bigugly Posted July 16, 2010 ID:285187 Share Posted July 16, 2010 hello- long time MB fan, purchased it to support what you do.i have an infection that symantic cannot remove. it continues to come up. i have tried to run GMER, but it runs for hours and hours, maxing my computer out @ 100%. i ended up for the last 3 nights trying to get it to run overnight, but when i wake up in the morning the computer has restarted it self. my explorer asked if i want to resume my last session- so im assuming its a forced shut down, not one that is/was requested by anything.when i try to attach my hijackthis log, uploading file just sits there and sits there........ forum issue? i guess ill try later today? could i get some assistance in getting my computer back to good health?i was able to run defogger, and have my DDS and attach txt's done as well if needed.thank you! keep killing bugs! Link to post Share on other sites More sharing options...
bigugly Posted July 20, 2010 Author ID:286998 Share Posted July 20, 2010 hello MB,unable to get support still- been a few days. hopefully it hasnt been missed on accident!i am getting a symantic norton corporate edition catching trojan.zefarch with a file name of onereveg.dll.it is also bringing me another file name of overlay.xulis this of any help?thanks! Link to post Share on other sites More sharing options...
Staff screen317 Posted July 20, 2010 Staff ID:287051 Share Posted July 20, 2010 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized. Link to post Share on other sites More sharing options...
bigugly Posted July 20, 2010 Author ID:287094 Share Posted July 20, 2010 here is "Attach" from DDS, and (i hope this is ok) a full scan of MBAMthanks for responding!currently while browsing, i get random pop ups, and symantic is popping up with random "catches".thanksAttach.rarmbam_log_2010_07_19__21_55_28_.rar Link to post Share on other sites More sharing options...
Staff screen317 Posted July 20, 2010 Staff ID:287101 Share Posted July 20, 2010 Hi,In the future please post all logs directly in your reply instead of attaching them.Run DDS again and this time post DDS.txt Link to post Share on other sites More sharing options...
bigugly Posted July 20, 2010 Author ID:287365 Share Posted July 20, 2010 Hi,In the future please post all logs directly in your reply instead of attaching them.Run DDS again and this time post DDS.txtim unable to get the website to accept my reply Link to post Share on other sites More sharing options...
bigugly Posted July 20, 2010 Author ID:287366 Share Posted July 20, 2010 im unable to get the website to accept my reply i aplogise for the misunderstanding.ill be out of town untill friday (leaving in a few hours)thanks!biguglyDDS (Ver_10-03-17.01) - NTFSx86 Run by Alex at 10:14:05.32 on Tue 07/20/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2814 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\svchost.exe -k HPServiceC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\vptray.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Documents and Settings\Alex\Desktop\dds.scr Link to post Share on other sites More sharing options...
bigugly Posted July 20, 2010 Author ID:287367 Share Posted July 20, 2010 im sorry i cant get the forum to accept any more of the DDS log i dont know whats going on- keeps showing that i cant show the website (like connection is lost) when i hit "add reply".i tried all sorts of things- you'll have to use the zipped file- as thats the only way to see it.im about to wipe this computer out and just start fresh its aggrivating me so much! Link to post Share on other sites More sharing options...
bigugly Posted July 20, 2010 Author ID:287370 Share Posted July 20, 2010 this is the only way i can get the forum to accept it. im sorry for making your life harder dds.rar Link to post Share on other sites More sharing options...
Staff screen317 Posted July 20, 2010 Staff ID:287599 Share Posted July 20, 2010 Hi,No problem. Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
bigugly Posted July 23, 2010 Author ID:289159 Share Posted July 23, 2010 Hi,No problem. Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317combo fix:ComboFix 10-07-22.05 - Alex 07/23/2010 9:33.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3040 [GMT -5:00]Running from: c:\documents and settings\Alex\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Alex\Recent\Thumbs.dbc:\windows\onereveg.dllc:\windows\xpsp1hfm.logInfected copy of c:\windows\system32\drivers\termdd.sys was found and disinfected Restored copy from - Kitty had a snack .((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 ))))))))))))))))))))))))))))))).2010-07-23 13:58 . 2010-07-23 13:58 -------- d-----w- C:\32788R22FWJFW2010-07-23 13:38 . 2010-07-23 13:38 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{1126D8BF-4480-4E38-A7A2-CB6E18EE47AD}2010-07-20 14:43 . 2010-07-20 14:43 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{10430322-8456-446F-9CDE-B56CC1A3D11E}2010-07-20 01:41 . 2010-07-20 01:47 317943360 ----a-w- C:\Mary Kay - Your Can Do It! Auri's Formula.bin2010-07-20 00:20 . 2010-07-20 00:20 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{76653D6D-9769-4558-A043-E42290E1858E}2010-07-19 20:51 . 2010-07-19 20:51 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{4044F069-5964-47EC-B47F-D9D4A5AF7236}2010-07-18 21:22 . 2010-07-18 21:22 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{A1B8FBB4-CCDB-4DFD-A253-B4B4DBA8D132}2010-07-16 21:04 . 2010-07-16 21:04 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{730051B9-1188-408F-A8AF-694E9B3AA1E5}2010-07-16 18:54 . 2010-07-16 18:54 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{10C543B8-07C8-436C-9C2B-A736417B04E6}2010-07-16 11:01 . 2010-07-16 11:01 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{A26A6F59-7745-489A-9179-8BBFFDA6BD27}2010-07-16 08:45 . 2010-07-16 08:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2010-07-16 00:34 . 2010-07-16 00:34 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{F0DD838C-AF0A-4CFB-BCA1-D89959A1C8C0}2010-07-15 12:36 . 2010-07-15 12:36 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{F86F1C4A-EC60-4322-A6A6-D1E54E74431A}2010-07-15 02:20 . 2010-07-15 02:20 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{9C3E3513-900B-4409-A921-55943022A3B7}2010-07-15 01:30 . 2010-07-15 01:30 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{31D4BC33-4D65-4D41-81ED-7F5FDA55AE1B}2010-07-14 01:35 . 2010-07-14 01:35 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{368CA09E-9A2E-41DA-8949-AAEFAA8F4A12}2010-07-13 21:16 . 