Jump to content

Can't scan


Recommended Posts

Hello all, and thanks in advance for the help.

I think I've been afflicted with the nasty little rootkit that seems to be going around. Here are my symptoms, which probably are beginning to sound familiar:

When I try to scan with MalwareBytes, HiJackThis, RootRepel, etc., the window disappears after a few seconds and the program becomes essentially locked; if I try to click on the icon, I get a message saying, bascially, that I don't have permission to access the file. This happens in normal and in safe mode.

I've tried running D.D.S. -- again in normal and safe mode -- but it never produces a log.

Oh, and here's the most obvious symptom: Written on the background on my desktop is "DANGER!!! YOU ARE INFECTED ..."

SuperAntiSpyware will run just fine, but it does not detect the problem.

I'm able to run GMAER about 80 percent of the way through before it quits. I stopped a scan before it quit and captured a log, which I will post below.

Again, thanks for any help you can offer:

GMER 1.0.15.15020 [88nztk45[1].exe] - http://www.gmer.net

Rootkit scan 2009-08-10 16:43:13

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

SSDT 82EF3358 ZwConnectPort

SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAAE92350]

SSDT 82E18628 ZwQueryValueKey

SSDT 82DAAF38 ZwResumeThread

SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAAE92580]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\BTHUSB \Device\0000009c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\BTHUSB \Device\0000009e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [564] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [584] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.exe [1012] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1340] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1420] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1524] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [1604] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1616] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [1760] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\PROGRA~1\SYMANT~1\VPTray.exe [1768] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\Program Files\DNA\btdna.exe [1792] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [2036] 0x35670000

Library \\?\globalroot\Device\__max++>\2E0054EE.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [4040] 0x35670000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0010c6960890 (not active ControlSet)

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c6960890

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164173906a

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0010c6960890 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00164173906a (not active ControlSet)

Reg HKLM\SOFTWARE\Classes\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}\InProcServer32@ C:\WINDOWS\system32\iehelper.dll

Reg HKLM\SOFTWARE\Classes\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}\InProcServer32@ThreadingModel Apartment

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hi NeedHelp, Welcome to Malwarebytes :(

Please download this tool by sUBs, and save it to your desktop.

  • Close any applications that you have open, as your computer will be rebooted
  • Double click +++.exe to run the tool
  • When it has run it will reboot your computer, you may then delete the tool

Then try running CF, make sure you delete the current ComboFix you have first:

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hello, and thanks for the help.

Unfortunately, I can't run Combofix. The green status bar comes up, then disappears.

Just to be sure it didn't work, I went to c:combofix looking for a log. There was none. I also tried running it in safe mode with no success.

Also, I downloaded the +++.exe tool and ran it first. It said it didn't find any infections and therefore did not restart my computer.

Link to post
Share on other sites

Hi NeedHelp,

Step #1

1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

@echo off

copy C:\WINDOWS\system32\dllcache\scecli.dll c:\scecli.dll

Exit

3. Save the file as "fixes.bat". Make sure to save it with the quotation marks.

4. Double click fixes.bat.

Step #2

We need to execute an Avenger2 script

Note to users reading this topic! This script was created specificly for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  1. Please download The Avenger2 by SwanDog46.
  2. Unzip avenger.exe to your desktop.
  3. Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    Files to move:c:\scecli.dll | C:\WINDOWS\system32\scecli.dll


  4. Now start The Avenger2 by double clicking avenger.exe on your desktop.
  5. Read the prompt that appears, and press OK.
  6. Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  7. Press the "Execute" button.
  8. You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  9. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

Step #3

Now try running ComboFix and Malwarebytes, then post the logs here.

Link to post
Share on other sites

Thanks for the help, Spy. The good news is that everything worked. But wow, what a mess. As you can see, MalwareBytes found more than 50 infected files.

Here are the logs:

Avenger:

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File move operation "c:\scecli.dll|C:\WINDOWS\system32\scecli.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Combofix:

ComboFix 09-08-10.06 - iorizzp 2009-08-11 17:00.9.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.216 [GMT -4:00]

Running from: c:\documents and settings\iorizzp\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\-1132837576

c:\documents and settings\iorizzp\Application Data\EurekaLog

c:\documents and settings\iorizzp\nah_qkuj.exe

c:\program files\AskSearch\bin\DefaultSearch.dll

c:\program files\Mozilla Firefox\extensions\{62C54186-F506-43F5-9F60-01652338F84C}

c:\program files\Mozilla Firefox\extensions\{62C54186-F506-43F5-9F60-01652338F84C}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{62C54186-F506-43F5-9F60-01652338F84C}\chrome\content\overlay.xul

c:\program files\Mozilla Firefox\extensions\{62C54186-F506-43F5-9F60-01652338F84C}\install.rdf

c:\program files\Mozilla Firefox\searchplugins\search.xml

C:\vkywt.exe

c:\windows\system32\enumusul.ini

c:\windows\system32\odipojin.ini

c:\windows\system32\opumuyep.ini

c:\windows\system32\wisdstr.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))

.

2009-08-11 19:56 . 2009-08-11 20:02 -------- d-----w- C:\VIPRERESCUE1

2009-08-11 16:39 . 2009-08-11 20:02 0 ----a-w- c:\windows\system32\SBRC.dat

2009-08-11 16:38 . 2009-03-17 17:26 65320 ----a-w- c:\windows\system32\sbbd.exe

2009-08-11 16:38 . 2008-10-22 21:08 92464 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-08-11 16:38 . 2009-08-11 16:43 -------- d-----w- C:\VIPRERESCUE

2009-08-10 15:01 . 2009-08-11 16:54 -------- d-----w- c:\program files\Malewarebytes

2009-08-09 21:07 . 2009-08-09 21:08 -------- d-----w- c:\program files\MBytes

2009-08-09 03:42 . 2009-08-09 03:42 -------- d-----w- c:\program files\MBam

2009-08-09 03:26 . 2009-06-18 16:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys

2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\documents and settings\iorizzp\Application Data\GRETECH

2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\program files\GRETECH

2009-08-08 21:03 . 2009-08-08 21:03 -------- d-----w- c:\program files\Sophos

2009-08-08 20:45 . 2009-08-08 20:45 0 ----a-w- C:\settings.dat

2009-08-08 19:33 . 2009-08-08 19:33 -------- d-----w- c:\program files\install.com

2009-08-08 18:17 . 2009-08-08 18:18 -------- d-----w- c:\program files\ThisOne

2009-08-08 12:22 . 2009-08-08 12:22 -------- d-----w- c:\program files\mine

2009-08-08 12:19 . 2009-08-08 12:19 -------- d-----w- c:\program files\tryingagain

2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\Iorizzoee

2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\IorizzoHi

2009-08-07 02:58 . 2009-08-07 02:59 -------- d-----w- c:\program files\MyAPP

2009-08-07 02:55 . 2009-08-07 02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3

2009-08-07 02:45 . 2009-08-07 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2009-08-06 22:04 . 2009-08-06 22:04 19968 ----a-w- c:\program files\Common Files\axerylym.bin

2009-08-06 22:04 . 2009-08-06 22:04 17536 ----a-w- c:\windows\xecyc.bin

2009-08-06 22:04 . 2009-08-06 22:04 17175 ----a-w- c:\windows\system32\efakihumux.scr

2009-08-06 22:04 . 2009-08-06 22:04 17014 ----a-w- c:\windows\ikyqupezak.bin

2009-08-06 22:04 . 2009-08-06 22:04 14386 ----a-w- c:\program files\Common Files\aqitulu.bin

2009-08-06 22:04 . 2009-08-06 22:04 12867 ----a-w- c:\program files\Common Files\apaxuj.dat

2009-08-06 22:04 . 2009-08-06 22:04 11025 ----a-w- c:\program files\Common Files\oxut.scr

2009-08-06 22:04 . 2009-08-06 22:04 10944 ----a-w- c:\windows\ahidi.exe

2009-08-06 22:04 . 2009-08-06 22:04 16910 ----a-w- c:\program files\Common Files\lixuneg.vbs

2009-08-06 21:50 . 2009-08-06 21:50 -------- d-----w- C:\_OTM

2009-08-06 21:29 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images

2009-08-06 21:09 . 2009-08-06 21:48 4 ----a-w- c:\windows\system32\bincd32.dat

2009-08-06 21:09 . 2009-08-06 21:50 2 ----a-w- c:\windows\ppp3.dat

2009-08-06 21:09 . 2009-08-06 21:50 64 ----a-w- c:\windows\ppp4.dat

2009-08-06 21:09 . 2009-08-06 21:09 36 ----a-w- c:\windows\system32\sysnet.dat

2009-08-06 21:08 . 2009-08-06 21:13 -------- d-----w- c:\program files\Windows Antivirus Pro

