Jump to content

Malwarebytes Scan shows same infection


Crim
 Share

Recommended Posts

Everytime i scan i get this

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

9/11/2009 11:33:51 PM

mbam-log-2009-09-11 (23-33-48).txt

Scan type: Quick Scan

Objects scanned: 99096

Time elapsed: 32 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmbomydjtp (Rootkit.TDSS) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

It tells me it needs to restart to complete.. i restart.. and run scan.. get SAME results.. i tryed to manually remove the registry key .. and it wont let me.. can someone help?

Also.. im gettin an awful lot of ip protection notifications from mbam, is there a log someowhere that saves the ip detections?

Link to post
Share on other sites

  • Staff

Hi,

It looks like this key is locked (permissions set). Let's have a look first if the malware is still active or not...

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

ok i re-installed as u instructed.. my mbam protection is now loaded.. i ran a scan and heres the results:

Malwarebytes' Anti-Malware 1.41

Database version: 2797

Windows 5.1.2600 Service Pack 3

9/14/2009 4:56:00 PM

mbam-log-2009-09-14 (16-56-00).txt

Scan type: Quick Scan

Objects scanned: 98759

Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

So everything is good? do i still need the combofix u suggested before? and what about the ip alerts?

Link to post
Share on other sites

is there a log for the ips blocked?...

here is the combo fix results:

ComboFix 09-09-14.02 - Mr IIXI 09/14/2009 17:13.1.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2676 [GMT -4:00]

Running from: c:\documents and settings\Mr IIXI\Desktop\ComboFix.exe

AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-2730533083-2623976161-2956594988-1000

c:\windows\system32\41.exe

c:\windows\system32\config\systemprofile\Desktop\Advanced Virus Remover.lnk

c:\windows\system32\config\systemprofile\Start Menu\Advanced Virus Remover.lnk

c:\windows\system32\msvcsv60.dll

c:\windows\Temp\2877899434.exe

.

((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))

.

2009-09-14 20:51 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-14 20:51 . 2009-09-14 20:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-14 20:51 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-13 14:27 . 2009-09-13 14:27 -------- d-----w- c:\program files\MusicLab

2009-09-08 14:38 . 2009-09-08 14:38 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2009-09-08 14:37 . 2009-09-08 14:37 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\Malwarebytes

2009-09-08 14:37 . 2009-09-08 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-08 00:36 . 2009-09-08 00:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-09-07 23:53 . 2009-09-07 23:54 -------- d-----w- c:\program files\ManyCam 2.4

2009-09-07 23:53 . 2009-09-07 23:54 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\ManyCam

2009-09-07 23:36 . 2009-09-07 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-09-07 23:18 . 2009-09-10 15:23 759240 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-09-07 21:36 . 2009-09-07 21:38 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\Webcammax

2009-09-07 21:36 . 2009-07-20 01:13 1052928 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys

2009-09-07 20:21 . 2009-09-07 20:21 -------- d-----w- c:\program files\Microsoft

2009-08-29 02:59 . 2009-08-29 02:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8E4DC1D0-364F-4942-85CD-BCD7298D633E}

2009-08-29 02:55 . 2009-08-29 03:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A7689876-F0D2-4DC6-9C70-CA306AA80853}

2009-08-28 15:06 . 2009-08-28 15:06 -------- d-----w- c:\program files\PSPaudioware

2009-08-28 05:05 . 2009-08-28 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2009-08-28 02:53 . 2009-08-28 02:53 -------- d-----w- c:\program files\Sugar Bytes

2009-08-27 16:25 . 2009-08-31 19:35 -------- d-----w- c:\documents and settings\Mr IIXI\Local Settings\Application Data\112dB

2009-08-27 16:25 . 2009-08-27 17:56 -------- d-----w- c:\program files\112dB

2009-08-26 03:15 . 2009-08-26 03:18 44544 ------w- c:\windows\AWuninstall.exe

2009-08-23 18:22 . 2009-08-27 22:04 -------- d-----w- c:\program files\GForce

2009-08-22 21:15 . 2009-08-22 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2009-08-17 07:04 . 2009-08-17 07:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe

2009-08-17 07:04 . 2009-08-17 07:04 81920 ----a-w- c:\windows\system32\nvwddi.dll

2009-08-17 07:03 . 2009-08-17 07:03 3170304 ----a-w- c:\windows\system32\nvwss.dll

2009-08-17 07:03 . 2009-08-17 07:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll

2009-08-17 07:03 . 2009-08-17 07:03 188416 ----a-w- c:\windows\system32\nvmccss.dll

2009-08-17 07:03 . 2009-08-17 07:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll

2009-08-17 07:03 . 2009-08-17 07:03 3547136 ----a-w- c:\windows\system32\nvgames.dll

2009-08-17 07:03 . 2009-08-17 07:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll

2009-08-17 07:03 . 2009-08-17 07:03 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-08-17 07:03 . 2009-08-17 07:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-08-17 07:03 . 2009-08-17 07:03 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-08-17 07:03 . 2009-08-17 07:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll

2009-08-17 07:02 . 2009-08-17 07:02 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-08-17 04:57 . 2009-08-17 04:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-08-17 04:57 . 2009-08-17 04:57 1597690 ----a-w- c:\windows\system32\nvdata.bin

2009-08-16 22:03 . 2009-08-16 22:03 -------- d-----w- c:\windows\system32\Lang

2009-08-16 21:09 . 2009-08-16 21:09 -------- d-----w- c:\windows\system32\RTCOM

2009-08-16 20:11 . 2009-08-16 20:11 -------- d-----w- c:\program files\SpacialAudio

2009-08-16 20:11 . 2007-10-16 14:07 442368 ----a-w- c:\windows\system32\GDS32.DLL

2009-08-16 20:11 . 2005-09-23 04:05 548864 ----a-w- c:\windows\system32\msvcp80.dll

2009-08-16 20:11 . 2009-08-16 20:11 -------- d-----w- c:\program files\Firebird

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-14 20:49 . 2009-03-20 18:40 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2009-09-14 20:44 . 2009-07-28 22:02 -------- d-----w- c:\program files\Trillian

2009-09-13 21:43 . 2009-03-19 05:04 -------- d-----w- c:\program files\Winamp

2009-09-13 14:27 . 2009-03-23 16:35 -------- d-----w- c:\program files\VstPlugins

2009-09-13 14:24 . 2009-03-25 07:06 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\uTorrent

2009-09-13 02:14 . 2009-04-17 05:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-10 15:29 . 2009-06-27 05:32 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-09 18:57 . 2009-03-19 17:21 -------- d-----w- c:\program files\RocketDock

2009-09-08 22:12 . 2009-03-23 18:08 32 ----a-w- c:\windows\msocreg32.dat

2009-08-31 18:14 . 2009-08-31 18:14 0 ---ha-w- c:\documents and settings\Mr IIXI\Application Data\.D80ED3046C324D57.sys

2009-08-31 18:14 . 2009-08-31 18:14 0 ---ha-w- c:\documents and settings\Mr IIXI\Application Data\.D80ED3046C324D56.sys

2009-08-31 17:20 . 2009-08-31 17:20 0 ---ha-w- c:\documents and settings\Mr IIXI\Application Data\.D80ED304CDD1C713.sys

2009-08-31 17:01 . 2009-03-18 15:00 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-29 02:59 . 2009-03-26 13:24 -------- d-----w- c:\program files\Common Files\Native Instruments

2009-08-29 02:59 . 2009-03-26 13:24 -------- d-----w- c:\program files\Native Instruments

2009-08-28 05:05 . 2009-04-12 06:34 -------- d-----w- c:\program files\World of Warcraft

2009-08-27 21:47 . 2009-03-23 19:34 -------- d-----w- c:\program files\Antares Audio Technologies

2009-08-26 21:56 . 2009-03-18 20:07 471000 ----a-w- c:\documents and settings\Mr IIXI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-25 03:47 . 2009-04-08 05:30 295768 ---ha-w- c:\windows\system32\mlfcache.dat

2009-08-22 21:16 . 2009-03-18 05:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-22 21:15 . 2009-03-18 05:54 -------- d-----w- c:\program files\AGEIA Technologies

2009-08-22 21:15 . 2009-03-18 15:00 -------- d-----w- c:\program files\NVIDIA Corporation

2009-08-17 04:57 . 2009-03-18 05:53 485920 ----a-w- c:\windows\system32\nvudisp.exe

2009-08-17 04:57 . 2009-02-18 19:44 868352 ----a-w- c:\windows\system32\nvapi.dll

2009-08-17 04:57 . 2009-02-18 19:44 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-08-17 04:57 . 2009-02-18 19:44 5845760 ----a-w- c:\windows\system32\nv4_disp.dll

2009-08-17 04:57 . 2009-02-18 19:44 2189856 ----a-w- c:\windows\system32\nvcuvid.dll

2009-08-17 04:57 . 2009-02-18 19:44 2002944 ----a-w- c:\windows\system32\nvcuda.dll

2009-08-17 04:57 . 2009-02-18 19:44 155648 ----a-w- c:\windows\system32\nvcodins.dll

2009-08-17 04:57 . 2009-02-18 19:44 155648 ----a-w- c:\windows\system32\nvcod.dll

2009-08-17 04:57 . 2009-02-18 19:44 10457088 ----a-w- c:\windows\system32\nvoglnt.dll

2009-08-16 23:57 . 2009-04-17 05:49 -------- d-----w- c:\program files\FlashFXP

2009-08-15 20:18 . 2009-08-15 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Digital Anarchy

2009-08-14 17:36 . 2009-08-14 17:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll

2009-08-11 16:35 . 2009-03-18 05:53 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-08-07 15:21 . 2009-03-23 16:33 -------- d-----w- c:\program files\Image-Line

2009-08-06 21:13 . 2009-08-05 06:50 -------- d-----w- c:\program files\ooVoo

2009-08-05 09:01 . 2008-04-14 03:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 06:51 . 2009-08-05 06:50 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\ooVoo Details