2010-07-13 21:16 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{FD2BCA66-0E35-47C6-88F6-84EDEA23D963}2010-07-13 01:38 . 2010-07-13 01:38 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{01A7BF56-9FEF-474A-92FD-BD606DB4C259}2010-07-12 23:24 . 2010-07-12 23:24 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{5FA9B664-551E-4A84-B40E-21A2DCCB7A3C}2010-07-12 01:40 . 2010-07-12 01:40 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{CD5C45A2-85DF-4EAA-A6F7-62AA8F41C4F0}2010-07-11 22:28 . 2010-07-18 17:25 664 ----a-w- c:\windows\system32\d3d9caps.dat2010-07-11 21:28 . 2010-07-11 21:28 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{10223AA0-7184-420B-BFF7-C6DA251FD68D}2010-07-11 21:22 . 2010-07-11 21:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2010-07-11 21:10 . 2010-07-23 13:38 120 ----a-w- c:\windows\Iqiciqefameteqar.dat2010-07-11 21:10 . 2010-07-23 13:38 0 ----a-w- c:\windows\Wlipimeq.bin2010-07-11 21:10 . 2010-07-11 21:10 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{186490D6-73FE-41BA-9C09-7A9C3C17E83E}.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-23 14:32 . 2008-03-05 01:59 -------- d-----w- c:\program files\Symantec AntiVirus2010-07-20 17:04 . 2009-02-11 03:33 -------- d-----w- c:\program files\Mozilla Thunderbird2010-07-12 01:39 . 2009-01-02 01:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-02 23:42 . 2008-02-29 03:43 23272 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-07-02 23:41 . 2010-05-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\MyPoiWorld2010-06-07 22:08 . 2010-06-07 22:08 -------- d-----w- c:\documents and settings\Alli\Application Data\ImgBurn2010-06-07 21:35 . 2008-02-28 07:10 -------- d-----w- c:\program files\Microsoft Silverlight2010-05-23 18:07 . 2008-02-28 06:18 23272 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys2010-04-29 20:39 . 2010-03-26 02:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-29 20:39 . 2010-03-26 02:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys.------- Sigcheck -------[-] 2010-01-09 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS[-] 2010-01-09 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys[-] 2001-08-23 . E7774698BB0D14B0710A9A31E209F9B6 . 327168 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\backup\tcpip.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2005-11-15 85744]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkbackup=c:\windows\pss\Windows Search.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]2006-11-14 06:25 363008 ----a-r- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]2006-10-30 12:44 1953792 ------r- c:\windows\system32\JMRaidSetup.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]2006-10-30 12:44 36864 ------r- c:\windows\JM\JMInsIDE.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPoi Monitor]2010-03-26 21:10 2114808 ----a-w- c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]2006-02-17 17:40 270336 ----a-w- c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]2009-05-01 05:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]2009-05-01 05:30 86016 ----a-w- c:\windows\system32\nvmctray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2009-03-09 10:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"iPod Service"=3 (0x3)"Apple Mobile Device"=2 (0x2)"nSvcLog"=2 (0x2)"nSvcIp"=2 (0x2)"ForcewareWebInterface"=2 (0x2)"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)"Bonjour Service"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\BitTorrent\\bittorrent.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Documents and Settings\\Alex\\Desktop\\ksd\\C1KSD\\C1KSD.exe"="c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\MyPoi Manager\\MyPoiManager.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundEchoRequest"= 1 (0x1)R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/25/2010 9:35 PM 304464]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 8:36 PM 102448]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/25/2010 9:35 PM 20952]S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [11/3/2005 11:52 AM 136832]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder2010-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]..------- Supplementary Scan -------.uStart Page = hxxp://pirate4x4.com/forum/usercp.phpuInternet Settings,ProxyServer = http=127.0.0.1:5555IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000LSP: %SYSTEMROOT%\system32\nvappfilter.dllTCP: {5CF3239D-C0CB-499F-A206-0DCAE33841B0} = 68.87.85.102,68.87.69.150DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB..------- File Associations -------..txt=.- - - - ORPHANS REMOVED - - - -HKLM-Run-Oyeqowaqifih - c:\windows\onereveg.dllMSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exeMSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exeMSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.ExeAddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Alex\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-07-23 09:43Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'lsass.exe'(1220)c:\windows\system32\nvappfilter.dll.Completion time: 2010-07-23 09:49:40ComboFix-quarantined-files.txt 2010-07-23 14:49ComboFix2.txt 2009-03-08 05:26Pre-Run: 35,625,095,168 bytes freePost-Run: 36,267,323,392 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn- - End Of File - - 34C0BA7945B6D3ED7460698144DC22B8-------------------------------DDS logComboFix 10-07-22.05 - Alex 07/23/2010 9:33.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3040 [GMT -5:00]Running from: c:\documents and settings\Alex\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Alex\Recent\Thumbs.dbc:\windows\onereveg.dllc:\windows\xpsp1hfm.logInfected copy of c:\windows\system32\drivers\termdd.sys was found and disinfected Restored copy from - Kitty had a snack .((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 ))))))))))))))))))))))))))))))).2010-07-23 13:58 . 2010-07-23 13:58 -------- d-----w- C:\32788R22FWJFW2010-07-23 13:38 . 2010-07-23 13:38 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{1126D8BF-4480-4E38-A7A2-CB6E18EE47AD}2010-07-20 14:43 . 2010-07-20 14:43 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{10430322-8456-446F-9CDE-B56CC1A3D11E}2010-07-20 01:41 . 2010-07-20 01:47 317943360 ----a-w- C:\Mary Kay - Your Can Do It! Auri's Formula.bin2010-07-20 00:20 . 2010-07-20 00:20 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{76653D6D-9769-4558-A043-E42290E1858E}2010-07-19 20:51 . 2010-07-19 20:51 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{4044F069-5964-47EC-B47F-D9D4A5AF7236}2010-07-18 21:22 . 