2009-08-06 19:33 . 2009-08-06 19:33 90624 ----a-w- C:\criqmsck.exe

2009-08-06 19:33 . 2009-08-06 19:33 27136 ----a-w- C:\ibts.exe

2009-08-06 19:32 . 2009-08-06 23:12 19456 ----a-w- C:\hcel.exe

2009-08-06 19:32 . 2009-08-06 23:12 19456 ----a-w- C:\niawndos.exe

2009-08-05 22:24 . 2009-08-09 02:09 -------- d-----w- c:\documents and settings\iorizzp\Application Data\vlc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-11 21:09 . 2008-12-27 18:02 -------- d-----w- c:\program files\DNA

2009-08-11 21:09 . 2008-12-27 18:02 -------- d-----w- c:\documents and settings\iorizzp\Application Data\DNA

2009-08-11 15:30 . 2009-03-13 03:12 117760 ----a-w- c:\documents and settings\iorizzp\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-08-11 13:49 . 2008-09-06 14:56 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-07 13:16 . 2008-12-07 20:04 -------- d-----w- c:\program files\Trend Micro

2009-08-06 22:04 . 2009-08-06 22:04 16580 ----a-w- c:\program files\Common Files\aguhipib.inf

2009-08-06 22:04 . 2009-08-06 22:04 14741 ----a-w- c:\program files\Common Files\yzod._sy

2009-08-06 22:04 . 2009-08-06 22:04 10879 ----a-w- c:\program files\Common Files\ojywohahuf.ban

2009-08-06 22:04 . 2009-08-06 22:04 10477 ----a-w- c:\documents and settings\All Users\Application Data\ofusyteku.bin

2009-08-06 22:00 . 2008-12-10 04:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-06 22:00 . 2009-02-15 18:18 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-03 17:36 . 2008-12-10 04:45 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 17:36 . 2008-12-10 04:45 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-29 03:34 . 2009-05-29 03:34 11410 ----a-w- c:\documents and settings\iorizzp\Application Data\CyberLink\msgdi.dll

2009-05-29 03:34 . 2009-05-29 03:34 10121 ----a-w- c:\documents and settings\iorizzp\Application Data\Identities\kern.dll

2009-05-29 03:34 . 2009-05-29 03:34 16141 ----a-w- c:\documents and settings\iorizzp\Application Data\BitZipper\lego.exe

2009-05-29 03:34 . 2009-05-29 03:34 145131 ----a-w- c:\documents and settings\iorizzp\Application Data\Apple Computer\nomad.exe

2009-05-29 03:34 . 2009-05-29 03:34 422 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeUM\socks1.exe

2009-05-29 03:34 . 2009-05-29 03:34 13221 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeAUM\rengo.dll

2009-05-29 03:34 . 2009-05-29 03:34 11232 ----a-w- c:\documents and settings\iorizzp\Application Data\Adobe\shalom.exe

2009-03-27 13:10 . 1601-01-01 00:12 61440 --sha-w- c:\windows\system32\vetidika.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-27 342848]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-1-17 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-08-08 18816]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-06-22 106808]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-03-19 87936]

R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2009-03-25 58240]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-08-11 92464]

.

Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-11 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.espn.com/

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mStart Page = hxxp://www.google.com

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: tusharep

Trusted Zone: TUPATCHLINK01

Trusted Zone: tusharep

FF - ProfilePath - c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\

FF - plugin: c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-11 17:09

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\2.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}\InProcServer32]

@DACL=(02 0000)

@="c:\\WINDOWS\\system32\\iehelper.dll"

"ThreadingModel"="Apartment"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\windows\system32\WLTRYSVC.EXE

c:\windows\system32\BCMWLTRY.EXE

c:\windows\system32\scardsvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\rundll32.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Symantec AntiVirus\DoScan.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

.

**************************************************************************

.

Completion time: 2009-08-11 17:15 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-11 21:15

Pre-Run: 69,131,862,016 bytes free

Post-Run: 69,170,700,288 bytes free

223 --- E O F --- 2009-03-06 14:49

MalwareBytes:

Malwarebytes' Anti-Malware 1.40

Database version: 2605

Windows 5.1.2600 Service Pack 2

2009-08-11 17:57:55

mbam-log-2009-08-11 (17-57-55).txt

Scan type: Full Scan (C:\|)

Objects scanned: 129898

Time elapsed: 36 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 4

Files Infected: 47

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.FakeAlert) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Documents and Settings\iorizzp\Start Menu\Programs\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

Files Infected:

C:\criqmsck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\hcel.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\ibts.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\niawndos.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Program Files\Windows Antivirus Pro\tmp\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\vkywt.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.

C:\_OTM\MovedFiles\08062009_175040\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

C:\_OTM\MovedFiles\08062009_175040\WINDOWS\system32\desot.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\msvcm80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\msvcp80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\msvcr80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\wispex.html (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\i1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\i2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\i3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\j1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\j2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\j3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\jj1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\jj2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\jj3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\l1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\l2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\l3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\pix.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\t1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\t2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\up1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\up2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\w1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\w11.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\w2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.jpg (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\wt1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\wt2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\tmp\images\wt3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Documents and Settings\iorizzp\Start Menu\Programs\Windows AntiVirus Pro\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\onhelp.htm (Rogue.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi NeedHelp,

Glad the steps worked. Yes your computer is very infected.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

c:\program files\Common Files\yzod._sy

c:\program files\Common Files\ojywohahuf.ban

c:\documents and settings\All Users\Application Data\ofusyteku.bin

c:\program files\Common Files\axerylym.bin

c:\windows\xecyc.bin

c:\windows\system32\efakihumux.scr

c:\windows\ikyqupezak.bin

c:\program files\Common Files\aqitulu.bin

c:\program files\Common Files\apaxuj.dat

c:\program files\Common Files\oxut.scr

c:\windows\ahidi.exe

c:\program files\Common Files\lixuneg.vbs

Folder::

c:\program files\Windows Antivirus Pro

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Spy, I can't thank you enough for your help. Here is the log you requested:

ComboFix 09-08-10.06 - iorizzp 2009-08-11 23:25.10.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.197 [GMT -4:00]

Running from: c:\documents and settings\iorizzp\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\iorizzp\Desktop\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::

"c:\documents and settings\All Users\Application Data\ofusyteku.bin"

"c:\program files\Common Files\apaxuj.dat"

"c:\program files\Common Files\aqitulu.bin"

"c:\program files\Common Files\axerylym.bin"

"c:\program files\Common Files\lixuneg.vbs"

"c:\program files\Common Files\ojywohahuf.ban"

"c:\program files\Common Files\oxut.scr"

"c:\program files\Common Files\yzod._sy"

"c:\windows\ahidi.exe"

"c:\windows\ikyqupezak.bin"

"c:\windows\system32\efakihumux.scr"

"c:\windows\xecyc.bin"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\ofusyteku.bin

c:\program files\Common Files\apaxuj.dat

c:\program files\Common Files\aqitulu.bin

c:\program files\Common Files\axerylym.bin

c:\program files\Common Files\lixuneg.vbs

c:\program files\Common Files\ojywohahuf.ban

c:\program files\Common Files\oxut.scr

c:\program files\Common Files\yzod._sy

c:\windows\ahidi.exe

c:\windows\ikyqupezak.bin

c:\windows\system32\efakihumux.scr

c:\windows\xecyc.bin

.

((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))

.

