Jump to content

Antivirus System Pro blocking programs


Recommended Posts

I already started a thread on this in the general forum (http://www.malwarebytes.org/forums/index.php?showtopic=17885&st=0&gopid=91749entry91749) but because of some problems I was told to make a thread here.

Basically it wouldn't let me run mbam.exe and now when I start my computer up it only shows my wallpaper and I don't have any access to my icons, the taskbar, or the start menu. The only way I got to these forums was by typing firefox.exe into "new task" on windows task manager. mbam.exe is still blocked, even when I tried to run it in safe mode with networking.

Any help is greatly appreciated.

Link to post
Share on other sites

Lets see if we can finish what we started elsewhere,sorry for the move but tools i would like you to try need to be used under guidance unless you are a very advanced user so we tend not to post this stuff in general forum :)

STEP 01

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:
You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.
Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

http://www.forospyware.com/sUBs/ComboFix.exe' rel="external nofollow">

Note:
The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.
Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

I tried downloading and running combofix.exe and I went to open it and nothing happened, so I redownloaded it to try again with another link, but it saved it as combofix(2).exe and it says I can't run it under that name, but I can't get to my desktop/any folders to rename it. I already printed out the instructions so now I just have to get it to run.

Link to post
Share on other sites

Ok this is definetly very tricky it appears.

Try downloading ComboFix again but save it as winlogon.exe

Boot into safe mode and use taskmanager to launch that file(if you have saved to desktop then it will be listed in desktop folder).

Lets see if that works :)

Link to post
Share on other sites

Ok, I was able to run by renaming it, but this time when I ran it, a message popped up saying something about files from a rootkit or something, and it gave me a list of files and told me to write them down as it may need them later, then it rebooted my computer and nothing happened when it started up. I re-ran the program and this time it said Deleting files: and went through a bunch, then ended at "could not find batch file" and then stopped doing anything.

This happens at the part when it says it's scanning for infected files. On the link you posted it says it should go through the stages, but instead does this. Oh, and I ran it in both normal mode and safe mode.

Link to post
Share on other sites

C:\WINDOWS\system32\drivers\UACaibiqhbtiyxwbdu.sys

C:\WINDOWS\system32\UACdqjomloeqwupfqm.dll

C:\WINDOWS\system32\UACosjnbajxqlixtfk.dat

C:\WINDOWS\system32\UACukckwktbtqtuxji.dll

C:\WINDOWS\system32\UACrifpllviburuboe.dll

C:\WINDOWS\system32\UACngyxkhoscdppakt.dll

C:\WINDOWS\system32\UACmxrqhdtxybmrkqn.db

C:\WINDOWS\system32\UACtchngrrskymdtta.dll

C:\WINDOWS\system32\UACkypycjlunobckdq.dll

C:\WINDOWS\system32\UACutswwxymyeltecu.log

C:\WINDOWS\system32\UACjgmgvmmrkfoyoam.log

C:\WINDOWS\system32\UACrrucjnwillbmttpm.log

That's what it told me to write down, I hope I didn't make any typos.

Link to post
Share on other sites

Oh joy CLB driver/WinNT Alureon infection onboard,

Right we are going to need to attack this one file inorder to kill the that rootkit infection

C:\WINDOWS\system32\drivers\UACaibiqhbtiyxwbdu.sys

Check the following walkthgrough as a guide>>>

http://www.malwarebytes.org/forums/index.php?showtopic=12709

Download and save Rootrepeal as svchost.exe to your desktop.

Use task manager to now launch RootRepeal(svchost.exe).

Run hidden file scan only, locate from the output listing UACaibiqhbtiyxwbdu.sys ,highlight the line and select wipe file option.

Once wipe performed then immediately restart the computer.

Open MBAM,update it and run quick scan.Allow it to delete what it finds and reboot the computer.

Rerun combofix as first instructed and post back the MBAM scan log+ ComboFix log + HiJackThis log.

Thanks in advance :P

Link to post
Share on other sites

I ran the scan the first time, and didn't see the file you mentioned, so I re-ran it, and this time it came up with less files it detected, but this is the report.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Time: 2009/06/21 16:06

Program Version: Version 1.3.0.0

Windows Version: Windows XP Media Center Edition SP2

==================================================

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\fabbtoltv.sys

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\str.sys

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol

Status: Could not get file information (Error 0xc0000008)

==EOF==

Link to post
Share on other sites

Ok maybe ComboFix hit out CLB variant but now there is anothe Rootkit file present.