2010-07-18 21:22 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{A1B8FBB4-CCDB-4DFD-A253-B4B4DBA8D132}2010-07-16 21:04 . 2010-07-16 21:04 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{730051B9-1188-408F-A8AF-694E9B3AA1E5}2010-07-16 18:54 . 2010-07-16 18:54 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{10C543B8-07C8-436C-9C2B-A736417B04E6}2010-07-16 11:01 . 2010-07-16 11:01 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{A26A6F59-7745-489A-9179-8BBFFDA6BD27}2010-07-16 08:45 . 2010-07-16 08:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2010-07-16 00:34 . 2010-07-16 00:34 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{F0DD838C-AF0A-4CFB-BCA1-D89959A1C8C0}2010-07-15 12:36 . 2010-07-15 12:36 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{F86F1C4A-EC60-4322-A6A6-D1E54E74431A}2010-07-15 02:20 . 2010-07-15 02:20 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{9C3E3513-900B-4409-A921-55943022A3B7}2010-07-15 01:30 . 2010-07-15 01:30 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{31D4BC33-4D65-4D41-81ED-7F5FDA55AE1B}2010-07-14 01:35 . 2010-07-14 01:35 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{368CA09E-9A2E-41DA-8949-AAEFAA8F4A12}2010-07-13 21:16 . 2010-07-13 21:16 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{FD2BCA66-0E35-47C6-88F6-84EDEA23D963}2010-07-13 01:38 . 2010-07-13 01:38 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{01A7BF56-9FEF-474A-92FD-BD606DB4C259}2010-07-12 23:24 . 2010-07-12 23:24 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{5FA9B664-551E-4A84-B40E-21A2DCCB7A3C}2010-07-12 01:40 . 2010-07-12 01:40 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{CD5C45A2-85DF-4EAA-A6F7-62AA8F41C4F0}2010-07-11 22:28 . 2010-07-18 17:25 664 ----a-w- c:\windows\system32\d3d9caps.dat2010-07-11 21:28 . 2010-07-11 21:28 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{10223AA0-7184-420B-BFF7-C6DA251FD68D}2010-07-11 21:22 . 2010-07-11 21:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2010-07-11 21:10 . 2010-07-23 13:38 120 ----a-w- c:\windows\Iqiciqefameteqar.dat2010-07-11 21:10 . 2010-07-23 13:38 0 ----a-w- c:\windows\Wlipimeq.bin2010-07-11 21:10 . 2010-07-11 21:10 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{186490D6-73FE-41BA-9C09-7A9C3C17E83E}.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-23 14:32 . 2008-03-05 01:59 -------- d-----w- c:\program files\Symantec AntiVirus2010-07-20 17:04 . 2009-02-11 03:33 -------- d-----w- c:\program files\Mozilla Thunderbird2010-07-12 01:39 . 2009-01-02 01:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-02 23:42 . 2008-02-29 03:43 23272 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-07-02 23:41 . 2010-05-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\MyPoiWorld2010-06-07 22:08 . 2010-06-07 22:08 -------- d-----w- c:\documents and settings\Alli\Application Data\ImgBurn2010-06-07 21:35 . 2008-02-28 07:10 -------- d-----w- c:\program files\Microsoft Silverlight2010-05-23 18:07 . 2008-02-28 06:18 23272 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys2010-04-29 20:39 . 2010-03-26 02:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-29 20:39 . 2010-03-26 02:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys.------- Sigcheck -------[-] 2010-01-09 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS[-] 2010-01-09 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys[-] 2001-08-23 . E7774698BB0D14B0710A9A31E209F9B6 . 327168 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\backup\tcpip.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2005-11-15 85744]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkbackup=c:\windows\pss\Windows Search.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]2006-11-14 06:25 363008 ----a-r- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]2006-10-30 12:44 1953792 ------r- c:\windows\system32\JMRaidSetup.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]2006-10-30 12:44 36864 ------r- c:\windows\JM\JMInsIDE.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPoi Monitor]2010-03-26 21:10 2114808 ----a-w- c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]2006-02-17 17:40 270336 ----a-w- c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]2009-05-01 05:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]2009-05-01 05:30 86016 ----a-w- c:\windows\system32\nvmctray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2009-03-09 10:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"iPod Service"=3 (0x3)"Apple Mobile Device"=2 (0x2)"nSvcLog"=2 (0x2)"nSvcIp"=2 (0x2)"ForcewareWebInterface"=2 (0x2)"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)"Bonjour Service"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\BitTorrent\\bittorrent.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Documents and Settings\\Alex\\Desktop\\ksd\\C1KSD\\C1KSD.exe"="c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\MyPoi Manager\\MyPoiManager.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundEchoRequest"= 1 (0x1)R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/25/2010 9:35 PM 304464]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 8:36 PM 102448]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/25/2010 9:35 PM 20952]S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [11/3/2005 11:52 AM 136832]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder2010-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]..------- Supplementary Scan -------.uStart Page = hxxp://pirate4x4.com/forum/usercp.phpuInternet Settings,ProxyServer = http=127.0.0.1:5555IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000LSP: %SYSTEMROOT%\system32\nvappfilter.dllTCP: {5CF3239D-C0CB-499F-A206-0DCAE33841B0} = 68.87.85.102,68.87.69.150DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB..------- File Associations -------..txt=.- - - - ORPHANS REMOVED - - - -HKLM-Run-Oyeqowaqifih - c:\windows\onereveg.dllMSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exeMSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exeMSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.ExeAddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Alex\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-07-23 09:43Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'lsass.exe'(1220)c:\windows\system32\nvappfilter.dll.Completion time: 2010-07-23 09:49:40ComboFix-quarantined-files.txt 2010-07-23 14:49ComboFix2.txt 2009-03-08 05:26Pre-Run: 35,625,095,168 bytes freePost-Run: 36,267,323,392 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn- - End Of File - - 34C0BA7945B6D3ED7460698144DC22B8thanks! Link to post Share on other sites More sharing options...