2009-08-11 23:15 . 2009-08-11 23:15 -------- d-----w- c:\windows\ServicePackFiles

2009-08-11 21:18 . 2009-08-11 21:18 -------- d-----w- c:\program files\MalwareBytes

2009-08-11 19:56 . 2009-08-11 20:02 -------- d-----w- C:\VIPRERESCUE1

2009-08-11 16:39 . 2009-08-11 20:02 0 ----a-w- c:\windows\system32\SBRC.dat

2009-08-11 16:38 . 2009-03-17 17:26 65320 ----a-w- c:\windows\system32\sbbd.exe

2009-08-11 16:38 . 2008-10-22 21:08 92464 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-08-11 16:38 . 2009-08-11 16:43 -------- d-----w- C:\VIPRERESCUE

2009-08-10 15:01 . 2009-08-11 16:54 -------- d-----w- c:\program files\Malewarebytes

2009-08-09 21:07 . 2009-08-09 21:08 -------- d-----w- c:\program files\MBytes

2009-08-09 03:42 . 2009-08-09 03:42 -------- d-----w- c:\program files\MBam

2009-08-09 03:26 . 2009-06-18 16:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys

2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\documents and settings\iorizzp\Application Data\GRETECH

2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\program files\GRETECH

2009-08-08 21:03 . 2009-08-08 21:03 -------- d-----w- c:\program files\Sophos

2009-08-08 20:45 . 2009-08-08 20:45 0 ----a-w- C:\settings.dat

2009-08-08 19:33 . 2009-08-08 19:33 -------- d-----w- c:\program files\install.com

2009-08-08 18:17 . 2009-08-08 18:18 -------- d-----w- c:\program files\ThisOne

2009-08-08 12:22 . 2009-08-08 12:22 -------- d-----w- c:\program files\mine

2009-08-08 12:19 . 2009-08-08 12:19 -------- d-----w- c:\program files\tryingagain

2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\Iorizzoee

2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\IorizzoHi

2009-08-07 02:58 . 2009-08-07 02:59 -------- d-----w- c:\program files\MyAPP

2009-08-07 02:55 . 2009-08-07 02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3

2009-08-07 02:45 . 2009-08-07 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2009-08-06 21:50 . 2009-08-06 21:50 -------- d-----w- C:\_OTM

2009-08-06 21:29 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images

2009-08-05 22:24 . 2009-08-09 02:09 -------- d-----w- c:\documents and settings\iorizzp\Application Data\vlc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-12 03:27 . 2008-12-27 18:02 -------- d-----w- c:\documents and settings\iorizzp\Application Data\DNA

2009-08-12 03:17 . 2008-12-27 18:02 -------- d-----w- c:\program files\DNA

2009-08-11 15:30 . 2009-03-13 03:12 117760 ----a-w- c:\documents and settings\iorizzp\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-08-11 13:49 . 2008-09-06 14:56 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-07 13:16 . 2008-12-07 20:04 -------- d-----w- c:\program files\Trend Micro

2009-08-06 22:04 . 2009-08-06 22:04 16580 ----a-w- c:\program files\Common Files\aguhipib.inf

2009-08-06 22:00 . 2008-12-10 04:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-06 22:00 . 2009-02-15 18:18 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-05 09:11 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 17:36 . 2008-12-10 04:45 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 17:36 . 2008-12-10 04:45 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-29 04:53 . 2004-08-04 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:53 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-17 18:55 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 06:18 . 2004-08-04 10:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-26 16:18 . 2006-03-04 03:33 659456 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 16:18 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-25 18:36 . 2004-08-04 10:00 95744 ----a-w- c:\windows\system32\mqsec.dll

2009-06-25 18:36 . 2004-08-04 10:00 661504 ----a-w- c:\windows\system32\mqqm.dll

2009-06-25 18:36 . 2004-08-04 10:00 517120 ----a-w- c:\windows\system32\mqsnap.dll

2009-06-25 18:36 . 2004-08-04 10:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll

2009-06-25 18:36 . 2004-08-04 10:00 471552 ----a-w- c:\windows\system32\mqutil.dll

2009-06-25 18:36 . 2004-08-04 10:00 47104 ----a-w- c:\windows\system32\mqdscli.dll

2009-06-25 18:36 . 2004-08-04 10:00 225280 ----a-w- c:\windows\system32\mqoa.dll

2009-06-25 18:36 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\mqtrig.dll

2009-06-25 18:36 . 2004-08-04 10:00 177152 ----a-w- c:\windows\system32\mqrt.dll

2009-06-25 18:36 . 2004-08-04 10:00 16896 ----a-w- c:\windows\system32\mqise.dll

2009-06-25 18:36 . 2004-08-04 10:00 138240 ----a-w- c:\windows\system32\mqad.dll

2009-06-25 18:36 . 2004-08-04 10:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll

2009-06-22 11:49 . 2004-08-04 10:00 19968 ----a-w- c:\windows\system32\mqbkup.exe

2009-06-22 11:49 . 2004-08-04 10:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe

2009-06-22 11:49 . 2004-08-04 10:00 4608 ----a-w- c:\windows\system32\mqsvc.exe

2009-06-22 11:48 . 2004-08-04 10:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys

2009-06-12 11:50 . 2004-08-04 10:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 11:50 . 2004-08-04 10:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:21 . 2004-08-04 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:32 . 2004-08-04 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 07:42 . 2007-03-19 22:31 655872 ----a-w- c:\windows\system32\mstscax.dll

2009-06-03 19:27 . 2004-08-04 10:00 1290752 ----a-w- c:\windows\system32\quartz.dll

2009-05-29 03:34 . 2009-05-29 03:34 11410 ----a-w- c:\documents and settings\iorizzp\Application Data\CyberLink\msgdi.dll

2009-05-29 03:34 . 2009-05-29 03:34 10121 ----a-w- c:\documents and settings\iorizzp\Application Data\Identities\kern.dll

2009-05-29 03:34 . 2009-05-29 03:34 16141 ----a-w- c:\documents and settings\iorizzp\Application Data\BitZipper\lego.exe

2009-05-29 03:34 . 2009-05-29 03:34 145131 ----a-w- c:\documents and settings\iorizzp\Application Data\Apple Computer\nomad.exe

2009-05-29 03:34 . 2009-05-29 03:34 422 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeUM\socks1.exe

2009-05-29 03:34 . 2009-05-29 03:34 13221 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeAUM\rengo.dll

2009-05-29 03:34 . 2009-05-29 03:34 11232 ----a-w- c:\documents and settings\iorizzp\Application Data\Adobe\shalom.exe

2009-03-27 13:10 . 1601-01-01 00:12 61440 --sha-w- c:\windows\system32\vetidika.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-08-11_21.10.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-03-19 22:39 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe

+ 2008-02-19 15:28 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll

- 2008-02-19 15:28 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll

+ 2004-08-04 10:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 55808 c:\windows\system32\secur32.dll

+ 2004-08-04 10:00 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe

+ 2006-03-04 03:33 . 2009-06-26 16:18 39424 c:\windows\system32\pngfilt.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 39424 c:\windows\system32\pngfilt.dll

+ 2004-08-04 10:00 . 2009-08-12 03:21 41238 c:\windows\system32\perfc009.dat

- 2004-08-04 10:00 . 2009-08-11 21:02 41238 c:\windows\system32\perfc009.dat

+ 2007-03-19 22:31 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll

+ 2004-08-04 10:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll

- 2004-08-04 10:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll

- 2007-03-19 22:31 . 2004-08-04 10:00 58880 c:\windows\system32\msdtclog.dll

+ 2007-03-19 22:31 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll

- 2004-08-04 10:00 . 2008-10-16 10:37 16384 c:\windows\system32\jsproxy.dll

+ 2004-08-04 10:00 . 2009-06-26 16:18 16384 c:\windows\system32\jsproxy.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 96256 c:\windows\system32\inseng.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 96256 c:\windows\system32\inseng.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 55808 c:\windows\system32\extmgr.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 55808 c:\windows\system32\extmgr.dll

+ 2004-08-04 10:00 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe

+ 2004-08-04 10:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe

+ 2004-08-04 10:00 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 55808 c:\windows\system32\dllcache\secur32.dll

+ 2004-08-04 10:00 . 2009-02-06 09:54 35328 c:\windows\system32\dllcache\sc.exe

- 2006-03-04 03:33 . 2008-10-16 10:37 39424 c:\windows\system32\dllcache\pngfilt.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 39424 c:\windows\system32\dllcache\pngfilt.dll

+ 2007-03-19 22:31 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll

+ 2004-08-04 10:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll

- 2004-08-04 10:00 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll

+ 2007-03-19 22:31 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll

- 2007-03-19 22:31 . 2004-08-04 10:00 58880 c:\windows\system32\dllcache\msdtclog.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll

- 2004-08-04 10:00 . 2007-07-06 12:46 48640 c:\windows\system32\dllcache\mqupgrd.dll

- 2004-08-04 10:00 . 2007-07-06 12:46 95744 c:\windows\system32\dllcache\mqsec.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll

- 2004-08-04 10:00 . 2007-07-06 12:46 16896 c:\windows\system32\dllcache\mqise.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll

- 2004-08-04 10:00 . 2007-07-06 12:46 47104 c:\windows\system32\dllcache\mqdscli.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 19968 c:\windows\system32\dllcache\mqbkup.exe

+ 2004-08-04 10:00 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe

+ 2004-08-04 10:00 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys

- 2004-08-04 10:00 . 2008-10-16 10:37 16384 c:\windows\system32\dllcache\jsproxy.dll

+ 2004-08-04 10:00 . 2009-06-26 16:18 16384 c:\windows\system32\dllcache\jsproxy.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 96256 c:\windows\system32\dllcache\inseng.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 96256 c:\windows\system32\dllcache\inseng.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 81920 c:\windows\system32\dllcache\ieencode.dll

+ 2004-08-04 10:00 . 2009-06-26 16:18 81920 c:\windows\system32\dllcache\ieencode.dll

- 2007-03-19 22:33 . 2008-10-15 09:45 18432 c:\windows\system32\dllcache\iedw.exe

+ 2007-03-19 22:33 . 2009-06-22 11:38 18432 c:\windows\system32\dllcache\iedw.exe

+ 2004-08-04 10:00 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 55808 c:\windows\system32\dllcache\extmgr.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 55808 c:\windows\system32\dllcache\extmgr.dll

+ 2007-03-19 22:31 . 2005-07-26 04:20 60416 c:\windows\system32\dllcache\colbact.dll

- 2007-03-19 22:31 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll

+ 2004-08-04 10:00 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 84992 c:\windows\system32\dllcache\avifil32.dll

+ 2004-08-04 10:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 58880 c:\windows\system32\dllcache\atl.dll

+ 2007-03-19 22:31 . 2005-07-26 04:20 60416 c:\windows\system32\colbact.dll

- 2007-03-19 22:31 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 4608 c:\windows\system32\dllcache\mqsvc.exe

+ 2004-08-04 10:00 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe

+ 2007-03-19 22:36 . 2009-06-22 11:26 352768 c:\windows\system32\xpsp3res.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 351232 c:\windows\system32\winhttp.dll

+ 2004-08-04 10:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll

+ 2007-03-19 22:31 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe

+ 2007-03-19 22:31 . 2009-02-10 22:31 453120 c:\windows\system32\wbem\wmiprvsd.dll

+ 2007-03-19 22:31 . 2009-02-09 10:01 473088 c:\windows\system32\wbem\fastprox.dll

+ 2006-03-18 11:09 . 2009-06-26 16:18 616448 c:\windows\system32\urlmon.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 474112 c:\windows\system32\shlwapi.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 474112 c:\windows\system32\shlwapi.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll

+ 2004-08-04 10:00 . 2009-02-06 10:22 110592 c:\windows\system32\services.exe

+ 2004-08-04 10:00 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll

- 2004-08-04 10:00 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll

+ 2004-08-04 10:00 . 2009-02-09 10:01 401408 c:\windows\system32\rpcss.dll

+ 2004-08-04 10:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll

- 2004-08-04 10:00 . 2007-07-09 13:09 584192 c:\windows\system32\rpcrt4.dll

+ 2004-08-04 10:00 . 2009-08-12 03:21 315076 c:\windows\system32\perfh009.dat

- 2004-08-04 10:00 . 2009-08-11 21:02 315076 c:\windows\system32\perfh009.dat

+ 2004-08-04 10:00 . 2009-03-06 14:00 284160 c:\windows\system32\pdh.dll

+ 2004-08-04 10:00 . 2009-02-09 10:01 715264 c:\windows\system32\ntdll.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 532480 c:\windows\system32\mstime.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 532480 c:\windows\system32\mstime.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 146432 c:\windows\system32\msrating.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 146432 c:\windows\system32\msrating.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 449024 c:\windows\system32\mshtmled.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 449024 c:\windows\system32\mshtmled.dll

+ 2007-03-19 22:31 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll

+ 2007-03-19 22:31 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll

+ 2007-03-19 22:31 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll

+ 2004-08-04 10:00 . 2009-02-09 10:01 728576 c:\windows\system32\lsasrv.dll

+ 2004-08-04 10:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll

+ 2004-08-04 10:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 251392 c:\windows\system32\iepeers.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 251392 c:\windows\system32\iepeers.dll

+ 2007-03-19 17:18 . 2009-08-12 02:46 254272 c:\windows\system32\FNTCACHE.DAT

- 2007-03-19 17:18 . 2009-02-13 14:52 254272 c:\windows\system32\FNTCACHE.DAT

+ 2006-03-04 03:33 . 2009-06-26 16:18 205312 c:\windows\system32\dxtrans.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 205312 c:\windows\system32\dxtrans.dll

+ 2004-08-04 10:00 . 2009-06-26 16:18 357888 c:\windows\system32\dxtmsft.dll

- 2004-08-04 10:00 . 2008-10-16 10:37 357888 c:\windows\system32\dxtmsft.dll

+ 2007-03-19 22:31 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe

+ 2004-08-04 10:00 . 2009-07-13 06:18 233472 c:\windows\system32\dllcache\wmpdxm.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 233472 c:\windows\system32\dllcache\wmpdxm.dll

+ 2007-03-19 22:31 . 2009-02-06 09:41 227840 c:\windows\system32\dllcache\wmiprvse.exe

+ 2007-03-19 22:31 . 2009-02-10 22:31 453120 c:\windows\system32\dllcache\wmiprvsd.dll

- 2004-08-04 10:00 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll

+ 2004-08-04 10:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 659456 c:\windows\system32\dllcache\wininet.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 659456 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 351232 c:\windows\system32\dllcache\winhttp.dll

+ 2004-08-04 10:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll

+ 2006-03-18 11:09 . 2009-06-26 16:18 616448 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 10:00 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 474112 c:\windows\system32\dllcache\shlwapi.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 474112 c:\windows\system32\dllcache\shlwapi.dll

+ 2004-08-04 10:00 . 2009-02-06 10:22 110592 c:\windows\system32\dllcache\services.exe

- 2004-08-04 10:00 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll

+ 2004-08-04 10:00 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll

+ 2004-08-04 10:00 . 2009-02-09 10:01 401408 c:\windows\system32\dllcache\rpcss.dll

- 2004-08-04 10:00 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll

+ 2004-08-04 10:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll

+ 2004-08-04 10:00 . 2009-03-06 14:00 284160 c:\windows\system32\dllcache\pdh.dll

+ 2004-08-04 10:00 . 2009-02-09 10:01 715264 c:\windows\system32\dllcache\ntdll.dll

+ 2004-08-04 10:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll

+ 2007-03-19 22:31 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 532480 c:\windows\system32\dllcache\mstime.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 532480 c:\windows\system32\dllcache\mstime.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 146432 c:\windows\system32\dllcache\msrating.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 146432 c:\windows\system32\dllcache\msrating.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 449024 c:\windows\system32\dllcache\mshtmled.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 449024 c:\windows\system32\dllcache\mshtmled.dll

+ 2007-03-19 22:31 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll

+ 2007-03-19 22:31 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll

+ 2007-03-19 22:31 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll

- 2004-08-04 10:00 . 2007-07-06 12:46 471552 c:\windows\system32\dllcache\mqutil.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 186880 c:\windows\system32\dllcache\mqtrig.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll

+ 2004-08-04 10:00 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe

- 2004-08-04 10:00 . 2004-08-04 10:00 117248 c:\windows\system32\dllcache\mqtgsvc.exe

+ 2004-08-04 10:00 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 123392 c:\windows\system32\dllcache\mqrtdep.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll

- 2004-08-04 10:00 . 2007-07-06 12:46 177152 c:\windows\system32\dllcache\mqrt.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll

- 2004-08-04 10:00 . 2004-08-04 10:00 225280 c:\windows\system32\dllcache\mqoa.dll

- 2004-08-04 10:00 . 2007-07-06 12:46 138240 c:\windows\system32\dllcache\mqad.dll

+ 2004-08-04 10:00 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll

+ 2004-08-04 10:00 . 2009-02-09 10:01 728576 c:\windows\system32\dllcache\lsasrv.dll

+ 2004-08-04 10:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll

+ 2004-08-04 10:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 251392 c:\windows\system32\dllcache\iepeers.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 251392 c:\windows\system32\dllcache\iepeers.dll