2009-08-03 04:21 . 2009-08-03 04:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll

2009-07-31 12:30 . 2009-03-18 16:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-31 12:30 . 2009-03-18 16:37 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-31 12:30 . 2009-03-18 16:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-28 22:16 . 2009-07-28 22:03 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\Trillian

2009-07-28 22:02 . 2009-06-27 03:02 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\.purple

2009-07-28 21:52 . 2009-06-27 03:05 -------- d-----w- c:\documents and settings\Mr IIXI\Application Data\gtk-2.0

2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-20 15:15 . 2009-05-26 22:03 -------- d-----w- c:\program files\LUXONIX

2009-07-17 19:01 . 2008-04-14 03:41 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-15 19:05 . 2009-07-15 19:05 229208 ----a-w- c:\windows\system32\drivers\VMM.sys

2009-07-14 03:43 . 2008-04-14 03:42 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:09 . 2008-04-14 03:42 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 08:25 . 2008-04-14 03:42 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2008-04-14 03:42 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2008-04-14 03:42 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2008-04-14 03:42 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:25 . 2008-04-14 03:41 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2008-04-14 03:41 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2008-04-13 22:01 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-23 14:18 . 2009-03-19 21:26 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

.

------- Sigcheck -------

[-] 2009-03-18 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-13 2007832]

"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-29 1005960]

"Fellowes Proxy"="c:\windows\system32\r3proxy.exe" [2004-03-25 86016]

"VX1000"="c:\windows\vVX1000.exe" [2008-08-04 721936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

c:\documents and settings\Mr IIXI\Start Menu\Programs\Startup\

TClock2.lnk - c:\program files\TClock2\tclock2.exe [2009-4-12 90624]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-31 12:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"nSvcIp"=2 (0x2)

"MSCamSvc"=2 (0x2)

"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)

"FirebirdServerMAGIXInstance"=3 (0x3)

"ASTSRV"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Curse\\CurseClient.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"37676:TCP"= 37676:TCP:*:Disabled:ooVoo TCP port 37676

"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676

"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [5/5/2009 7:52 AM 40496]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2009 12:37 PM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2009 12:37 PM 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/18/2009 12:37 PM 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/18/2009 12:37 PM 297752]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/14/2009 4:51 PM 269648]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [3/23/2009 3:59 PM 33792]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2009 12:56 PM 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2009 12:56 PM 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2009 12:56 PM 566296]

R3 FeMouWDM;Fellowes Mouse Driver;c:\windows\system32\drivers\FeMouWDM.sys [3/25/2004 3:18 PM 11393]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/14/2009 4:51 PM 19160]

R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [3/26/2009 2:25 PM 2048]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2009 12:56 PM 99352]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2009 12:56 PM 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2009 12:56 PM 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2009 12:56 PM 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2009 12:56 PM 566296]

S4 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [6/3/2009 1:39 AM 57344]

S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [6/7/2009 7:00 PM 1527900]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6D56B649-8C5F-33A4-B350-DB35D68EDEE5}]

c:\program files\srvcwin\winsrvc.exe s

.

Contents of the 'Scheduled Tasks' folder

2009-09-14 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Mr IIXI.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-14 18:53]

2009-09-14 c:\windows\Tasks\Malwarebytes' Scheduled Update for Mr IIXI.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-14 18:53]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

LSP: %SYSTEMROOT%\system32\nvLsp.dll

TCP: {F1B7366B-C61F-4081-8072-64EE37C8537C} = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Mr IIXI\Application Data\Mozilla\Firefox\Profiles\kmk7eg3i.default\

FF - prefs.js: browser.search.selectedEngine - YouTube Video Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-14 17:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,9c,f4,73,8b,47,35,42,a0,b6,89,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,9c,f4,73,8b,47,35,42,a0,b6,89,\

[HKEY_USERS\S-1-5-21-2000478354-1757981266-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EFC6248-102E-69BA-31C6-DC926F3FF0A8}*]

"haldjjbcfplmbnne"=hex:69,61,63,6d,62,64,6c,66,6c,6d,67,6d,65,68,66,70,70,64,

00,00

"iabgiaamcjlfcifdie"=hex:63,61,64,6d,6b,64,00,7c

"iafdhlaodmgmgkbidg"=hex:6a,61,61,6d,69,63,6d,6e,69,67,67,63,68,64,6f,6b,6d,6e,

63,6f,00,ff

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h

Link to post
Share on other sites

  • Staff

Hi,

What do you mean? A log from the IPs blocked?

Please read here about the IP block feature:

http://www.malwarebytes.org/forums/index.php?showtopic=21076

So you understand how it works and why it may show IP blocks (happens in most of the cases with P2P programs etc)

Also, Go to next site:

http://www.virustotal.com/en/indexf.html

On top you'll find 'Browse'

Click the browse button and browse to next file:

c:\windows\system32\winlogon.exe

Click open.

Then click the 'Send' button next to it.

This will scan the file. Please be patient.

Once scanned, copy and paste the results in your next reply.

Link to post
Share on other sites

  • Staff

Hi,

This looks OK.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

  • Staff

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.