If possible can you run Rootrepeal again,

Please use it to wipe the following file only,

Path: C:\WINDOWS\system32\drivers\fabbtoltv.sys

Reboot and check again if any of the tools are now working.

Link to post
Share on other sites

Ok just want to doublecheck at this point when i say are tools working i mean,will MBAM run or ComboFix complete its scan.

The lock out(s) will not be cured by removing malware,these are system settings that can addressed once the active malware has been removed.

Also is Rootrepeal still showing str.sys as hidden from WinAPI ?

Link to post
Share on other sites

Oh didn't know what you meant by tools, haha. But what a relief it is to see mbam run again. :P I'm going to reboot and run combokill next, here's the mbam log.

Malwarebytes' Anti-Malware 1.38

Database version: 2297

Windows 5.1.2600 Service Pack 2

6/21/2009 7:52:03 PM

mbam-log-2009-06-21 (19-52-03).txt

Scan type: Quick Scan

Objects scanned: 101422

Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 12

Registry Values Infected: 3

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{7ce793ca-d16f-4e25-b347-50aac438750c} (Trojan.Vundo.H) ->

Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7ce793ca-d16f-4e25-b347-50aac438750c}

(Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{e3c9ce04-ed8e-488a-b76b-9eef26b4f65c} (Trojan.Vundo.H) ->

Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e3c9ce04-ed8e-488a-b76b-9eef26b4f65c}

(Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127

ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted

successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8

cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted

successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c4863

5ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted

successfully.

HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650

-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2

-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18

\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2

-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent)

-> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net

(Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net

(Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net

(Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID

(Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad:

(C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good:

(Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted

successfully.

Files Infected:

C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted

successfully.

c:\WINDOWS\system32\rn.tmp (Trojan.Downloader) -> Quarantined and deleted

successfully.

c:\documents and settings\Owner\local settings\Temp\~TMB6.tmp

(Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\prun.tmp

(Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\local settings\Temp\owesrcanmx.tmp

(Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\UACda04.tmp (Trojan.TDSS) -> Quarantined and deleted

successfully.

C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and

deleted successfully.

c:\documents and settings\Owner\Desktop\winlogon.exe

(Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Awesome, now I have my desktop back, can't thank you enough :P Combokill worked and heres the report(sorry for the double post).

Also how do I get the HiJackThis log?

ComboFix 09-06-20.04 - Owner 06/21/2009 20:03.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.555 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Application Data\.#