+ 2007-03-19 22:31 . 2009-02-09 10:01 473088 c:\windows\system32\dllcache\fastprox.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 205312 c:\windows\system32\dllcache\dxtrans.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 205312 c:\windows\system32\dllcache\dxtrans.dll

- 2004-08-04 10:00 . 2008-10-16 10:37 357888 c:\windows\system32\dllcache\dxtmsft.dll

+ 2004-08-04 10:00 . 2009-06-26 16:18 357888 c:\windows\system32\dllcache\dxtmsft.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 151040 c:\windows\system32\dllcache\cdfview.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 151040 c:\windows\system32\dllcache\cdfview.dll

+ 2004-08-04 10:00 . 2009-02-09 10:01 617984 c:\windows\system32\dllcache\advapi32.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 151040 c:\windows\system32\cdfview.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 151040 c:\windows\system32\cdfview.dll

+ 2004-08-04 10:00 . 2009-02-09 10:01 617984 c:\windows\system32\advapi32.dll

+ 2004-08-04 10:00 . 2009-07-13 06:18 4960256 c:\windows\system32\wmp.dll

+ 2004-08-04 10:00 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys

+ 2006-03-30 09:16 . 2009-07-18 16:20 1506304 c:\windows\system32\shdocvw.dll

+ 2005-03-30 01:23 . 2009-02-06 10:32 2186112 c:\windows\system32\ntoskrnl.exe

- 2005-03-30 01:01 . 2008-08-14 09:18 2062976 c:\windows\system32\ntkrnlpa.exe

+ 2005-03-30 01:01 . 2009-02-06 09:49 2062976 c:\windows\system32\ntkrnlpa.exe

+ 2006-03-23 17:32 . 2009-07-18 16:20 3062272 c:\windows\system32\mshtml.dll

+ 2004-08-04 10:00 . 2009-07-13 06:18 4960256 c:\windows\system32\dllcache\wmp.dll

+ 2004-08-04 10:00 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys

+ 2006-03-30 09:16 . 2009-07-18 16:20 1506304 c:\windows\system32\dllcache\shdocvw.dll

+ 2004-08-04 10:00 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll

+ 2006-12-19 16:51 . 2009-02-06 10:32 2186112 c:\windows\system32\dllcache\ntoskrnl.exe

- 2006-12-19 16:12 . 2008-08-14 09:18 2020864 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2006-12-19 16:12 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe

- 2006-12-19 16:12 . 2008-08-14 09:18 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2006-12-19 16:12 . 2009-02-06 09:49 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2006-12-19 16:49 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2006-12-19 16:49 . 2008-08-14 09:55 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2007-03-19 22:33 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll

+ 2006-03-23 17:32 . 2009-07-18 16:20 3062272 c:\windows\system32\dllcache\mshtml.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 1054208 c:\windows\system32\dllcache\danim.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 1054208 c:\windows\system32\dllcache\danim.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 1023488 c:\windows\system32\dllcache\browseui.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 1023488 c:\windows\system32\dllcache\browseui.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 1054208 c:\windows\system32\danim.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 1054208 c:\windows\system32\danim.dll

+ 2006-03-04 03:33 . 2009-06-26 16:18 1023488 c:\windows\system32\browseui.dll

- 2006-03-04 03:33 . 2008-10-16 10:37 1023488 c:\windows\system32\browseui.dll

+ 2007-03-19 22:37 . 2009-02-06 10:32 2186112 c:\windows\Driver Cache\i386\ntoskrnl.exe

- 2007-03-19 22:37 . 2008-08-14 09:18 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2007-03-19 22:37 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2007-03-19 22:37 . 2008-08-14 09:18 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2007-03-19 22:37 . 2009-02-06 09:49 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2007-03-19 22:37 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe

- 2007-03-19 22:37 . 2008-08-14 09:55 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-27 342848]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-1-17 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-08-08 18816]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-06-22 106808]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-03-19 87936]

R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2009-03-25 58240]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-08-11 92464]

.

Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-12 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.espn.com/

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mStart Page = hxxp://www.google.com

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: tusharep

Trusted Zone: TUPATCHLINK01

Trusted Zone: tusharep

FF - ProfilePath - c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\

FF - plugin: c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-11 23:31

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP00000087766C166AE8AF171C 524288 bytes

scan completed successfully

hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\2.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}\InProcServer32]

@DACL=(02 0000)

@="c:\\WINDOWS\\system32\\iehelper.dll"

"ThreadingModel"="Apartment"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

Completion time: 2009-08-12 23:33

ComboFix-quarantined-files.txt 2009-08-12 03:33

ComboFix2.txt 2009-08-11 21:15

Pre-Run: 68,744,839,168 bytes free

Post-Run: 68,720,021,504 bytes free

434 --- E O F --- 2009-08-11 23:19

Link to post
Share on other sites

You're welcome ;)

Launch Malwarebytes' Anti-Malware

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Run ESET Online Scan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

      You can refer to this animation by neomage if needed.
Link to post
Share on other sites

Here are the logs. As you can see, the ESET scan found some more bugs:

MalwareBytes:

Malwarebytes' Anti-Malware 1.40

Database version: 2615

Windows 5.1.2600 Service Pack 2

2009-08-13 09:43:09

mbam-log-2009-08-13 (09-43-09).txt

Scan type: Quick Scan

Objects scanned: 96915

Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.FakeAlert) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESET:

C:\Program Files\Mozilla Firefox\~.exe a variant of Win32/Kryptik.OH trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\autorun.inf.vir Win32/AutoRun.Agent.BE worm cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\iorizzp\nah_qkuj.exe.vir a variant of Win32/Kryptik.OE trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\iorizzp\Application Data\Google\mccklrp32.dll.vir Win32/TrojanDownloader.FakeAlert.YR trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\iorizzp\Application Data\Google\spclpt32.dll.vir Win32/TrojanDownloader.FakeAlert.YR trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Documents and Settings\iorizzp\Application Data\MACROM~1\Common\439200261.dll.vir Win32/Agent.OYR trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\enumusul.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\odipojin.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\opumuyep.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Common\439200261.dll.vir Win32/Agent.OYR trojan cleaned by deleting - quarantined

C:\System Volume Information\_restore{E9A67910-857F-4CCB-85D7-0D25030036F6}\RP1\A0000159.exe a variant of Win32/Kryptik.OH trojan cleaned by deleting - quarantined

C:\WINDOWS\system32\vetidika.exe Win32/Agent.PDG trojan cleaned by deleting - quarantined

Link to post
Share on other sites

How is your computer running?

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Link to post
Share on other sites

Hi Spy,

Thank you so much for all the help! The computer is running great now.

Couple things with RSIT, though: It couldn't run HiJackThis, because the file is still locked from the virus. I can't delete that version of HiJack this, either, because it says my access is denied. (Same, by the way, for the old versions of MalwareBytes that I had installed and tried to rename; I can't do anything with them.) Also, only one log popped up -- log.txt. I'm not sure if that's because of the problem running HiJackThis.

In any case, here is the log:

Logfile of random's system information tool 1.06 (written by random/random)

Run by iorizzp at 2009-08-13 17:33:11

Microsoft Windows XP Professional Service Pack 2

System drive C: has 65 GB (86%) free of 76 GB

Total RAM: 503 MB (17% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]

"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-27 342848]

"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDrives"=0

"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:mbam"

"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt"

"C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe"="C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe:*:Enabled:VZAccess Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

======List of files/folders created in the last 1 months======

2009-08-13 09:53:01 ----D---- C:\Program Files\ESET

2009-08-11 23:57:38 ----SHD---- C:\RECYCLER

2009-08-11 23:33:55 ----A---- C:\ComboFix.txt

2009-08-11 23:31:05 ----D---- C:\WINDOWS\temp

2009-08-11 19:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2009-08-11 19:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2009-08-11 19:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$

2009-08-11 19:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$

2009-08-11 19:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2009-08-11 19:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$

2009-08-11 19:17:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-08-11 19:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$

2009-08-11 19:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2009-08-11 19:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2009-08-11 19:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$

2009-08-11 19:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2009-08-11 19:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$

2009-08-11 19:16:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

2009-08-11 19:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2009-08-11 19:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

2009-08-11 19:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2009-08-11 19:15:18 ----D---- C:\WINDOWS\ServicePackFiles

