Jump to content

Recommended Posts

Hello first off I am running Windows XP with Verizon Internet Security Suite, Spybot S&D, and Malewarebytes. About a week and a half ago my computer was hit with some pretty nasty viruses including the "Koobface" virus from facebook, I downloaded Malewarebytes and cleaned the whole system including turning off sytem restore which has been off ever since. But twice since then every couple off days i'll be browsing on a known safe website and I won't even click on anything and Adobe reader will pop up and my firewall and active virus protection will start sending alerts and blocking viruses and saying a bunch of viruses have been found. I then run Malwarebytes and Verizon in safe mode and everything is good again. Koobface always is on the list even after I have changed my Facebook passward and hardly go on it anymore, as well as I have noticed a "Freddy46" in my Msconfig startup that I unchecked that I know that is a virus but nothing picks it up and deletes it. Any help is greatly appreacated!

Here is my HiJackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:24:43 PM, on 6/18/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\pctspk.exe

C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe

C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Trend Micro\HijackCheck\HCheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 94.232.248.66 secure-service.microsoft.com

O1 - Hosts: 94.232.248.66 antivirussyspro2009.com

O1 - Hosts: 94.232.248.66 www.antivirussyspro2009.com

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228

O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe

O23 - Service: Verizon Internet Security Suite SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 9257 bytes

Link to post
Share on other sites

  • Staff

Hi,

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Then, I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

Hi thank you for the help, I followed your instructions and everything went well just after combofix was done I turned my virus protection back on and advanced serurity warned me of a potential threat but it said combofix in the file so I allowed it instead of quarentining it I hope that didn't complicate anything I did have everything off during the scan though. But here is my log:

ComboFix 09-06-18.02 - Andrew 06/19/2009 17:06.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.241 [GMT -4:00]

Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\WinPCap

c:\program files\WinPCap\daemon_mgm.exe

c:\program files\WinPCap\INSTALL.LOG

c:\program files\WinPCap\NetMonInstaller.exe

c:\program files\WinPCap\npf_mgm.exe

c:\program files\WinPCap\rpcapd.exe

c:\program files\WinPCap\Uninstall.exe

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

c:\windows\IE4 Error Log.txt

c:\windows\system32\dumphive.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VCCLSID.exe

c:\windows\system32\wbem\proquota.exe

c:\windows\zaponce52597.dat

c:\windows\zaponce52621.dat

c:\windows\zaponce52689.dat

c:\windows\system32\proquota.exe was missing

Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_PODMENA

-------\Legacy_PODMENADRV

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))

.

2009-06-19 21:10 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe

2009-06-19 21:10 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

2009-06-16 20:21 . 2009-06-16 20:21 1 ---h--w- c:\windows\jmmark2.dat

2009-06-16 20:21 . 2009-06-16 20:21 1 ---h--w- c:\windows\bf23567.dat

2009-06-12 00:18 . 2009-06-12 00:18 -------- d-----w- c:\program files\Trend Micro

2009-06-09 00:43 . 2009-06-09 00:43 -------- d-----w- c:\documents and settings\Andrew\Application Data\Malwarebytes

2009-06-09 00:43 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-09 00:43 . 2009-06-09 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-09 00:43 . 2009-06-09 00:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-09 00:43 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-31 18:58 . 2008-08-28 17:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys

2009-05-31 18:58 . 2009-05-31 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco

2009-05-31 18:58 . 2009-05-31 18:58 -------- d-----w- c:\program files\Raxco

2009-05-27 17:44 . 2009-05-27 17:44 622592 ----a-w- c:\documents and settings\Andrew\Application Data\Verizon\VSP\downloads\Verizon-Welcome-70-WithAdsTracking.41.zip.dir\all\tools\TCC.exe

2009-05-27 17:44 . 2009-05-27 17:44 622592 ----a-w- c:\documents and settings\Alicia\Application Data\Verizon\VSP\downloads\Verizon-Welcome-70-WithAdsTracking.41.zip.dir\all\tools\TCC.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-19 21:17 . 2008-12-18 20:47 42565408 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-19 21:17 . 2008-12-18 20:47 1796384 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-06-19 21:15 . 2008-12-18 20:47 169364 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-06-19 21:15 . 2008-12-18 20:47 571028 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-19 20:53 . 2006-02-21 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-06-16 20:13 . 2006-06-10 21:01 -------- d-----w- c:\documents and settings\Andrew\Application Data\AdobeUM

2009-06-12 05:21 . 2009-03-30 02:46 -------- d-----w- c:\documents and settings\Andrew\Application Data\LimeWire

2009-06-11 21:34 . 2006-02-21 12:39 -------- d-----w- c:\program files\Google

2009-06-04 17:50 . 2009-01-21 03:59 -------- d-----w- c:\program files\Soulseek

2009-05-31 19:00 . 2007-06-10 21:37 -------- d-----w- c:\documents and settings\Alicia\Application Data\Verizon

2009-05-31 19:00 . 2007-06-01 23:14 -------- d-----w- c:\documents and settings\Andrew\Application Data\Verizon