c:\recycler\S-1-5-21-2376729691-3291624240-4135725320-500

c:\recycler\S-1-5-21-2926536862-2784431789-1591830859-500

c:\temp\1cb

C:\WinLogon

c:\documents and settings\Owner\Application Data\.#\MBX@270@B14950.###

c:\documents and settings\Owner\Application Data\.#\MBX@270@B14960.###

c:\documents and settings\Owner\Application Data\.#\MBX@270@B14970.###

c:\documents and settings\Owner\Application Data\.#\MBX@270@B14D50.###

c:\documents and settings\Owner\Application Data\.#\MBX@5D0@B148E0.###

c:\documents and settings\Owner\Application Data\.#\MBX@5D0@B148F0.###

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts

c:\windows\Tasks\fpwwnqzb.job

c:\winlogon\CfReboot.dat

c:\winlogon\d-del4AV.dat

c:\winlogon\d-delA.dat

c:\winlogon\drev.dat

c:\winlogon\ErrTrap1

c:\winlogon\LSPDone

c:\winlogon\mtee.cfexe

c:\winlogon\MWindows.dat

c:\winlogon\mynul.dat

c:\winlogon\mypictures.folder.dat

c:\winlogon\n.com

c:\winlogon\N_\11479

c:\winlogon\N_\19260

c:\winlogon\N_\20289

c:\winlogon\N_\26290

c:\winlogon\N_\3919

c:\winlogon\N_\8852

c:\winlogon\N_\9086

c:\winlogon\N_\9459

c:\winlogon\N_\9612

c:\winlogon\ND_.bat

c:\winlogon\ndis_combofix.dat

c:\winlogon\netsvc.bad.dat

c:\winlogon\netsvc.dat

c:\winlogon\NetworkService.dat

c:\winlogon\NirCmd.cfexe

c:\winlogon\Nircmd.com

c:\winlogon\NirCmdC.cfexe

c:\winlogon\NlsLanguageDefault

c:\winlogon\notifykeys.dat

c:\winlogon\NT-OS.cmd

c:\winlogon\NULL

c:\winlogon\OsId.txt

c:\winlogon\OSid.vbs

c:\winlogon\OsVer

c:\winlogon\Owner.user.cf

c:\winlogon\pend.txt

c:\winlogon\personal.folder.dat

c:\winlogon\pev.cfexe

c:\winlogon\pev.exe

c:\winlogon\Policies.dat

c:\winlogon\PreDIR

c:\winlogon\Prep.inf

c:\winlogon\ProcessKiLL00

c:\winlogon\ProcessKiLL01

c:\winlogon\Profiles.Folder.dat

c:\winlogon\progfile.dat

c:\winlogon\programs.folder.dat

c:\winlogon\Purity.dat

c:\winlogon\pv.cfexe

c:\winlogon\RCLink.dat

c:\winlogon\RcRdy

c:\winlogon\RcVer00

c:\winlogon\REGDACL.sed

c:\winlogon\RegDo.sed

c:\winlogon\region.dat

c:\winlogon\RegScan.cmd

c:\winlogon\regt.cfexe

c:\winlogon\Resident.txt

c:\winlogon\RestoreO4.bat

c:\winlogon\Rkey.cmd

c:\winlogon\rogues.dat

c:\winlogon\run.sed

c:\winlogon\run2.sed

c:\winlogon\Rust.str

c:\winlogon\safeboot.dat

c:\winlogon\safeboot.def.dat

c:\winlogon\safeboot.def.vista.dat

c:\winlogon\SafeBootRepair.bat

c:\winlogon\sed.cfexe

c:\winlogon\SetEnvmt.bat

c:\winlogon\SetPath.bat

c:\winlogon\setpath.cfexe

c:\winlogon\SF.exe

c:\winlogon\sfx.cmd

c:\winlogon\SnapShot.cmd

c:\winlogon\SRestore.cmd

c:\winlogon\srizbi.md5

c:\winlogon\startmenu.folder.dat

c:\winlogon\startup.folder.dat

c:\winlogon\SuppScan.cmd

c:\winlogon\Suspect_feixue

c:\winlogon\Suspect_ntfy.dat

c:\winlogon\svc_wht.dat

c:\winlogon\SvcDrv.vbs

c:\winlogon\svchost.dat

c:\winlogon\SvcTarget.dat

c:\winlogon\SWREG.cfexe

c:\winlogon\swreg.exe

c:\winlogon\swsc.cfexe

c:\winlogon\swxcacls.cfexe

c:\winlogon\SysPath.dat

c:\winlogon\system_ini.dat

c:\winlogon\tail.cfexe

c:\winlogon\templates.folder.dat

c:\winlogon\toolbar.sed

c:\winlogon\unhand.dat

c:\winlogon\v_wht.dat

c:\winlogon\version.txt

c:\winlogon\VInfo

c:\winlogon\ViPev00

c:\winlogon\ViPev01

c:\winlogon\vistareg.dat

c:\winlogon\vRun_DLL

c:\winlogon\vundonames.dat

c:\winlogon\w2kreg.dat

c:\winlogon\whitedir.dat

c:\winlogon\whitedirCreated.dat

c:\winlogon\Windir.dat

c:\winlogon\Wmi_rem.vbs

c:\winlogon\WowDone.dat

c:\winlogon\XP.mac

c:\winlogon\xpreg.dat

c:\winlogon\zDomain.dat

c:\winlogon\zhsvc.dat

c:\winlogon\zip.cfexe

c:\winlogon\Zlob01

D:\Autorun.inf

D:\Desktop.ini

c:\windows\system32\proquota.exe . . . is missing!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MSSECURITY1.209.4

-------\Legacy_TNIDRIVER

((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))

.

2009-06-20 03:01 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-06-20 03:01 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-06-20 03:01 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-06-20 03:01 . 2009-06-22 00:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-06-20 03:01 . 2009-06-20 03:01 -------- d-----w- c:\program files\Common Files\PC Tools

2009-06-20 03:01 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-06-20 03:01 . 2009-06-22 00:12 -------- d-----w- c:\program files\Spyware Doctor

2009-06-20 03:01 . 2009-06-20 03:01 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools

2009-06-20 03:01 . 2009-06-20 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-06-19 01:39 . 2009-06-19 01:39 174 ----a-w- C:\nm8912.bat