2009-08-11 19:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$

2009-08-11 19:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2009-08-11 19:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2009-08-11 19:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

2009-08-11 19:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$

2009-08-11 19:14:07 ----A---- C:\WINDOWS\imsins.BAK

2009-08-11 19:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

2009-08-11 17:18:32 ----D---- C:\Program Files\MalwareBytes

2009-08-11 16:59:25 ----A---- C:\WINDOWS\PEV.exe

2009-08-11 15:56:44 ----D---- C:\VIPRERESCUE1

2009-08-11 12:38:53 ----A---- C:\WINDOWS\system32\sbbd.exe

2009-08-11 12:38:24 ----D---- C:\VIPRERESCUE

2009-08-10 11:01:48 ----D---- C:\Program Files\Malewarebytes

2009-08-09 17:07:58 ----D---- C:\Program Files\MBytes

2009-08-08 23:42:14 ----D---- C:\Program Files\MBam

2009-08-08 21:44:59 ----D---- C:\Documents and Settings\iorizzp\Application Data\GRETECH

2009-08-08 21:44:07 ----D---- C:\Program Files\GRETECH

2009-08-08 17:03:24 ----D---- C:\Program Files\Sophos

2009-08-08 15:33:17 ----D---- C:\Program Files\install.com

2009-08-08 14:17:15 ----D---- C:\Program Files\ThisOne

2009-08-08 08:22:09 ----D---- C:\Program Files\mine

2009-08-08 08:19:05 ----D---- C:\Program Files\tryingagain

2009-08-08 08:18:35 ----D---- C:\Program Files\Iorizzoee

2009-08-08 08:18:05 ----D---- C:\Program Files\IorizzoHi

2009-08-06 22:58:36 ----D---- C:\Program Files\MyAPP

2009-08-06 22:55:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware3

2009-08-06 22:45:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2

2009-08-06 17:50:40 ----D---- C:\_OTM

2009-08-06 17:29:24 ----AD---- C:\WINDOWS\system32\images

2009-08-05 18:24:02 ----D---- C:\Documents and Settings\iorizzp\Application Data\vlc

======List of files/folders modified in the last 1 months======

2009-08-13 17:32:26 ----D---- C:\WINDOWS\Prefetch

2009-08-13 17:32:20 ----D---- C:\Program Files\Trend Micro

2009-08-13 17:24:56 ----D---- C:\Documents and Settings\iorizzp\Application Data\DNA

2009-08-13 12:41:22 ----D---- C:\Program Files\Mozilla Firefox

2009-08-13 11:56:24 ----D---- C:\WINDOWS\system32

2009-08-13 09:54:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-08-13 09:53:17 ----SD---- C:\WINDOWS\Tasks

2009-08-13 09:53:01 ----RD---- C:\Program Files

2009-08-13 09:50:08 ----D---- C:\Program Files\DNA

2009-08-13 09:49:55 ----D---- C:\WINDOWS

2009-08-13 09:48:48 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-13 09:31:05 ----HD---- C:\WINDOWS\inf

2009-08-13 09:30:49 ----D---- C:\WINDOWS\system32\CatRoot2

2009-08-12 09:45:19 ----HD---- C:\WINDOWS\$hf_mig$

2009-08-12 00:19:36 ----A---- C:\WINDOWS\ModemLog_PANTECH PC Card (UDP).txt

2009-08-11 23:34:01 ----D---- C:\Qoobox

2009-08-11 23:31:26 ----A---- C:\WINDOWS\system.ini

2009-08-11 23:30:55 ----D---- C:\Program Files\Common Files

2009-08-11 23:29:11 ----D---- C:\WINDOWS\system32\drivers

2009-08-11 23:29:10 ----D---- C:\WINDOWS\AppPatch

2009-08-11 23:23:37 ----SHD---- C:\System Volume Information

2009-08-11 23:23:37 ----D---- C:\WINDOWS\system32\Restore

2009-08-11 22:46:06 ----D---- C:\WINDOWS\system32\wbem

2009-08-11 22:46:05 ----D---- C:\WINDOWS\system32\Setup

2009-08-11 19:19:32 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-08-11 19:18:48 ----D---- C:\Program Files\Internet Explorer

2009-08-11 19:15:45 ----D---- C:\Program Files\Outlook Express

2009-08-11 17:07:46 ----D---- C:\WINDOWS\system32\config

2009-08-11 17:07:32 ----D---- C:\WINDOWS\ERDNT

2009-08-11 12:52:55 ----SHD---- C:\WINDOWS\CSC

2009-08-11 09:49:46 ----D---- C:\Program Files\SUPERAntiSpyware

2009-08-08 21:35:28 ----D---- C:\WINDOWS\Registration

2009-08-06 18:00:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-05 05:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll

2009-07-29 00:53:14 ----A---- C:\WINDOWS\system32\t2embed.dll

2009-07-29 00:53:14 ----A---- C:\WINDOWS\system32\fontsub.dll

2009-07-28 22:18:54 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt

2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\shdocvw.dll

2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\mshtml.dll

2009-07-17 14:55:28 ----A---- C:\WINDOWS\system32\atl.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []

R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []

R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]

R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-08-23 121472]

R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]

R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]

R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]

R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070622.033\naveng.sys []

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070622.033\navex15.sys []

R3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-04-01 27520]

R3 PTDCMdm;PANTECH PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-04-01 41728]

R3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-04-01 39808]

R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver; C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys [2007-04-30 58240]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]

R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]

R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []

R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]

S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]

S3 catchme;catchme; \??\C:\DOCUME~1\iorizzp\LOCALS~1\Temp\catchme.sys []

S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]

S3 mbr;mbr; \??\C:\DOCUME~1\iorizzp\LOCALS~1\Temp\mbr.sys []

S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\2.tmp []

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]

S3 pxfhbus;PANTECH PC Card Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\pxfhbus.sys []

S3 pxfhmdfl;PANTECH PC Card Filter; C:\WINDOWS\system32\DRIVERS\pxfhmdfl.sys []

S3 pxfhmdm;PANTECH PC Card Drivers; C:\WINDOWS\system32\DRIVERS\pxfhmdm.sys []

S3 pxfhserd;PANTECH PC Card Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\pxfhserd.sys []

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []

S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []

S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []

S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]

R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]

S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]

S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]

S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

Link to post
Share on other sites

Looks like there is still some leftover drivers from the infection.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::

MEMSWEEP2

mbr

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Here is the log:

ComboFix 09-08-10.06 - iorizzp 2009-08-13 18:25.11.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.263 [GMT -4:00]

Running from: c:\documents and settings\iorizzp\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\iorizzp\Desktop\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MBR

-------\Legacy_MEMSWEEP2

-------\Service_mbr

-------\Service_MEMSWEEP2

((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))

.

2009-08-13 13:53 . 2009-08-13 13:53 -------- d-----w- c:\program files\ESET

2009-08-11 23:15 . 2009-08-11 23:15 -------- d-----w- c:\windows\ServicePackFiles

2009-08-11 21:18 . 2009-08-11 21:18 -------- d-----w- c:\program files\MalwareBytes

2009-08-11 19:56 . 2009-08-11 20:02 -------- d-----w- C:\VIPRERESCUE1

2009-08-11 16:39 . 2009-08-11 20:02 0 ----a-w- c:\windows\system32\SBRC.dat

2009-08-11 16:38 . 2009-03-17 17:26 65320 ----a-w- c:\windows\system32\sbbd.exe

2009-08-11 16:38 . 2008-10-22 21:08 92464 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-08-11 16:38 . 2009-08-11 16:43 -------- d-----w- C:\VIPRERESCUE

2009-08-10 15:01 . 2009-08-11 16:54 -------- d-----w- c:\program files\Malewarebytes

2009-08-09 21:07 . 2009-08-09 21:08 -------- d-----w- c:\program files\MBytes

2009-08-09 03:42 . 2009-08-09 03:42 -------- d-----w- c:\program files\MBam

2009-08-09 03:26 . 2009-06-18 16:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys

2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\documents and settings\iorizzp\Application Data\GRETECH

2009-08-09 01:44 . 2009-08-09 01:44 -------- d-----w- c:\program files\GRETECH

2009-08-08 21:03 . 2009-08-08 21:03 -------- d-----w- c:\program files\Sophos

2009-08-08 20:45 . 2009-08-08 20:45 0 ----a-w- C:\settings.dat

2009-08-08 19:33 . 2009-08-08 19:33 -------- d-----w- c:\program files\install.com