Staff screen317 Posted July 24, 2010 Staff ID:289653 Share Posted July 24, 2010 Hi,Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:http://forums.malwarebytes.org/index.php?showtopic=57538Dirlook::c:\documents and settings\Alex\Local Settings\Application Data\{1126D8BF-4480-4E38-A7A2-CB6E18EE47AD}c:\documents and settings\Alex\Local Settings\Application Data\{10430322-8456-446F-9CDE-B56CC1A3D11E}c:\documents and settings\Alex\Local Settings\Application Data\{76653D6D-9769-4558-A043-E42290E1858E}c:\documents and settings\Alli\Local Settings\Application Data\{4044F069-5964-47EC-B47F-D9D4A5AF7236}c:\documents and settings\Alex\Local Settings\Application Data\{A1B8FBB4-CCDB-4DFD-A253-B4B4DBA8D132}c:\documents and settings\Alli\Local Settings\Application Data\{730051B9-1188-408F-A8AF-694E9B3AA1E5}c:\documents and settings\Alex\Local Settings\Application Data\{10C543B8-07C8-436C-9C2B-A736417B04E6}c:\documents and settings\Alex\Local Settings\Application Data\{A26A6F59-7745-489A-9179-8BBFFDA6BD27}c:\documents and settings\NetworkService\Local Settings\Application Data\Adobec:\documents and settings\Alex\Local Settings\Application Data\{F0DD838C-AF0A-4CFB-BCA1-D89959A1C8C0}c:\documents and settings\Alli\Local Settings\Application Data\{F86F1C4A-EC60-4322-A6A6-D1E54E74431A}c:\documents and settings\Alex\Local Settings\Application Data\{9C3E3513-900B-4409-A921-55943022A3B7}c:\documents and settings\Alex\Local Settings\Application Data\{31D4BC33-4D65-4D41-81ED-7F5FDA55AE1B}c:\documents and settings\Alex\Local Settings\Application Data\{368CA09E-9A2E-41DA-8949-AAEFAA8F4A12}c:\documents and settings\Alli\Local Settings\Application Data\{FD2BCA66-0E35-47C6-88F6-84EDEA23D963}c:\documents and settings\Alex\Local Settings\Application Data\{01A7BF56-9FEF-474A-92FD-BD606DB4C259}c:\documents and settings\Alli\Local Settings\Application Data\{5FA9B664-551E-4A84-B40E-21A2DCCB7A3C}c:\documents and settings\Alex\Local Settings\Application Data\{CD5C45A2-85DF-4EAA-A6F7-62AA8F41C4F0}c:\documents and settings\Alex\Local Settings\Application Data\{10223AA0-7184-420B-BFF7-C6DA251FD68D}c:\documents and settings\Alex\Local Settings\Application Data\{186490D6-73FE-41BA-9C09-7A9C3C17E83E}c:\documents and settings\NetworkService\IETldCacheFilelook::C:\Mary Kay - Your Can Do It! Auri's Formula.binc:\windows\system32\d3d9caps.datc:\windows\Iqiciqefameteqar.datc:\windows\Wlipimeq.binCollect::c:\windows\Iqiciqefameteqar.datc:\windows\Wlipimeq.binFCOPY::c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\TCPIP.SYSSave this as CFScript.txtRefering to the picture above, drag CFScript.txt into ComboFix.exeWhen finished, it shall produce a log for you. Post that log in your next reply.**Note** When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.Ensure you are connected to the internet and click OK on the message box. Link to post Share on other sites More sharing options...
bigugly Posted July 24, 2010 Author ID:289845 Share Posted July 24, 2010 thanks for working on the weekends-ComboFix 10-07-24.01 - Alex 07/24/2010 16:16:40.3.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2727 [GMT -5:00]Running from: c:\documents and settings\Alex\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Alex\Desktop\CFScript.txtAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}file zipped: c:\windows\Iqiciqefameteqar.datfile zipped: c:\windows\Wlipimeq.bin.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\Iqiciqefameteqar.datc:\windows\Wlipimeq.bin.--------------- FCopy ---------------c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\TCPIP.SYS.((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 ))))))))))))))))))))))))))))))).2010-07-23 21:58 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2010-07-23 13:38 . 2010-07-23 13:38 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{1126D8BF-4480-4E38-A7A2-CB6E18EE47AD}2010-07-20 14:43 . 2010-07-20 14:43 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{10430322-8456-446F-9CDE-B56CC1A3D11E}2010-07-20 01:41 . 2010-07-20 01:47 317943360 ----a-w- C:\Mary Kay - Your Can Do It! Auri's Formula.bin2010-07-20 00:20 . 2010-07-20 00:20 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{76653D6D-9769-4558-A043-E42290E1858E}2010-07-19 20:51 . 2010-07-19 20:51 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{4044F069-5964-47EC-B47F-D9D4A5AF7236}2010-07-18 21:22 . 2010-07-18 21:22 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{A1B8FBB4-CCDB-4DFD-A253-B4B4DBA8D132}2010-07-16 21:04 . 2010-07-16 21:04 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{730051B9-1188-408F-A8AF-694E9B3AA1E5}2010-07-16 18:54 . 2010-07-16 18:54 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{10C543B8-07C8-436C-9C2B-A736417B04E6}2010-07-16 11:01 . 2010-07-16 11:01 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{A26A6F59-7745-489A-9179-8BBFFDA6BD27}2010-07-16 08:45 . 2010-07-16 08:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2010-07-16 00:34 . 2010-07-16 00:34 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{F0DD838C-AF0A-4CFB-BCA1-D89959A1C8C0}2010-07-15 12:36 . 2010-07-15 12:36 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{F86F1C4A-EC60-4322-A6A6-D1E54E74431A}2010-07-15 02:20 . 2010-07-15 02:20 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{9C3E3513-900B-4409-A921-55943022A3B7}2010-07-15 01:30 . 2010-07-15 01:30 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{31D4BC33-4D65-4D41-81ED-7F5FDA55AE1B}2010-07-14 01:35 . 2010-07-14 01:35 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{368CA09E-9A2E-41DA-8949-AAEFAA8F4A12}2010-07-13 21:16 . 2010-07-13 21:16 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{FD2BCA66-0E35-47C6-88F6-84EDEA23D963}2010-07-13 01:38 . 2010-07-13 01:38 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{01A7BF56-9FEF-474A-92FD-BD606DB4C259}2010-07-12 23:24 . 2010-07-12 23:24 -------- d-----w- c:\documents and settings\Alli\Local Settings\Application Data\{5FA9B664-551E-4A84-B40E-21A2DCCB7A3C}2010-07-12 01:40 . 2010-07-12 01:40 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{CD5C45A2-85DF-4EAA-A6F7-62AA8F41C4F0}2010-07-11 22:28 . 2010-07-18 17:25 664 ----a-w- c:\windows\system32\d3d9caps.dat2010-07-11 21:28 . 