 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-06 09:51:55 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-11-05 18:36:40 135168 ----a-w- c:\windows\system32\igfxres.dll 2011-11-05 03:44:41 -------- d-----w- c:\program files\BYOND 2011-11-05 01:40:37 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2011-11-05 01:39:53 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2011-11-05 01:39:10 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2011-11-05 01:38:04 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-11-05 01:38:02 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-11-05 01:35:46 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-11-05 01:35:40 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2011-11-04 14:55:51 -------- d-----w- c:\windows\VMUVC 2011-11-04 14:55:37 73728 ----a-w- c:\windows\system32\exvmuvc.ax 2011-11-04 14:55:37 254720 ----a-w- c:\windows\system32\drivers\VMUVC.sys 2011-11-04 14:55:37 188416 ----a-w- c:\windows\system32\vvftUVC.ax 2011-11-04 14:55:36 98304 ----a-w- c:\windows\system32\VMCtrl.ax 2011-11-04 14:55:36 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll 2011-11-04 14:55:36 516096 ----a-w- c:\windows\system32\VMUVC.ax 2011-11-04 14:55:36 398720 ----a-w- c:\windows\system32\drivers\vvftUVC.sys 2011-11-04 14:55:36 11776 ----a-w- c:\windows\system32\VMUVC.dll 2011-11-04 14:55:31 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2011-11-04 14:55:24 -------- d-----w- c:\program files\Vimicro Corporation 2011-11-04 09:37:16 -------- d-----w- c:\program files\CCleaner 2011-11-04 09:35:16 -------- d-----w- c:\documents and settings\me\local settings\application data\Temp 2011-11-04 09:34:56 -------- d-----w- c:\documents and settings\me\local settings\application data\Google 2011-11-04 08:35:49 -------- d-sh--w- c:\documents and settings\me\IETldCache 2011-11-04 08:34:01 -------- d-----w- c:\documents and settings\me\application data\Toribash 2011-11-04 08:33:14 -------- d-----w- C:\Games 2011-11-04 08:33:12 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-11-04 08:32:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 08:30:35 -------- d-----w- c:\windows\ie8updates 2011-11-04 08:29:39 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-11-04 08:29:38 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2011-11-04 08:29:38 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2011-11-04 08:29:38 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-11-04 08:29:38 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2011-11-04 08:29:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-11-04 08:29:36 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll 2011-11-04 08:27:51 -------- dc-h--w- c:\windows\ie8 2011-11-04 08:06:00 -------- d-----w- c:\windows\system32\scripting 2011-11-04 08:06:00 -------- d-----w- c:\windows\l2schemas 2011-11-04 08:05:59 -------- d-----w- c:\windows\system32\en 2011-11-04 08:05:59 -------- d-----w- c:\windows\system32\bits 2011-11-04 08:01:48 -------- d-----w- c:\windows\network diagnostic 2011-11-04 07:56:09 -------- d-----w- c:\windows\EHome 2011-11-04 07:52:05 -------- d-----r- c:\program files\Skype 2011-11-04 07:33:43 -------- d-----w- c:\windows\ServicePackFiles 2011-11-04 07:26:57 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys 2011-11-04 07:26:57 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys 2011-11-04 07:26:57 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys 2011-11-04 07:22:54 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-04 07:22:14 41184 ----a-w- c:\windows\avastSS.scr 2011-11-04 07:21:50 -------- d-----w- c:\program files\AVAST Software 2011-11-04 07:21:50 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2011-11-04 07:13:19 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2011-11-04 07:13:19 272128 ------w- c:\windows\system32\drivers\bthport.sys 2011-11-04 07:13:12 357888 -c----w- c:\windows\system32\dllcache\srv.sys 2011-11-04 07:13:06 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2011-11-04 07:12:50 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2011-11-04 07:12:50 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2011-11-04 07:12:38 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2011-11-04 07:09:47 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2011-11-04 07:08:52 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2011-11-04 07:08:45 -------- d-----w- c:\documents and settings\me\application data\Paltalk 2011-11-04 07:08:39 -------- d-----w- c:\windows\Paltalk Messenger 2011-11-04 07:08:38 -------- d-----w- c:\program files\Paltalk Messenger 2011-11-04 06:41:33 24064 ----a-w- c:\windows\system32\IntelNic.dll 2011-11-04 06:41:33 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys 2011-11-04 06:41:33 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys 2011-11-04 06:41:33 12288 ----a-w- c:\windows\system32\e100bmsg.dll 2011-11-04 06:41:33 118784 ----a-w- c:\windows\system32\Prounstl.exe 2011-11-04 06:41:33 -------- d-----w- C:\drvrtmp 2011-11-04 06:40:07 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2011-11-04 06:40:06 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2011-11-04 06:40:05 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2011-11-04 06:40:01 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2011-11-04 06:38:17 -------- d-----w- c:\windows\system32\ReinstallBackups 2011-11-04 06:37:25 -------- d-----w- c:\program files\Broadcom 2011-11-04 06:36:13 618880 ----a-w- c:\windows\system32\drivers\IntelC52.sys 2011-11-04 06:36:13 49152 ----a-w- c:\windows\system32\mhwt.dll 2011-11-04 06:36:13 47360 ----a-w- c:\windows\system32\drivers\IntelC53.sys 2011-11-04 06:36:13 36880 ----a-w- c:\windows\system32\drivers\mohfilt.sys 2011-11-04 06:36:13 172032 ----a-w- c:\windows\system32\intelmoh.dll 2011-11-04 06:36:13 1339776 ----a-w- c:\windows\system32\drivers\IntelC51.sys 2011-11-04 06:08:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-11-04 06:08:28 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2011-11-04 06:04:09 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2011-11-04 06:04:09 -------- d-----w- c:\windows\system32\PreInstall 2011-11-04 06:04:08 -------- d--h--w- c:\windows\$hf_mig$ 2011-11-04 06:01:13 -------- d-----w- c:\windows\system32\SoftwareDistribution . ==================== Find3M ==================== . 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec 2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys . ============= FINISH: 21:44:58.31 =============== dds.txt attach.txt dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.