2009-08-08 18:17 . 2009-08-08 18:18 -------- d-----w- c:\program files\ThisOne

2009-08-08 12:22 . 2009-08-08 12:22 -------- d-----w- c:\program files\mine

2009-08-08 12:19 . 2009-08-08 12:19 -------- d-----w- c:\program files\tryingagain

2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\Iorizzoee

2009-08-08 12:18 . 2009-08-08 12:18 -------- d-----w- c:\program files\IorizzoHi

2009-08-07 02:58 . 2009-08-07 02:59 -------- d-----w- c:\program files\MyAPP

2009-08-07 02:55 . 2009-08-07 02:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3

2009-08-07 02:45 . 2009-08-07 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2009-08-06 21:50 . 2009-08-06 21:50 -------- d-----w- C:\_OTM

2009-08-06 21:29 . 2008-11-27 22:47 -------- d---a-w- c:\windows\system32\images

2009-08-05 22:24 . 2009-08-12 19:50 -------- d-----w- c:\documents and settings\iorizzp\Application Data\vlc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-13 22:33 . 2008-12-27 18:02 -------- d-----w- c:\program files\DNA

2009-08-13 22:33 . 2008-12-27 18:02 -------- d-----w- c:\documents and settings\iorizzp\Application Data\DNA

2009-08-13 21:32 . 2008-12-07 20:04 -------- d-----w- c:\program files\Trend Micro

2009-08-11 15:30 . 2009-03-13 03:12 117760 ----a-w- c:\documents and settings\iorizzp\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-08-11 13:49 . 2008-09-06 14:56 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-06 22:04 . 2009-08-06 22:04 16580 ----a-w- c:\program files\Common Files\aguhipib.inf

2009-08-06 22:00 . 2008-12-10 04:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-06 22:00 . 2009-02-15 18:18 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-05 09:11 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 17:36 . 2008-12-10 04:45 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 17:36 . 2008-12-10 04:45 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-29 04:53 . 2004-08-04 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:53 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-17 18:55 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 06:18 . 2004-08-04 10:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-26 16:18 . 2006-03-04 03:33 659456 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 16:18 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-25 18:36 . 2004-08-04 10:00 95744 ----a-w- c:\windows\system32\mqsec.dll

2009-06-25 18:36 . 2004-08-04 10:00 661504 ----a-w- c:\windows\system32\mqqm.dll

2009-06-25 18:36 . 2004-08-04 10:00 517120 ----a-w- c:\windows\system32\mqsnap.dll

2009-06-25 18:36 . 2004-08-04 10:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll

2009-06-25 18:36 . 2004-08-04 10:00 471552 ----a-w- c:\windows\system32\mqutil.dll

2009-06-25 18:36 . 2004-08-04 10:00 47104 ----a-w- c:\windows\system32\mqdscli.dll

2009-06-25 18:36 . 2004-08-04 10:00 225280 ----a-w- c:\windows\system32\mqoa.dll

2009-06-25 18:36 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\mqtrig.dll

2009-06-25 18:36 . 2004-08-04 10:00 177152 ----a-w- c:\windows\system32\mqrt.dll

2009-06-25 18:36 . 2004-08-04 10:00 16896 ----a-w- c:\windows\system32\mqise.dll

2009-06-25 18:36 . 2004-08-04 10:00 138240 ----a-w- c:\windows\system32\mqad.dll

2009-06-25 18:36 . 2004-08-04 10:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll

2009-06-22 11:49 . 2004-08-04 10:00 19968 ----a-w- c:\windows\system32\mqbkup.exe

2009-06-22 11:49 . 2004-08-04 10:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe

2009-06-22 11:49 . 2004-08-04 10:00 4608 ----a-w- c:\windows\system32\mqsvc.exe

2009-06-22 11:48 . 2004-08-04 10:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys

2009-06-12 11:50 . 2004-08-04 10:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 11:50 . 2004-08-04 10:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:21 . 2004-08-04 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:32 . 2004-08-04 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 07:42 . 2007-03-19 22:31 655872 ----a-w- c:\windows\system32\mstscax.dll

2009-06-03 19:27 . 2004-08-04 10:00 1290752 ----a-w- c:\windows\system32\quartz.dll

2009-05-29 03:34 . 2009-05-29 03:34 11410 ----a-w- c:\documents and settings\iorizzp\Application Data\CyberLink\msgdi.dll

2009-05-29 03:34 . 2009-05-29 03:34 10121 ----a-w- c:\documents and settings\iorizzp\Application Data\Identities\kern.dll

2009-05-29 03:34 . 2009-05-29 03:34 16141 ----a-w- c:\documents and settings\iorizzp\Application Data\BitZipper\lego.exe

2009-05-29 03:34 . 2009-05-29 03:34 145131 ----a-w- c:\documents and settings\iorizzp\Application Data\Apple Computer\nomad.exe

2009-05-29 03:34 . 2009-05-29 03:34 422 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeUM\socks1.exe

2009-05-29 03:34 . 2009-05-29 03:34 13221 ----a-w- c:\documents and settings\iorizzp\Application Data\AdobeAUM\rengo.dll

2009-05-29 03:34 . 2009-05-29 03:34 11232 ----a-w- c:\documents and settings\iorizzp\Application Data\Adobe\shalom.exe

.

((((((((((((((((((((((((((((( SnapShot_2009-08-12_03.31.26 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-08-04 10:00 . 2009-08-12 03:21 41238 c:\windows\system32\perfc009.dat

+ 2004-08-04 10:00 . 2009-08-13 13:54 41238 c:\windows\system32\perfc009.dat

- 2009-08-11 21:07 . 2009-08-11 21:07 86016 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat

+ 2009-08-13 22:30 . 2009-08-13 22:30 86016 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat

+ 2009-08-13 22:30 . 2009-08-13 22:30 12288 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat

- 2009-08-11 21:07 . 2009-08-11 21:07 12288 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat

- 2009-08-11 21:07 . 2009-08-11 21:07 12288 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat

+ 2009-08-13 22:30 . 2009-08-13 22:30 12288 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat

- 2004-08-04 10:00 . 2009-08-12 03:21 315076 c:\windows\system32\perfh009.dat

+ 2004-08-04 10:00 . 2009-08-13 13:54 315076 c:\windows\system32\perfh009.dat

+ 2009-08-13 22:30 . 2009-08-13 22:30 786432 c:\windows\ERDNT\subs\Users\00000007\ntuser.dat

+ 2009-08-13 22:30 . 2009-08-13 22:30 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT

- 2009-08-11 21:07 . 2009-08-11 21:07 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT

- 2009-08-11 21:07 . 2009-08-11 21:07 258048 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT

+ 2009-08-13 22:30 . 2009-08-13 22:30 258048 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT

+ 2009-08-13 22:30 . 2009-08-13 22:30 3108864 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat

- 2009-08-11 21:07 . 2009-08-11 21:07 3108864 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-27 342848]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-1-17 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 19:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Program Files\\Verizon Wireless\\VZAccess Manager\\VZAccess Manager.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-08-08 18816]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-06-22 106808]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-03-19 87936]

R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2009-03-25 58240]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-08-11 92464]

.

Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.espn.com/

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mStart Page = hxxp://www.google.com

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: tusharep

Trusted Zone: TUPATCHLINK01

Trusted Zone: tusharep

FF - ProfilePath - c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\

FF - plugin: c:\documents and settings\iorizzp\Application Data\Mozilla\Firefox\Profiles\96sw40zv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-13 18:33

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ABD42510-9B22-41cd-9DCD-8182A2D07C63}\InProcServer32]

@DACL=(02 0000)

@="c:\\WINDOWS\\system32\\iehelper.dll"

"ThreadingModel"="Apartment"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\windows\system32\WLTRYSVC.EXE

c:\windows\system32\BCMWLTRY.EXE

c:\windows\system32\scardsvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\rundll32.exe

c:\windows\system32\igfxsrvc.exe

.

**************************************************************************

.