2010-07-11 21:28 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{10223AA0-7184-420B-BFF7-C6DA251FD68D}2010-07-11 21:22 . 2010-07-11 21:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2010-07-11 21:10 . 2010-07-11 21:10 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\{186490D6-73FE-41BA-9C09-7A9C3C17E83E}.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-24 21:12 . 2008-03-05 01:59 -------- d-----w- c:\program files\Symantec AntiVirus2010-07-23 22:03 . 2009-02-11 03:33 -------- d-----w- c:\program files\Mozilla Thunderbird2010-07-12 01:39 . 2009-01-02 01:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-02 23:42 . 2008-02-29 03:43 23272 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-07-02 23:41 . 2010-05-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\MyPoiWorld2010-06-14 14:31 . 2008-02-28 04:09 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe2010-06-07 22:08 . 2010-06-07 22:08 -------- d-----w- c:\documents and settings\Alli\Application Data\ImgBurn2010-06-07 21:35 . 2008-02-28 07:10 -------- d-----w- c:\program files\Microsoft Silverlight2010-05-23 18:07 . 2008-02-28 06:18 23272 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-05-06 10:41 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2010-05-02 05:22 . 2001-08-23 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys2010-04-29 20:39 . 2010-03-26 02:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-29 20:39 . 2010-03-26 02:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys.(((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))).--- C:\Mary Kay - Your Can Do It! Auri's Formula.bin ---Company: ------File Description: ------File Version: ------Product Name: ------Copyright: ------Original Filename: ------File size: 317943360Created time: 2010-07-20 01:41Modified time: 2010-07-20 01:47MD5: D71837B7720BA5962A47695104299F38SHA1: EA36465AAEB0D7D6424CF61D8797A6171BC1EBF9--- c:\windows\Iqiciqefameteqar.dat ---Company: ------File Description: ------File Version: ------Product Name: ------Copyright: ------Original Filename: ------File size: 120Created time: 2010-07-11 21:10Modified time: 2010-07-23 13:38MD5: 8EFEABDEEC3DE81C3DC42A2801DDF461SHA1: 02F1032B36B1546AF5815CD03BEFD0AA5A09B008--- c:\windows\system32\d3d9caps.dat ---Company: ------File Description: ------File Version: ------Product Name: ------Copyright: ------Original Filename: ------File size: 664Created time: 2010-07-11 22:28Modified time: 2010-07-18 17:25MD5: 12C1FE01D375F4C52C8905E1579B82E6SHA1: A1461AB29690EEF157123527E72401DB3F3502E7--- c:\windows\Wlipimeq.bin ---Company: ------File Description: ------File Version: ------Product Name: ------Copyright: ------Original Filename: ------File size: 0Created time: 2010-07-11 21:10Modified time: 2010-07-23 13:38MD5: D41D8CD98F00B204E9800998ECF8427ESHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{01A7BF56-9FEF-474A-92FD-BD606DB4C259} ----2010-07-13 01:38 . 2010-07-13 01:38 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{01A7BF56-9FEF-474A-92FD-BD606DB4C259}\chrome\content\_cfg.js2010-07-13 01:38 . 2010-07-13 01:38 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{01A7BF56-9FEF-474A-92FD-BD606DB4C259}\install.rdf2010-07-13 01:38 . 2010-07-13 01:38 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{01A7BF56-9FEF-474A-92FD-BD606DB4C259}\chrome.manifest---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{10223AA0-7184-420B-BFF7-C6DA251FD68D} ----2010-07-11 21:28 . 2010-07-11 21:28 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{10223AA0-7184-420B-BFF7-C6DA251FD68D}\chrome\content\_cfg.js2010-07-11 21:28 . 2010-07-11 21:28 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{10223AA0-7184-420B-BFF7-C6DA251FD68D}\install.rdf2010-07-11 21:28 . 2010-07-11 21:28 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{10223AA0-7184-420B-BFF7-C6DA251FD68D}\chrome.manifest---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{10430322-8456-446F-9CDE-B56CC1A3D11E} ----2010-07-20 14:43 . 2010-07-20 14:43 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{10430322-8456-446F-9CDE-B56CC1A3D11E}\chrome\content\_cfg.js2010-07-20 14:43 . 2010-07-20 14:43 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{10430322-8456-446F-9CDE-B56CC1A3D11E}\install.rdf2010-07-20 14:43 . 2010-07-20 14:43 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{10430322-8456-446F-9CDE-B56CC1A3D11E}\chrome.manifest---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{10C543B8-07C8-436C-9C2B-A736417B04E6} ----2010-07-16 18:54 . 2010-07-16 18:54 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{10C543B8-07C8-436C-9C2B-A736417B04E6}\chrome\content\_cfg.js2010-07-16 18:54 . 2010-07-16 18:54 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{10C543B8-07C8-436C-9C2B-A736417B04E6}\chrome.manifest2010-07-16 18:54 . 2010-07-16 18:54 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{10C543B8-07C8-436C-9C2B-A736417B04E6}\install.rdf---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{1126D8BF-4480-4E38-A7A2-CB6E18EE47AD} ----2010-07-23 13:38 . 2010-07-23 13:38 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{1126D8BF-4480-4E38-A7A2-CB6E18EE47AD}\chrome\content\_cfg.js2010-07-23 13:38 . 2010-07-23 13:38 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{1126D8BF-4480-4E38-A7A2-CB6E18EE47AD}\install.rdf2010-07-23 13:38 . 2010-07-23 13:38 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{1126D8BF-4480-4E38-A7A2-CB6E18EE47AD}\chrome.manifest---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{186490D6-73FE-41BA-9C09-7A9C3C17E83E} ----2010-07-11 21:10 . 2010-07-11 21:10 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{186490D6-73FE-41BA-9C09-7A9C3C17E83E}\chrome\content\_cfg.js2010-07-11 21:10 . 2010-07-11 21:10 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{186490D6-73FE-41BA-9C09-7A9C3C17E83E}\chrome.manifest2010-07-11 21:10 . 2010-07-11 21:10 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{186490D6-73FE-41BA-9C09-7A9C3C17E83E}\install.rdf---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{31D4BC33-4D65-4D41-81ED-7F5FDA55AE1B} ----2010-07-15 01:30 . 2010-07-15 01:30 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{31D4BC33-4D65-4D41-81ED-7F5FDA55AE1B}\chrome\content\_cfg.js2010-07-15 01:30 . 