2009-06-19 01:39 . 2009-06-19 01:39 14336 ---h--w- c:\windows\ld10.exe

2009-06-19 01:39 . 2009-06-19 01:39 80128 ----a-w- c:\windows\system32\drivers\fabbtoltv.sys

2009-06-06 23:45 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-06 23:45 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-21 06:03 . 2008-09-08 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-06-20 15:14 . 2008-08-12 01:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-16 03:35 . 2006-04-23 20:45 -------- d-----w- c:\program files\Steam

2009-06-05 02:03 . 2006-05-08 00:14 10132 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat

2009-05-12 22:34 . 2005-01-10 01:26 86168 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-12 03:20 . 2009-05-12 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-05-12 03:18 . 2006-02-15 12:32 -------- d-----w- c:\program files\Microsoft Works

2009-05-12 03:18 . 2009-05-12 03:18 -------- d-----w- c:\program files\MSBuild

2009-05-12 03:16 . 2009-05-12 03:16 -------- d-----w- c:\program files\Microsoft.NET

2009-05-12 03:12 . 2009-05-12 03:12 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2009-05-07 20:12 . 2006-04-23 20:59 -------- d-----w- c:\program files\Graal

2007-04-09 02:41 . 2007-04-09 02:41 1458917 ----a-w- c:\program files\WinRAR.rar

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-03 2832280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]

"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]

"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]

"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]

"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]

"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]

"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-13 1121792]

"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]

"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-28 999424]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-13 180269]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-06-12 1181576]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]

"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-09 550912]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-14 14820864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-25 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2005-01-31 19:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Demo\\BF2142.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17243:TCP"= 17243:TCP:BitComet 17243 TCP

"17243:UDP"= 17243:UDP:BitComet 17243 UDP

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/19/2009 11:01 PM 130936]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/19/2009 11:01 PM 348752]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/16/2007 11:00 PM 24652]

S1 sfloppyy;sfloppyy;c:\windows\system32\drivers\sfloppyy.sys --> c:\windows\system32\drivers\sfloppyy.sys [?]

S2 ejicdaf;ejicdaf;c:\windows\system32\drivers\fabbtoltv.sys [6/18/2009 9:39 PM 80128]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

.

Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-08 23:30]

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-21 20:18

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)

c:\progra~1\COMMON~1\Stardock\mcpstub.dll

- - - - - - - > 'explorer.exe'(5996)

c:\program files\Spyware Doctor\pctgmhk.dll

c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll

c:\progra~1\mcafee.com\vso\McVSSkt.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\progra~1\COMMON~1\stardock\MCPCore.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\aolshare\aolshcpy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\COMMON~1\stardock\SDMCP.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\McAfee.com\Agent\Mcdetect.exe

c:\progra~1\McAfee.com\Agent\McTskshd.exe

c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe

c:\progra~1\McAfee.com\VSO\McVSEscn.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\Spyware Doctor\pctsSvc.exe

c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe

c:\windows\system32\ZuneBusEnum.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Zune\ZuneNss.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\windows\system32\dllhost.exe

c:\progra~1\McAfee.com\PERSON~1\MpfService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

**************************************************************************

.

Completion time: 2009-06-22 20:29 - machine was rebooted

ComboFix-quarantined-files.txt 2009-06-22 00:28

Pre-Run: 68,838,322,176 bytes free

Post-Run: 72,846,827,520 bytes free

350 --- E O F --- 2009-01-15 08:02

Link to post
Share on other sites

Cool looks like were well on our way now the tools are operational :P

[*]Please download this program Trend Micro HijackThis to your desktop.

[*]Double-click on it to run and install it.

[*]Then launch the program and click on Do a system scan and save a logfile. This log file will open in Notepad.

[*]Copy and paste the contents of that file into your next post.

Link to post
Share on other sites

Ok, here's the HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:40:03 AM, on 6/22/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Viewpoint\Common\ViewpointService.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\zHotkey.exe

C:\Program Files\Digital Media Reader\readericon45G.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Registry Mechanic\RegMech.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe

O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 10939 bytes

Link to post
Share on other sites

Well no more hoops to jump through :P

Here's some handy reading tho Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

We hope our application has helped you eradicate this malicious Malware.

If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.

Safe surfing :P

Link to post
Share on other sites

Awesome then, thanks for putting in so much time to help me out, my computer would have been like dead by now if it wasn't for you guys, haha. And, I'm definitely going to buy the full version, mostly because you were so helpful and willing to do it for free. :P

Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.