Completion time: 2009-08-13 18:38 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-13 22:38

ComboFix2.txt 2009-08-12 03:33

ComboFix3.txt 2009-08-11 21:15

Pre-Run: 68,514,910,208 bytes free

Post-Run: 68,536,496,128 bytes free

235 --- E O F --- 2009-08-11 23:19

Link to post
Share on other sites

Here's the MBAM log:

Malwarebytes' Anti-Malware 1.40

Database version: 2618

Windows 5.1.2600 Service Pack 2

2009-08-13 20:51:59

mbam-log-2009-08-13 (20-51-59).txt

Scan type: Quick Scan

Objects scanned: 97382

Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.FakeAlert) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And here's the RSIT log (again, it couldn't run HiJackThis):

Logfile of random's system information tool 1.06 (written by random/random)

Run by iorizzp at 2009-08-13 20:52:28

Microsoft Windows XP Professional Service Pack 2

System drive C: has 65 GB (86%) free of 76 GB

Total RAM: 503 MB (50% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]

"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\MalwareBytes\mbam.exe [2009-08-03 1295632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-27 342848]

"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDrives"=0

"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:mbam"

"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt"

"C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe"="C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe:*:Enabled:VZAccess Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

======List of files/folders created in the last 1 months======

2009-08-13 18:38:15 ----A---- C:\ComboFix.txt

2009-08-13 18:30:14 ----D---- C:\WINDOWS\temp

2009-08-13 09:53:01 ----D---- C:\Program Files\ESET

2009-08-11 19:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2009-08-11 19:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2009-08-11 19:19:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$

2009-08-11 19:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$

2009-08-11 19:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2009-08-11 19:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$

2009-08-11 19:17:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-08-11 19:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$

2009-08-11 19:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2009-08-11 19:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2009-08-11 19:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$

2009-08-11 19:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2009-08-11 19:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$

2009-08-11 19:16:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

2009-08-11 19:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2009-08-11 19:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

2009-08-11 19:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2009-08-11 19:15:18 ----D---- C:\WINDOWS\ServicePackFiles

2009-08-11 19:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$

2009-08-11 19:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2009-08-11 19:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2009-08-11 19:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

2009-08-11 19:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$

2009-08-11 19:14:07 ----A---- C:\WINDOWS\imsins.BAK

2009-08-11 19:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

2009-08-11 17:18:32 ----D---- C:\Program Files\MalwareBytes

2009-08-11 16:59:25 ----A---- C:\WINDOWS\PEV.exe

2009-08-11 15:56:44 ----D---- C:\VIPRERESCUE1

2009-08-11 12:38:53 ----A---- C:\WINDOWS\system32\sbbd.exe

2009-08-11 12:38:24 ----D---- C:\VIPRERESCUE

2009-08-10 11:01:48 ----D---- C:\Program Files\Malewarebytes

2009-08-09 17:07:58 ----D---- C:\Program Files\MBytes

2009-08-08 23:42:14 ----D---- C:\Program Files\MBam

2009-08-08 21:44:59 ----D---- C:\Documents and Settings\iorizzp\Application Data\GRETECH

2009-08-08 21:44:07 ----D---- C:\Program Files\GRETECH

2009-08-08 17:03:24 ----D---- C:\Program Files\Sophos

2009-08-08 15:33:17 ----D---- C:\Program Files\install.com

2009-08-08 14:17:15 ----D---- C:\Program Files\ThisOne

2009-08-08 08:22:09 ----D---- C:\Program Files\mine

2009-08-08 08:19:05 ----D---- C:\Program Files\tryingagain

2009-08-08 08:18:35 ----D---- C:\Program Files\Iorizzoee

2009-08-08 08:18:05 ----D---- C:\Program Files\IorizzoHi

2009-08-06 22:58:36 ----D---- C:\Program Files\MyAPP

2009-08-06 22:55:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware3

2009-08-06 22:45:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2

2009-08-06 17:50:40 ----D---- C:\_OTM

2009-08-06 17:29:24 ----AD---- C:\WINDOWS\system32\images

2009-08-05 18:24:02 ----D---- C:\Documents and Settings\iorizzp\Application Data\vlc

======List of files/folders modified in the last 1 months======

2009-08-13 20:51:46 ----D---- C:\Documents and Settings\iorizzp\Application Data\DNA

2009-08-13 20:45:44 ----D---- C:\WINDOWS\system32

2009-08-13 20:45:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-08-13 20:44:53 ----SD---- C:\WINDOWS\Tasks

2009-08-13 20:44:23 ----D---- C:\WINDOWS\Prefetch

2009-08-13 20:41:42 ----D---- C:\Program Files\DNA

2009-08-13 20:41:27 ----D---- C:\WINDOWS

2009-08-13 18:40:01 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-13 18:38:21 ----D---- C:\WINDOWS\system32\drivers

2009-08-13 18:37:19 ----D---- C:\Qoobox

2009-08-13 18:35:39 ----HD---- C:\WINDOWS\inf

2009-08-13 18:35:12 ----D---- C:\WINDOWS\system32\CatRoot2

2009-08-13 18:33:13 ----A---- C:\WINDOWS\system.ini

2009-08-13 18:30:46 ----D---- C:\WINDOWS\system32\config

2009-08-13 18:30:32 ----D---- C:\WINDOWS\ERDNT

2009-08-13 18:28:47 ----D---- C:\WINDOWS\AppPatch

2009-08-13 18:28:40 ----D---- C:\Program Files\Common Files

2009-08-13 17:32:20 ----D---- C:\Program Files\Trend Micro

2009-08-13 12:41:22 ----D---- C:\Program Files\Mozilla Firefox

2009-08-13 09:53:01 ----RD---- C:\Program Files

2009-08-12 09:45:19 ----HD---- C:\WINDOWS\$hf_mig$

2009-08-12 00:19:36 ----A---- C:\WINDOWS\ModemLog_PANTECH PC Card (UDP).txt

2009-08-11 23:23:37 ----SHD---- C:\System Volume Information

2009-08-11 23:23:37 ----D---- C:\WINDOWS\system32\Restore

2009-08-11 22:46:06 ----D---- C:\WINDOWS\system32\wbem

2009-08-11 22:46:05 ----D---- C:\WINDOWS\system32\Setup

2009-08-11 19:19:32 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-08-11 19:18:48 ----D---- C:\Program Files\Internet Explorer

2009-08-11 19:15:45 ----D---- C:\Program Files\Outlook Express

2009-08-11 12:52:55 ----SHD---- C:\WINDOWS\CSC

2009-08-11 09:49:46 ----D---- C:\Program Files\SUPERAntiSpyware

2009-08-08 21:35:28 ----D---- C:\WINDOWS\Registration

2009-08-06 18:00:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-05 05:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll

2009-07-29 00:53:14 ----A---- C:\WINDOWS\system32\t2embed.dll

2009-07-29 00:53:14 ----A---- C:\WINDOWS\system32\fontsub.dll

2009-07-28 22:18:54 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt

2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\shdocvw.dll

2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\mshtml.dll

2009-07-17 14:55:28 ----A---- C:\WINDOWS\system32\atl.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []

R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []

R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]

R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-08-23 121472]

R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]

R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]

R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]

R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070622.033\naveng.sys []

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070622.033\navex15.sys []

R3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP); C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-04-01 27520]

R3 PTDCMdm;PANTECH PC Card Drivers (UDP); C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-04-01 41728]

R3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP); C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-04-01 39808]

R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver; C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys [2007-04-30 58240]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]

R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]

R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []

R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]

S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]

S3 pxfhbus;PANTECH PC Card Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\pxfhbus.sys []

S3 pxfhmdfl;PANTECH PC Card Filter; C:\WINDOWS\system32\DRIVERS\pxfhmdfl.sys []

S3 pxfhmdm;PANTECH PC Card Drivers; C:\WINDOWS\system32\DRIVERS\pxfhmdm.sys []

S3 pxfhserd;PANTECH PC Card Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\pxfhserd.sys []

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []

S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []

S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []

S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 38496]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]

R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]

S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]

S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]

S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

Link to post
Share on other sites

Please download Dr.Web CureIt . Save it to your desktop:

  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
  • This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Please post the Dr.Web.txt report in your next reply
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

Link to post
Share on other sites

You're welcome

Your log looks clean, Great Job :rolleyes:

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Cleanup.png

Now for some cleanup..

Please download OTC and save it to Desktop.

  • Please make sure you are connecting to the Internet
  • Double-click OTC.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.

      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.

  • Next press the Apply button and then the OK to exit the Internet Properties page.




    • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
      No Firewall Onboard
      You don't seem to have a firewall program installed. Using a firewall will allow you to allow/deny access for applications that want to go online. Select one of these, or another of your choice:

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    [*]Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

    [*]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

  • McAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.