2010-07-15 01:30 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{31D4BC33-4D65-4D41-81ED-7F5FDA55AE1B}\install.rdf2010-07-15 01:30 . 2010-07-15 01:30 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{31D4BC33-4D65-4D41-81ED-7F5FDA55AE1B}\chrome.manifest---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{368CA09E-9A2E-41DA-8949-AAEFAA8F4A12} ----2010-07-14 01:35 . 2010-07-14 01:35 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{368CA09E-9A2E-41DA-8949-AAEFAA8F4A12}\chrome\content\_cfg.js2010-07-14 01:35 . 2010-07-14 01:35 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{368CA09E-9A2E-41DA-8949-AAEFAA8F4A12}\install.rdf2010-07-14 01:35 . 2010-07-14 01:35 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{368CA09E-9A2E-41DA-8949-AAEFAA8F4A12}\chrome.manifest---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{76653D6D-9769-4558-A043-E42290E1858E} ----2010-07-20 00:20 . 2010-07-20 00:20 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{76653D6D-9769-4558-A043-E42290E1858E}\chrome\content\_cfg.js2010-07-20 00:20 . 2010-07-20 00:20 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{76653D6D-9769-4558-A043-E42290E1858E}\install.rdf2010-07-20 00:20 . 2010-07-20 00:20 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{76653D6D-9769-4558-A043-E42290E1858E}\chrome.manifest---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{9C3E3513-900B-4409-A921-55943022A3B7} ----2010-07-15 02:20 . 2010-07-15 02:20 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{9C3E3513-900B-4409-A921-55943022A3B7}\chrome\content\_cfg.js2010-07-15 02:20 . 2010-07-15 02:20 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{9C3E3513-900B-4409-A921-55943022A3B7}\install.rdf2010-07-15 02:20 . 2010-07-15 02:20 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{9C3E3513-900B-4409-A921-55943022A3B7}\chrome.manifest---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{A1B8FBB4-CCDB-4DFD-A253-B4B4DBA8D132} ----2010-07-18 21:22 . 2010-07-18 21:22 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{A1B8FBB4-CCDB-4DFD-A253-B4B4DBA8D132}\chrome\content\_cfg.js2010-07-18 21:22 . 2010-07-18 21:22 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{A1B8FBB4-CCDB-4DFD-A253-B4B4DBA8D132}\install.rdf2010-07-18 21:22 . 2010-07-18 21:22 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{A1B8FBB4-CCDB-4DFD-A253-B4B4DBA8D132}\chrome.manifest---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{A26A6F59-7745-489A-9179-8BBFFDA6BD27} ----2010-07-16 11:01 . 2010-07-16 11:01 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{A26A6F59-7745-489A-9179-8BBFFDA6BD27}\chrome\content\_cfg.js2010-07-16 11:01 . 2010-07-16 11:01 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{A26A6F59-7745-489A-9179-8BBFFDA6BD27}\install.rdf2010-07-16 11:01 . 2010-07-16 11:01 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{A26A6F59-7745-489A-9179-8BBFFDA6BD27}\chrome.manifest---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{CD5C45A2-85DF-4EAA-A6F7-62AA8F41C4F0} ----2010-07-12 01:40 . 2010-07-12 01:40 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{CD5C45A2-85DF-4EAA-A6F7-62AA8F41C4F0}\chrome\content\_cfg.js2010-07-12 01:40 . 2010-07-12 01:40 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{CD5C45A2-85DF-4EAA-A6F7-62AA8F41C4F0}\install.rdf2010-07-12 01:40 . 2010-07-12 01:40 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{CD5C45A2-85DF-4EAA-A6F7-62AA8F41C4F0}\chrome.manifest---- Directory of c:\documents and settings\Alex\Local Settings\Application Data\{F0DD838C-AF0A-4CFB-BCA1-D89959A1C8C0} ----2010-07-16 00:34 . 2010-07-16 00:34 1738 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{F0DD838C-AF0A-4CFB-BCA1-D89959A1C8C0}\chrome\content\_cfg.js2010-07-16 00:34 . 2010-07-16 00:34 744 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{F0DD838C-AF0A-4CFB-BCA1-D89959A1C8C0}\install.rdf2010-07-16 00:34 . 2010-07-16 00:34 122 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\{F0DD838C-AF0A-4CFB-BCA1-D89959A1C8C0}\chrome.manifest---- Directory of c:\documents and settings\Alli\Local Settings\Application Data\{4044F069-5964-47EC-B47F-D9D4A5AF7236} ----2010-07-19 20:51 . 2010-07-19 20:51 1738 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{4044F069-5964-47EC-B47F-D9D4A5AF7236}\chrome\content\_cfg.js2010-07-19 20:51 . 2010-07-19 20:51 744 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{4044F069-5964-47EC-B47F-D9D4A5AF7236}\install.rdf2010-07-19 20:51 . 2010-07-19 20:51 122 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{4044F069-5964-47EC-B47F-D9D4A5AF7236}\chrome.manifest---- Directory of c:\documents and settings\Alli\Local Settings\Application Data\{5FA9B664-551E-4A84-B40E-21A2DCCB7A3C} ----2010-07-12 23:24 . 2010-07-12 23:24 1738 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{5FA9B664-551E-4A84-B40E-21A2DCCB7A3C}\chrome\content\_cfg.js2010-07-12 23:24 . 2010-07-12 23:24 744 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{5FA9B664-551E-4A84-B40E-21A2DCCB7A3C}\install.rdf2010-07-12 23:24 . 2010-07-12 23:24 122 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{5FA9B664-551E-4A84-B40E-21A2DCCB7A3C}\chrome.manifest---- Directory of c:\documents and settings\Alli\Local Settings\Application Data\{730051B9-1188-408F-A8AF-694E9B3AA1E5} ----2010-07-16 21:04 . 2010-07-16 21:04 1738 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{730051B9-1188-408F-A8AF-694E9B3AA1E5}\chrome\content\_cfg.js2010-07-16 21:04 . 2010-07-16 21:04 744 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{730051B9-1188-408F-A8AF-694E9B3AA1E5}\install.rdf2010-07-16 21:04 . 2010-07-16 21:04 122 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{730051B9-1188-408F-A8AF-694E9B3AA1E5}\chrome.manifest---- Directory of c:\documents and settings\Alli\Local Settings\Application Data\{F86F1C4A-EC60-4322-A6A6-D1E54E74431A} ----2010-07-15 12:36 . 2010-07-15 12:36 1738 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{F86F1C4A-EC60-4322-A6A6-D1E54E74431A}\chrome\content\_cfg.js2010-07-15 12:36 . 2010-07-15 12:36 744 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{F86F1C4A-EC60-4322-A6A6-D1E54E74431A}\install.rdf2010-07-15 12:36 . 