2009-05-31 18:58 . 2007-06-01 13:21 -------- d-----w- c:\program files\verizon

2009-05-31 18:57 . 2007-06-01 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon

2009-05-31 18:54 . 2006-02-21 12:29 -------- d-----w- c:\program files\InstallShield Installation Information

2009-05-07 15:32 . 2004-08-10 18:51 345600 ----a-w- c:\windows\system32\localspl.dll

2009-05-06 22:55 . 2006-03-16 04:26 24816 ----a-w- c:\documents and settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-06 22:52 . 2009-05-06 22:51 -------- d-----w- c:\program files\DivX

2009-05-06 22:51 . 2009-05-06 22:51 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-04-29 04:56 . 2004-08-10 18:51 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:55 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-25 21:54 . 2009-04-25 21:54 -------- d-----w- c:\documents and settings\Alicia\Application Data\Apple Computer

2009-04-25 21:54 . 2007-06-10 21:43 24816 ----a-w- c:\documents and settings\Alicia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-24 21:14 . 2009-04-23 00:01 -------- d-----w- c:\program files\Atlantis

2009-04-17 12:26 . 2004-08-10 18:51 1847168 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:51 . 2004-08-10 18:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-10 20:41 . 2006-12-14 16:26 56 --sh--r- c:\windows\system32\B40673F2C3.sys

2009-04-10 20:41 . 2006-12-14 16:26 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-03-11 936960]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-9 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Soulseek\\slsk.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8085:TCP"= 8085:TCP:podmena

R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/22/2008 4:58 PM 693512]

R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe [11/14/2008 6:28 PM 4937752]

R3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/22/2008 4:58 PM 910600]

R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [4/22/2009 10:38 AM 170736]

R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [11/14/2008 6:28 PM 161304]

R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [11/14/2008 6:28 PM 29720]

R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [11/14/2008 6:28 PM 27376]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:11 AM 10664]

S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]

.

Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-04-17 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p psc 2400 seriesA3652443A372B157BFD83129692C2C2475483DE7142632866.job

- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 23:50]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-NetZero_uoltray - c:\program files\NetZero\exec.exe

HKLM-Run-DXDllRegExe - dxdllreg.exe

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell

uInternet Settings,ProxyOverride = localhost

IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228

IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227

DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-19 17:16

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]

"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3076)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\verizon\Verizon Internet Security Suite\Fws.exe

c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\pctspk.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-06-19 17:21 - machine was rebooted

ComboFix-quarantined-files.txt 2009-06-19 21:21

Pre-Run: 42,824,192,000 bytes free

Post-Run: 43,481,485,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

204 --- E O F --- 2009-06-12 06:33

Link to post
Share on other sites

Well, when I updated Malewarebytes the screen disappeared and went to a new one saying installing Malewarebyes and went through all that. It has never done that before then a firewall alert came up and said that the executable or something has changed for Malewarebytes and this could be the result of a virus, also it said it could just be a result of upgrading the program so I chose to allow it and I am running a scan now but I not sure if my Malewarebytes has been comprimized now. Is this normal?

Link to post
Share on other sites

  • Staff

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

I stopped the scan and downloaded combofix and ran it again here is the log:

ComboFix 09-06-20.04 - Andrew 06/21/2009 16:30.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.118 [GMT -4:00]

Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2009-05-21 to 2009-06-21 )))))))))))))))))))))))))))))))

.

2009-06-21 19:49 . 2009-06-21 19:49 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-19 21:10 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe

2009-06-19 21:10 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

2009-06-16 20:21 . 2009-06-16 20:21 1 ---h--w- c:\windows\jmmark2.dat

2009-06-16 20:21 . 2009-06-16 20:21 1 ---h--w- c:\windows\bf23567.dat

2009-06-12 00:18 . 2009-06-12 00:18 -------- d-----w- c:\program files\Trend Micro

2009-06-09 00:43 . 2009-06-09 00:43 -------- d-----w- c:\documents and settings\Andrew\Application Data\Malwarebytes

2009-06-09 00:43 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-09 00:43 . 2009-06-09 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-09 00:43 . 2009-06-21 19:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-09 00:43 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-31 18:58 . 2008-08-28 17:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys

2009-05-31 18:58 . 2009-05-31 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco

2009-05-31 18:58 . 2009-05-31 18:58 -------- d-----w- c:\program files\Raxco

2009-05-27 17:44 . 2009-05-27 17:44 622592 ----a-w- c:\documents and settings\Andrew\Application Data\Verizon\VSP\downloads\Verizon-Welcome-70-WithAdsTracking.41.zip.dir\all\tools\TCC.exe

2009-05-27 17:44 . 2009-05-27 17:44 622592 ----a-w- c:\documents and settings\Alicia\Application Data\Verizon\VSP\downloads\Verizon-Welcome-70-WithAdsTracking.41.zip.dir\all\tools\TCC.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-21 20:36 . 2008-12-18 20:47 1806368 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-06-21 20:36 . 2008-12-18 20:47 42923808 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-20 00:10 . 2008-12-18 20:47 169796 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-06-20 00:10 . 2008-12-18 20:47 573548 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-19 22:47 . 2009-03-30 02:46 -------- d-----w- c:\documents and settings\Andrew\Application Data\LimeWire

2009-06-19 20:53 . 2006-02-21 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-06-16 20:13 . 2006-06-10 21:01 -------- d-----w- c:\documents and settings\Andrew\Application Data\AdobeUM

2009-06-11 21:34 . 2006-02-21 12:39 -------- d-----w- c:\program files\Google

2009-06-04 17:50 . 2009-01-21 03:59 -------- d-----w- c:\program files\Soulseek

2009-05-31 19:00 . 2007-06-10 21:37 -------- d-----w- c:\documents and settings\Alicia\Application Data\Verizon

2009-05-31 19:00 . 2007-06-01 23:14 -------- d-----w- c:\documents and settings\Andrew\Application Data\Verizon

2009-05-31 18:58 . 2007-06-01 13:21 -------- d-----w- c:\program files\verizon

2009-05-31 18:57 . 2007-06-01 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon

2009-05-31 18:54 . 2006-02-21 12:29 -------- d-----w- c:\program files\InstallShield Installation Information

2009-05-07 15:32 . 2004-08-10 18:51 345600 ----a-w- c:\windows\system32\localspl.dll

2009-05-06 22:55 . 2006-03-16 04:26 24816 ----a-w- c:\documents and settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-06 22:52 . 2009-05-06 22:51 -------- d-----w- c:\program files\DivX

2009-05-06 22:51 . 2009-05-06 22:51 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-04-29 04:56 . 2004-08-10 18:51 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:55 . 2004-08-10 18:51 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-25 21:54 . 2009-04-25 21:54 -------- d-----w- c:\documents and settings\Alicia\Application Data\Apple Computer

2009-04-25 21:54 . 2007-06-10 21:43 24816 ----a-w- c:\documents and settings\Alicia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-24 21:14 . 2009-04-23 00:01 -------- d-----w- c:\program files\Atlantis

2009-04-17 12:26 . 2004-08-10 18:51 1847168 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:51 . 2004-08-10 18:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-10 20:41 . 2006-12-14 16:26 56 --sh--r- c:\windows\system32\B40673F2C3.sys

2009-04-10 20:41 . 2006-12-14 16:26 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-03-11 936960]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]

"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-9 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Soulseek\\slsk.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8085:TCP"= 8085:TCP:podmena

R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/22/2008 4:58 PM 693512]

R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe [11/14/2008 6:28 PM 4937752]

R3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/22/2008 4:58 PM 910600]

R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [11/14/2008 6:28 PM 161304]

R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [11/14/2008 6:28 PM 29720]

R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [11/14/2008 6:28 PM 27376]

S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 11:11 AM 10664]

S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]

S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [4/22/2009 10:38 AM 170736]

.

Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-04-17 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p psc 2400 seriesA3652443A372B157BFD83129692C2C2475483DE7142632866.job

- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 23:50]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell

uInternet Settings,ProxyOverride = localhost

IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228

IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227

DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-21 16:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]

"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2356)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-06-21 16:38

ComboFix-quarantined-files.txt 2009-06-21 20:38

ComboFix2.txt 2009-06-19 21:21

Pre-Run: 43,399,540,736 bytes free

Post-Run: 43,441,119,232 bytes free

154 --- E O F --- 2009-06-12 06:33

Link to post
Share on other sites

I ran it yesterday after combofix here is the log:

Malwarebytes' Anti-Malware 1.38

Database version: 2319

Windows 5.1.2600 Service Pack 3

6/21/2009 7:34:18 PM

mbam-log-2009-06-21 (19-34-18).txt

Scan type: Quick Scan

Objects scanned: 133562

Time elapsed: 1 hour(s), 11 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\jmmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

And I just ran a full scan now to be safe here is the log:

Database version: 2323

Windows 5.1.2600 Service Pack 3

6/22/2009 7:02:30 PM

mbam-log-2009-06-22 (19-02-30).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 231037

Time elapsed: 2 hour(s), 27 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

It appears I still have the "Freddy 46" though in my msconfig startup

Link to post
Share on other sites

  • Staff

Hi,

It appears I still have the "Freddy 46" though in my msconfig startup
That's because you disabled it previously there. Scanners do not scan entries you already disabled.

To delete it, Open notepad and copy and paste next present in the quotebox below in it:

(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sysfbtray]

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Let me know in your next reply how things are now.

Link to post
Share on other sites

Thanks that got rid of it.

Everything seems great now but thats how it started I used Malewarebytes to clean everything then i would be connected to the internet reading an article or something then unprovocted, without clicking on anything or doing anything, my system would be flooded with a bunch of viruses every couple of days. But I never used combofix before and your other methods so I think it'll be fine. But if I encounter any problems should I post in this thread again or start a new one?

And thanks again!

Link to post
Share on other sites

  • Staff

Hi,

Good to hear.

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Yes, you can post back in this thread if you're still having the same problems within a couple of days. When it's longer than a couple of days, then I suggest you start a new thread instead since this means you got reinfected (with most probably something else as well)

Happy Surfing again! :P

Link to post
Share on other sites

  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.