2010-07-15 12:36 122 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{F86F1C4A-EC60-4322-A6A6-D1E54E74431A}\chrome.manifest---- Directory of c:\documents and settings\Alli\Local Settings\Application Data\{FD2BCA66-0E35-47C6-88F6-84EDEA23D963} ----2010-07-13 21:16 . 2010-07-13 21:16 1738 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{FD2BCA66-0E35-47C6-88F6-84EDEA23D963}\chrome\content\_cfg.js2010-07-13 21:16 . 2010-07-13 21:16 744 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{FD2BCA66-0E35-47C6-88F6-84EDEA23D963}\install.rdf2010-07-13 21:16 . 2010-07-13 21:16 122 ----a-w- c:\documents and settings\Alli\Local Settings\Application Data\{FD2BCA66-0E35-47C6-88F6-84EDEA23D963}\chrome.manifest---- Directory of c:\documents and settings\NetworkService\IETldCache ----2010-07-11 21:22 . 2010-07-20 14:49 16384 --sha-w- c:\documents and settings\NetworkService\IETldCache\index.dat---- Directory of c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe ----2010-07-18 17:25 . 2010-07-18 17:25 7979 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\AcroFnt08.lst2010-07-16 08:45 . 2010-07-16 08:45 25322 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe\Color\ACECache6.lst((((((((((((((((((((((((((((( SnapShot@2010-07-23_14.43.52 ))))))))))))))))))))))))))))))))))))))))).+ 2010-07-24 20:27 . 2010-07-24 20:27 16384 c:\windows\temp\Perflib_Perfdata_1b4.dat- 2010-05-13 23:19 . 2010-06-11 22:42 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe+ 2010-05-13 23:19 . 2010-07-23 22:53 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe- 2010-05-13 23:19 . 2010-06-11 22:42 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe+ 2010-05-13 23:19 . 2010-07-23 22:53 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe- 2010-05-13 23:19 . 2010-06-11 22:42 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe+ 2010-05-13 23:19 . 2010-07-23 22:53 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe- 2010-05-13 23:19 . 2010-06-11 22:42 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe+ 2010-05-13 23:19 . 2010-07-23 22:53 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe+ 2010-05-13 23:19 . 2010-07-23 22:53 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe- 2010-05-13 23:19 . 2010-06-11 22:42 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe+ 2001-08-23 12:00 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\tcpip.sys- 2008-06-20 11:51 . 2010-01-09 03:28 361600 c:\windows\system32\dllcache\TCPIP.SYS- 2010-05-13 23:19 . 2010-06-11 22:42 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe+ 2010-05-13 23:19 . 2010-07-23 22:53 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe- 2010-05-13 23:19 . 2010-06-11 22:42 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe+ 2010-05-13 23:19 . 2010-07-23 22:53 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe- 2010-05-13 23:19 . 2010-06-11 22:42 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe+ 2010-05-13 23:19 . 2010-07-23 22:53 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe- 2010-05-13 23:19 . 2010-06-11 22:42 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe+ 2010-05-13 23:19 . 2010-07-23 22:53 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe+ 2010-05-25 16:45 . 2010-05-25 16:45 8445440 c:\windows\Installer\34dc3b.msp+ 2010-07-01 03:52 . 2010-07-01 03:52 5522944 c:\windows\Installer\34dc29.msp+ 2008-02-28 05:42 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2005-11-15 85744]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkbackup=c:\windows\pss\Windows Search.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]2006-11-14 06:25 363008 ----a-r- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]2006-10-30 12:44 1953792 ------r- c:\windows\system32\JMRaidSetup.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]2006-10-30 12:44 36864 ------r- c:\windows\JM\JMInsIDE.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPoi Monitor]2010-03-26 21:10 2114808 ----a-w- c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]2006-02-17 17:40 270336 ----a-w- c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]2009-05-01 05:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]2009-05-01 05:30 86016 ----a-w- c:\windows\system32\nvmctray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2009-03-09 10:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"iPod Service"=3 (0x3)"Apple Mobile Device"=2 (0x2)"nSvcLog"=2 (0x2)"nSvcIp"=2 (0x2)"ForcewareWebInterface"=2 (0x2)"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)"Bonjour Service"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\BitTorrent\\bittorrent.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Documents and Settings\\Alex\\Desktop\\ksd\\C1KSD\\C1KSD.exe"="c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\MyPoi Manager\\MyPoiManager.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundEchoRequest"= 1 (0x1)R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/25/2010 9:35 PM 304464]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 8:36 PM 102448]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/25/2010 9:35 PM 20952]S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [11/3/2005 11:52 AM 136832]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 2:27 PM 169200][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder2010-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]..------- Supplementary Scan -------.uStart Page = hxxp://pirate4x4.com/forum/usercp.phpuInternet Settings,ProxyServer = http=127.0.0.1:5555IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000LSP: %SYSTEMROOT%\system32\nvappfilter.dllTCP: {5CF3239D-C0CB-499F-A206-0DCAE33841B0} = 68.87.85.102,68.87.69.150DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-07-24 16:24Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'lsass.exe'(1220)c:\windows\system32\nvappfilter.dll.Completion time: 2010-07-24 16:28:02ComboFix-quarantined-files.txt 2010-07-24 21:27ComboFix2.txt 2010-07-23 14:49ComboFix3.txt 2009-03-08 05:26Pre-Run: 36,175,364,096 bytes freePost-Run: 36,264,775,680 bytes free- - End Of File - - B0662F1B356112D6E796175C05AD8147Upload was successful Link to post Share on other sites More sharing options...
Staff screen317 Posted July 24, 2010 Staff ID:289859 Share Posted July 24, 2010 Hi,Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.Click Start Scanning.You should get a notification bar (on top) to install the ActiveX control. Click on it and select to install the ActiveX.Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.In case you are having problems with installing the ActiveX/starting the scan, please read here.Click the Full System Scan button.It will start to download scanner components and databases. This can take a while.The main scan will start.Once the scan has finished scanning, click the Automatic cleaning (recommended) buttonIt could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.The cleaning can take a while, so please be patient.Then click the Show report button and Copy/Paste what is present under results in your next reply.Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
bigugly Posted July 25, 2010 Author ID:289899 Share Posted July 25, 2010 Computer name: BIGUGLYScanning type: Scan system for malware, spyware and rootkitsTarget: C:\ --------------------------------------------------------------------------------20 malware foundTrackingCookie.Questionmarket (spyware) System (Disinfected) TrackingCookie.Adinterax (spyware) System (Disinfected) TrackingCookie.Advertising (spyware) System (Disinfected) TrackingCookie.Atdmt (spyware) System (Disinfected) TrackingCookie.Adtech (spyware) System (Disinfected) TrackingCookie.Doubleclick (spyware) System (Disinfected) TrackingCookie.Revsci (spyware) System (Disinfected) TrackingCookie.Specificclick (spyware) System (Disinfected) TrackingCookie.Clickbank (spyware) System (Disinfected) TrackingCookie.Zanox (spyware) System (Disinfected) TrackingCookie.Adrevolver (spyware) System (Disinfected) TrackingCookie.Adbrite (spyware) System (Disinfected) TrackingCookie.Xiti (spyware) System (Disinfected) TrackingCookie.Webtrends (spyware) System (Disinfected) TrackingCookie.Mediaplex (spyware) System (Disinfected) TrackingCookie.Tradedoubler (spyware) System (Disinfected) TrackingCookie.Statcounter (spyware) System (Disinfected) TrackingCookie.Instadia (spyware) System (Disinfected) TrackingCookie.Atwola (spyware) System (Disinfected) TrackingCookie.Yieldmanager (spyware) System (Disinfected) --------------------------------------------------------------------------------StatisticsScanned: Files: 101173 System: 7278 Not scanned: 11 Actions: Disinfected: 20 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned:C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\SYSTEM VOLUME INFORMATION\_RESTORE{30432606-714F-46FE-B32D-C17BCFB24738}\RP679\A0127450.SYS C:\SYSTEM VOLUME INFORMATION\_RESTORE{30432606-714F-46FE-B32D-C17BCFB24738}\RP679\A0127502.DLL C:\DOCUMENTS AND SETTINGS\ALEX\LOCAL SETTINGS\TEMP\HSPERFDATA_ALEX\2720 --------------------------------------------------------------------------------OptionsScanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristicssecurity check: Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Symantec AntiVirus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner (remove only) Java 6 Update 13 Out of date Java installed! Adobe Flash Player Adobe Reader 8.2.3 Out of date Adobe Reader installed! Mozilla Thunderbird (3.0.4) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Symantec AntiVirus DefWatch.exe Symantec AntiVirus Rtvscan.exe Alex LOCALS~1 Temp OnlineScanner\Anti-Virus\fsgk32.exe Alex LOCALS~1 Temp OnlineScanner\Anti-Virus\fssm32.exe Alex LOCALS~1 Temp fsonlinescanner.exe ````````````````````````````````DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` once again thanks! Link to post Share on other sites More sharing options...
bigugly Posted July 25, 2010 Author ID:290078 Share Posted July 25, 2010 hello-malwarebytes is not picking up anything - here is my log-Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4345Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187027/25/2010 2:05:07 AMmbam-log-2010-07-25 (02-05-07).txtScan type: Full scan (C:\|)Objects scanned: 421232Time elapsed: 3 hour(s), 59 minute(s), 45 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)but my symantic corporate edition picks "backdoor.tidserv!inf" as a file name of "a0127450.sys"i have "cleaned" them using symantic, but ill have to wait a day or so to see if they pop back up as "caught" by symantic Link to post Share on other sites More sharing options...
Staff screen317 Posted July 25, 2010 Staff ID:290271 Share Posted July 25, 2010 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):Java Link to post Share on other sites More sharing options...
bigugly Posted July 29, 2010 Author ID:292128 Share Posted July 29, 2010 so far- so good. Link to post Share on other sites More sharing options...
Staff screen317 Posted July 30, 2010 Staff ID:292726 Share Posted July 30, 2010 Hi,Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:1) It is vital that you have a firewall. The one that comes with Windows XP is not sufficient in that it only checks incoming data. I recommend selecting one of the following free firewalls. Be sure to only install one.Sunbelt Personal FirewallComodoOutpost2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE.7) Be sure to update your Antivirus and Antispyware programs often!Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?Safe surfing,-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted August 5, 2010 Staff ID:296281 Share Posted August 5, 2010 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts