FFF Posted July 24, 2010 ID:289514 Share Posted July 24, 2010 Hello,I was following the directions to get information so that i can have help in eliminating a redirect virus. I already have malware on my computer as well as symantec antivirus and my computer is set up to do automatic updates. When I got to the stepof running gmer I got the "Windows has encountered an error and GMER cannot run. Do you want to report this error. mpcmwe6e1.exe has encountered a problm. When I went to run the GMER it skipped the first several steps and went straight to the "Then click the scan button and wait for it to finish step. So I am guessing I have this on my computer already?DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 6:52:24.12 on Sat 07/24/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.5.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1817 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Microsoft Office\Office12\WINWORD.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q853B75H\dds[1].scr============== Pseudo HJT Report ===============uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Brandon&state=MS&site=JAN&textField1=32.2805&textField2=-90.0038&e=0uInternet Settings,ProxyServer = http=127.0.0.1:5577uInternet Settings,ProxyOverride = <local>mWinlogon: Userinit=c:\windows\system32\userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dlluRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.nabiscoworld.com/games/game_large.aspx?gameid=10036"mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exemRun: [Mixersel] c:\program files\realtek\installshield\mixersel.exemRun: [soundMan] SOUNDMAN.EXEmRun: [AlcWzrd] ALCWZRD.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [vptray] c:\progra~1\symant~1\VPTray.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Tberacufotizici] rundll32.exe "c:\windows\acufozuz.dll",StartupdRun: [gukxppaf] c:\documents and settings\networkservice\local settings\application data\cqepqxxsw\iacnhuptssd.exedRunOnce: [RunNarrator] Narrator.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabFilter: text/html - {2432e172-59a1-4a73-96c4-fcb0fba2c84f} - Notify: igfxcui - igfxsrvc.dllNotify: NavLogon - c:\windows\system32\NavLogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll============= SERVICES / DRIVERS ===============R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100723.002\naveng.sys [2010-7-23 85424]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100723.002\navex15.sys [2010-7-23 1362608]S0 ftnwj;ftnwj; [x]S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\d.tmp --> c:\windows\system32\D.tmp [?]S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]=============== Created Last 30 ================2010-07-24 11:50:50 0 ----a-w- c:\documents and settings\owner\defogger_reenable2010-07-08 13:52:46 664 ----a-w- c:\windows\system32\d3d9caps.dat==================== Find3M ====================2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys2010-03-23 20:40:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010032320100324\index.dat2010-04-24 04:16:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010042320100424\index.dat============= FINISH: 6:53:28.22 ===============UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 7/25/2009 12:37:01 PMSystem Uptime: 7/18/2010 8:53:18 PM (130 hours ago)Motherboard: Intel Corporation | | D915GAGProcessor: Intel® Pentium® 4 CPU 2.93GHz | | 2933/133mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 186 GiB total, 166.392 GiB free.D: is CDROM ()E: is RemovableF: is RemovableG: is RemovableH: is Removable==== Disabled Device Manager Items ================= System Restore Points ===================RP266: 4/25/2010 6:28:03 AM - Software Distribution Service 3.0RP267: 4/26/2010 7:42:13 AM - System CheckpointRP268: 4/27/2010 8:12:06 AM - System CheckpointRP269: 4/28/2010 10:11:00 AM - System CheckpointRP270: 4/30/2010 8:04:11 AM - System CheckpointRP271: 5/1/2010 10:00:02 AM - System CheckpointRP272: 5/2/2010 11:01:03 AM - System CheckpointRP273: 5/3/2010 7:15:19 PM - System CheckpointRP274: 5/4/2010 7:30:12 PM - System CheckpointRP275: 5/6/2010 12:23:56 AM - System CheckpointRP276: 5/8/2010 8:18:57 AM - System CheckpointRP277: 5/9/2010 12:44:46 PM - System CheckpointRP278: 5/10/2010 10:04:49 PM - System CheckpointRP279: 5/12/2010 7:21:07 AM - System CheckpointRP280: 5/12/2010 8:25:46 AM - Software Distribution Service 3.0RP281: 5/13/2010 8:44:12 AM - System CheckpointRP282: 5/14/2010 9:58:38 AM - System CheckpointRP283: 5/15/2010 10:05:54 AM - System CheckpointRP284: 5/16/2010 1:57:34 PM - System CheckpointRP285: 5/17/2010 11:14:54 PM - System CheckpointRP286: 5/18/2010 11:06:15 PM - Installed Java 6 Update 20RP287: 5/20/2010 5:23:15 AM - System CheckpointRP288: 5/21/2010 7:32:24 AM - System CheckpointRP289: 5/22/2010 11:10:37 AM - System CheckpointRP290: 5/23/2010 1:29:21 PM - System CheckpointRP291: 5/25/2010 6:14:41 AM - System CheckpointRP292: 5/26/2010 7:35:41 AM - System CheckpointRP293: 5/27/2010 7:41:34 AM - Software Distribution Service 3.0RP294: 5/28/2010 11:50:07 AM - System CheckpointRP295: 5/29/2010 12:55:11 PM - System CheckpointRP296: 5/30/2010 8:32:11 PM - System CheckpointRP297: 5/31/2010 10:39:09 PM - System CheckpointRP298: 6/2/2010 12:02:27 AM - System CheckpointRP299: 6/3/2010 7:22:02 AM - System CheckpointRP300: 6/4/2010 8:19:16 AM - System CheckpointRP301: 6/5/2010 9:13:18 AM - System CheckpointRP302: 6/6/2010 9:55:45 AM - System CheckpointRP303: 6/7/2010 11:16:56 AM - System CheckpointRP304: 6/8/2010 12:10:36 PM - System CheckpointRP305: 6/9/2010 9:18:01 AM - Software Distribution Service 3.0RP306: 6/10/2010 11:56:13 AM - System CheckpointRP307: 6/11/2010 12:53:46 PM - System CheckpointRP308: 6/12/2010 1:51:55 PM - System CheckpointRP309: 6/13/2010 3:32:25 PM - System CheckpointRP310: 6/14/2010 4:45:03 PM - System CheckpointRP311: 6/15/2010 7:19:17 PM - System CheckpointRP312: 6/16/2010 8:39:29 PM - System CheckpointRP313: 6/17/2010 9:26:46 PM - System CheckpointRP314: 6/19/2010 12:41:43 AM - System CheckpointRP315: 6/20/2010 8:13:27 AM - System CheckpointRP316: 6/21/2010 2:57:35 PM - System CheckpointRP317: 6/22/2010 4:39:28 PM - System CheckpointRP318: 6/23/2010 5:17:09 PM - System CheckpointRP319: 6/24/2010 7:22:07 AM - Software Distribution Service 3.0RP320: 6/25/2010 10:45:13 AM - System CheckpointRP321: 6/26/2010 11:30:08 AM - System CheckpointRP322: 6/27/2010 1:21:53 PM - System CheckpointRP323: 6/28/2010 2:29:46 PM - System CheckpointRP324: 6/29/2010 4:21:35 PM - System CheckpointRP325: 6/30/2010 8:00:28 PM - System CheckpointRP326: 7/1/2010 9:14:37 PM - System CheckpointRP327: 7/4/2010 9:10:13 PM - System CheckpointRP328: 7/5/2010 10:45:28 PM - System CheckpointRP329: 7/7/2010 7:47:19 AM - System CheckpointRP330: 7/8/2010 8:01:08 AM - System CheckpointRP331: 7/9/2010 10:10:58 AM - System CheckpointRP332: 7/10/2010 12:28:12 PM - System CheckpointRP333: 7/11/2010 12:30:43 PM - System CheckpointRP334: 7/11/2010 7:23:32 PM - Restore OperationRP335: 7/11/2010 8:09:10 PM - Restore OperationRP336: 7/12/2010 8:11:37 PM - System CheckpointRP337: 7/13/2010 9:19:56 PM - System CheckpointRP338: 7/15/2010 12:50:28 AM - System CheckpointRP339: 7/16/2010 1:41:58 AM - System CheckpointRP340: 7/17/2010 9:27:30 AM - System CheckpointRP341: 7/18/2010 10:21:23 AM - System CheckpointRP342: 7/19/2010 10:21:39 AM - System CheckpointRP343: 7/20/2010 11:10:37 AM - System CheckpointRP344: 7/21/2010 11:20:10 AM - System CheckpointRP345: 7/22/2010 11:57:48 AM - System CheckpointRP346: 7/23/2010 12:31:58 PM - System Checkpoint==== Installed Programs ======================2007 Microsoft Office Suite Service Pack 1 (SP1)Acrobat.comAdobe AIRAdobe Flash Player 10 ActiveXAdobe Reader 9.3.3Adobe Shockwave Player 11.5Apple Software UpdateCanon MP Navigator EX 1.2Canon MP190 series MP DriversCanon MP190 series User RegistrationCanon My PrinterCanon Utilities Easy-PhotoPrint EXCanon Utilities Solution MenuCompatibility Pack for the 2007 Office systemCritical Update for Windows Media Player 11 (KB959772)DeductionPro 2009GoToMeeting 4.1.0.366H&R Block Mississippi 2009H&R Block Premium + Efile + State 2009High Definition Audio Driver Package - KB835221Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Intel® Graphics Media Accelerator DriverIntel® PRO Network Adapters and DriversIntel® PROSet for Wired ConnectionsJ2SE Runtime Environment 5.0 Update 13Java Auto UpdaterJava 6 Update 20LiveUpdate 3.1 (Symantec Corporation)Malwarebytes' Anti-MalwareMetaFrame Presentation Server Web Client for Win32Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Digital Image Library 9 - BlockerMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional Plus 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Picture It! Library 10Microsoft Picture It! Premium 10Microsoft Software Update for Web Folders (English) 12Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Windows XP Video Decoder Checkup UtilityMove Media PlayerMSXML 6 Service Pack 2 (KB973686)PrimoPDF -- brought to you by Nitro PDF SoftwareQuickTimeRealPlayerRealtek High Definition Audio DriverSecurity Update for Windows Internet Explorer 7 (KB938127-v2)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB972260)Security Update for Windows Internet Explorer 7 (KB974455)Security Update for Windows Internet Explorer 7 (KB976325)Security Update for Windows Internet Explorer 7 (KB978207)Security Update for Windows Internet Explorer 7 (KB982381)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB936782)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969897)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB981349)Snapshot ViewerSoft Data Fax Modem with SmartCPSophos Anti-Rootkit 1.5.0Spelling Dictionaries Support For Adobe Reader 9Symantec AntiVirusUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 7 (KB976749)Update for Windows Internet Explorer 7 (KB980182)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VLC media player 0.9.2WebFldrs XPWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Internet Explorer 7Windows Media Format 11 runtimeWindows Media Player 11Windows XP Service Pack 3Yahoo! BrowserPlus 2.9.2==== Event Viewer Messages From Past Week ========7/18/2010 8:54:13 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.7/18/2010 8:54:13 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.==== End Of File ===========================Thank you Link to post Share on other sites More sharing options...
Kenny94 Posted July 24, 2010 ID:289541 Share Posted July 24, 2010 Hi FFF And Welcome to Malwarebytes Forum!Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.---------------------------------------------------------------------------------------------Download TDSSKiller and save it to your Desktop.Right click on the file and choose extract all extract the file to your desktop then run it.If prompted to restart the computer type in Y then it will restart.Or if you are prompted with a hidden service warning do go ahead and delete it.Once completed it will create a log in your C:\ drivePlease post the contents of that log========Download ComboFix from one of these locations:Link 1Link 2====================================================================== Download ComboFix from below:Combofix download* IMPORTANT !!! Place combofix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on combofix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:The Recovery Console was successfully installed.Click on Yes, to continue scanning for malware.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply with TDSSKiller log.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.--------------------------------------------------------------------------------------------- Link to post Share on other sites More sharing options...
Kenny94 Posted July 29, 2010 ID:292062 Share Posted July 29, 2010 Hi FFF Lets run TDSSKiller and ComboFix. Link to post Share on other sites More sharing options...
FFF Posted July 29, 2010 Author ID:292084 Share Posted July 29, 2010 Hi FFF Lets run TDSSKiller and ComboFix.Thanks,I ran these programs and here are the logs. I no longer seem to have the redirect virus but my symantec just quarantined another trojan horse virus. Where am I getting these things?2010/07/27 21:17:53.0393 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:492010/07/27 21:17:53.0393 ================================================================================2010/07/27 21:17:53.0393 SystemInfo:2010/07/27 21:17:53.0393 2010/07/27 21:17:53.0393 OS Version: 5.1.2600 ServicePack: 3.02010/07/27 21:17:53.0393 Product type: Workstation2010/07/27 21:17:53.0393 ComputerName: OWNER-2B17507322010/07/27 21:17:53.0393 UserName: Owner2010/07/27 21:17:53.0393 Windows directory: C:\WINDOWS2010/07/27 21:17:53.0393 System windows directory: C:\WINDOWS2010/07/27 21:17:53.0393 Processor architecture: Intel x862010/07/27 21:17:53.0393 Number of processors: 12010/07/27 21:17:53.0393 Page size: 0x10002010/07/27 21:17:53.0393 Boot type: Normal boot2010/07/27 21:17:53.0393 ================================================================================2010/07/27 21:17:53.0518 Initialize success2010/07/27 21:17:56.0330 ================================================================================2010/07/27 21:17:56.0330 Scan started2010/07/27 21:17:56.0330 Mode: Manual;2010/07/27 21:17:56.0330 ================================================================================2010/07/27 21:17:57.0596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2010/07/27 21:17:57.0643 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2010/07/27 21:17:57.0705 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2010/07/27 21:17:57.0768 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys2010/07/27 21:17:57.0877 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys2010/07/27 21:17:57.0955 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2010/07/27 21:17:57.0986 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2010/07/27 21:17:58.0018 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2010/07/27 21:17:58.0080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2010/07/27 21:17:58.0127 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2010/07/27 21:17:58.0174 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2010/07/27 21:17:58.0236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2010/07/27 21:17:58.0283 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2010/07/27 21:17:58.0314 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2010/07/27 21:17:58.0439 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2010/07/27 21:17:58.0830 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2010/07/27 21:17:58.0861 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2010/07/27 21:17:58.0877 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2010/07/27 21:17:58.0908 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2010/07/27 21:17:58.0955 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2010/07/27 21:17:59.0002 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys2010/07/27 21:17:59.0080 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys2010/07/27 21:17:59.0143 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys2010/07/27 21:17:59.0205 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2010/07/27 21:17:59.0236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys2010/07/27 21:17:59.0268 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2010/07/27 21:17:59.0299 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys2010/07/27 21:17:59.0346 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys2010/07/27 21:17:59.0393 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2010/07/27 21:17:59.0424 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2010/07/27 21:17:59.0486 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2010/07/27 21:17:59.0533 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys2010/07/27 21:17:59.0627 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys2010/07/27 21:17:59.0674 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2010/07/27 21:17:59.0736 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys2010/07/27 21:17:59.0799 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys2010/07/27 21:17:59.0861 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys2010/07/27 21:17:59.0924 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2010/07/27 21:17:59.0986 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2010/07/27 21:18:00.0033 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys2010/07/27 21:18:00.0080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2010/07/27 21:18:00.0205 IntcAzAudAddService (1ed9ac45c69e650d4f12d1114132622b) C:\WINDOWS\system32\drivers\RtkHDAud.sys2010/07/27 21:18:00.0268 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys2010/07/27 21:18:00.0299 intelppm (9fd96f57a1b40af0b6ff3d68593b7c19) C:\WINDOWS\system32\DRIVERS\intelppm.sys2010/07/27 21:18:00.0299 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: 9fd96f57a1b40af0b6ff3d68593b7c19, Fake md5: 8c953733d8f36eb2133f5bb58808b66b2010/07/27 21:18:00.0299 intelppm - detected Rootkit.Win32.TDSS.tdl3 (0)2010/07/27 21:18:00.0346 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys2010/07/27 21:18:00.0393 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2010/07/27 21:18:00.0424 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2010/07/27 21:18:00.0455 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2010/07/27 21:18:00.0486 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2010/07/27 21:18:00.0518 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2010/07/27 21:18:00.0549 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2010/07/27 21:18:00.0580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2010/07/27 21:18:00.0611 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys2010/07/27 21:18:00.0658 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys2010/07/27 21:18:00.0689 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2010/07/27 21:18:00.0736 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2010/07/27 21:18:00.0799 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys2010/07/27 21:18:00.0846 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2010/07/27 21:18:00.0893 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2010/07/27 21:18:00.0924 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2010/07/27 21:18:00.0986 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys2010/07/27 21:18:01.0018 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2010/07/27 21:18:01.0049 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2010/07/27 21:18:01.0111 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2010/07/27 21:18:01.0127 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2010/07/27 21:18:01.0158 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2010/07/27 21:18:01.0189 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2010/07/27 21:18:01.0221 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2010/07/27 21:18:01.0268 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2010/07/27 21:18:01.0299 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2010/07/27 21:18:01.0408 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100727.005\naveng.sys2010/07/27 21:18:01.0471 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100727.005\navex15.sys2010/07/27 21:18:01.0518 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2010/07/27 21:18:01.0564 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2010/07/27 21:18:01.0596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2010/07/27 21:18:01.0627 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2010/07/27 21:18:01.0658 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys2010/07/27 21:18:01.0705 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2010/07/27 21:18:01.0721 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2010/07/27 21:18:01.0752 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys2010/07/27 21:18:01.0783 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2010/07/27 21:18:01.0814 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2010/07/27 21:18:01.0861 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2010/07/27 21:18:01.0893 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2010/07/27 21:18:01.0924 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2010/07/27 21:18:01.0955 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2010/07/27 21:18:01.0971 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys2010/07/27 21:18:02.0002 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2010/07/27 21:18:02.0018 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2010/07/27 21:18:02.0049 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2010/07/27 21:18:02.0080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2010/07/27 21:18:02.0111 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys2010/07/27 21:18:02.0252 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2010/07/27 21:18:02.0268 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2010/07/27 21:18:02.0314 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2010/07/27 21:18:02.0424 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2010/07/27 21:18:02.0439 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2010/07/27 21:18:02.0471 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2010/07/27 21:18:02.0502 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2010/07/27 21:18:02.0533 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2010/07/27 21:18:02.0549 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2010/07/27 21:18:02.0580 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys2010/07/27 21:18:02.0643 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2010/07/27 21:18:02.0674 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys2010/07/27 21:18:02.0736 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys2010/07/27 21:18:02.0752 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys2010/07/27 21:18:02.0814 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2010/07/27 21:18:02.0861 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys2010/07/27 21:18:02.0893 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys2010/07/27 21:18:02.0924 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2010/07/27 21:18:03.0018 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys2010/07/27 21:18:03.0064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2010/07/27 21:18:03.0111 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2010/07/27 21:18:03.0143 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys2010/07/27 21:18:03.0174 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2010/07/27 21:18:03.0205 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2010/07/27 21:18:03.0283 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS2010/07/27 21:18:03.0330 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS2010/07/27 21:18:03.0361 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS2010/07/27 21:18:03.0455 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2010/07/27 21:18:03.0502 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2010/07/27 21:18:03.0533 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2010/07/27 21:18:03.0564 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2010/07/27 21:18:03.0596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2010/07/27 21:18:03.0658 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2010/07/27 21:18:03.0736 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2010/07/27 21:18:03.0783 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2010/07/27 21:18:03.0814 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2010/07/27 21:18:03.0846 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2010/07/27 21:18:03.0877 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2010/07/27 21:18:03.0908 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2010/07/27 21:18:03.0924 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2010/07/27 21:18:03.0955 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2010/07/27 21:18:03.0986 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2010/07/27 21:18:04.0033 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2010/07/27 21:18:04.0064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2010/07/27 21:18:04.0111 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2010/07/27 21:18:04.0189 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys2010/07/27 21:18:04.0252 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys2010/07/27 21:18:04.0268 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2010/07/27 21:18:04.0299 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys2010/07/27 21:18:04.0330 ================================================================================2010/07/27 21:18:04.0330 Scan finished2010/07/27 21:18:04.0330 ================================================================================2010/07/27 21:18:04.0346 Detected object count: 12010/07/27 21:18:55.0643 intelppm (9fd96f57a1b40af0b6ff3d68593b7c19) C:\WINDOWS\system32\DRIVERS\intelppm.sys2010/07/27 21:18:55.0643 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: 9fd96f57a1b40af0b6ff3d68593b7c19, Fake md5: 8c953733d8f36eb2133f5bb58808b66b2010/07/27 21:18:56.0314 Backup copy found, using it..2010/07/27 21:18:56.0346 C:\WINDOWS\system32\DRIVERS\intelppm.sys - will be cured after reboot2010/07/27 21:18:56.0346 Rootkit.Win32.TDSS.tdl3(intelppm) - User select action: Cure2010/07/27 21:19:02.0299 Deinitialize successand here is the other one:ComboFix 10-07-27.01 - Owner 07/27/2010 21:39:11.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1982 [GMT -5:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Owner\g2mdlhlpx.exec:\documents and settings\Owner\Local Settings\Temporary Internet Files\A0lAxB.jpgc:\documents and settings\Owner\Local Settings\Temporary Internet Files\A3m7aBx.jpgc:\documents and settings\Owner\Local Settings\Temporary Internet Files\aO0y3.jpgc:\documents and settings\Owner\Local Settings\Temporary Internet Files\B53b0a.jpgc:\documents and settings\Owner\Recent\Thumbs.dbc:\program files\Internet Explorer\Plugins\npqtplugin2.dllc:\program files\Internet Explorer\PLUGINS\npqtplugin3.dllc:\program files\Internet Explorer\Plugins\npqtplugin4.dllc:\program files\Internet Explorer\PLUGINS\npqtplugin5.dllc:\program files\Internet Explorer\PLUGINS\npqtplugin6.dllc:\program files\Internet Explorer\PLUGINS\npqtplugin7.dllc:\program files\QuickTime\Plugins\npqtplugin2.dllc:\program files\QuickTime\Plugins\npqtplugin3.dllc:\program files\QuickTime\Plugins\npqtplugin4.dllc:\program files\QuickTime\Plugins\npqtplugin5.dllc:\program files\QuickTime\Plugins\npqtplugin6.dllc:\program files\QuickTime\Plugins\npqtplugin7.dllc:\program files\Sharedc:\windows\acufozuz.dll.((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 ))))))))))))))))))))))))))))))).2010-07-28 02:22 . 2010-07-28 02:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{682C99AA-1B1E-4427-9092-48FC5CF159BF}2010-07-26 16:00 . 2010-07-26 16:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\lbyvcgsmq2010-07-25 06:41 . 2010-07-25 06:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\dyvhvrnwc2010-07-19 10:53 . 2010-07-19 10:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{0FDA65B4-3FEE-4E94-9EC3-C315C8C28519}2010-07-13 23:39 . 2010-07-13 23:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{5BDB6C7C-54D2-48A3-90B9-0EDFF96B1BBA}2010-07-12 11:52 . 2010-07-12 11:52 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{258626A1-FA86-4D19-AD58-B71885453FAD}2010-07-12 01:10 . 2010-07-12 01:10 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{F09D793D-913B-4F52-B5CE-48F93448829C}2010-07-12 00:24 . 2010-07-12 01:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{E82CDC65-D3B4-463B-A56E-85905920E8F1}2010-07-12 00:15 . 2010-07-12 01:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{7C566C15-DBB8-470D-8CD5-F3DCA576CF31}2010-07-11 21:58 . 2010-07-12 01:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{4189BEF2-2767-4294-A7B1-0C8B1EEFE490}2010-07-10 19:18 . 2010-07-12 01:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{C54C6E4A-CA87-4ABD-B130-09AEC372A5A2}2010-07-10 17:09 . 2010-07-12 01:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{19177630-995E-4FA6-8397-8799911C1C7B}2010-07-10 16:28 . 2010-07-12 01:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{F6A2D5D5-1A79-48FF-9A15-5F4A07838DB6}2010-07-10 16:12 . 2010-07-12 01:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{D923AA26-308D-47A4-ADCB-72AECF9B5388}2010-07-10 15:34 . 2010-07-12 01:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{947382DB-39EB-46D6-BF28-547763E3BE3F}2010-07-10 14:37 . 2010-07-10 14:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{B376E164-DF2A-4E7B-9D3C-699FD67AB5CD}2010-07-10 14:15 . 2010-07-10 14:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{09D24B01-9033-4AD1-A656-171EF16C2964}2010-07-10 08:56 . 2010-07-10 15:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\cqepqxxsw2010-07-10 08:54 . 2010-07-10 08:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2010-07-10 04:34 . 2010-07-10 04:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{335C706C-7314-4106-A9DC-8855F895E38C}2010-07-09 13:19 . 2010-07-09 13:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{E3C7DCA5-26A9-4B67-A356-88E0AE2B58C7}2010-07-09 03:38 . 2010-07-09 03:38 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{21F7A5FC-4004-41C2-8C1B-3493ADB664A6}2010-07-08 13:52 . 2010-07-10 08:57 664 ----a-w- c:\windows\system32\d3d9caps.dat2010-07-08 13:42 . 2010-07-08 13:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{77695730-F0FD-491C-8603-A3655CCEEF28}.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-28 02:32 . 2009-07-25 20:37 -------- d-----w- c:\program files\Symantec AntiVirus2010-07-28 02:20 . 2004-08-03 22:59 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys2010-07-10 14:15 . 2010-03-23 20:33 0 ----a-w- c:\windows\Awosuro.dat2010-07-09 11:50 . 2010-03-23 20:33 0 ----a-w- c:\windows\Bjedokimakige.bin2010-06-29 13:21 . 2010-04-07 01:07 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe2010-05-27 21:55 . 2010-05-27 21:55 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-618ca634-n\msvcp71.dll2010-05-27 21:55 . 2010-05-27 21:55 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d0dceae-n\decora-sse.dll2010-05-27 21:55 . 2010-05-27 21:55 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-618ca634-n\jmc.dll2010-05-27 21:55 . 2010-05-27 21:55 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-618ca634-n\msvcr71.dll2010-05-27 21:55 . 2010-05-27 21:55 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d0dceae-n\decora-d3d.dll2010-05-19 04:07 . 2010-05-19 04:07 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4954fdff-n\msvcp71.dll2010-05-19 04:07 . 2010-05-19 04:07 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4954fdff-n\jmc.dll2010-05-19 04:07 . 2010-05-19 04:07 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4954fdff-n\msvcr71.dll2010-05-19 04:07 . 2010-05-19 04:07 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f8f527f-n\decora-sse.dll2010-05-19 04:07 . 2010-05-19 04:07 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f8f527f-n\decora-d3d.dll2010-05-04 17:20 . 2004-08-04 00:56 832512 ----a-w- c:\windows\system32\wininet.dll2010-05-04 17:20 . 2004-08-04 00:56 78336 ----a-w- c:\windows\system32\ieencode.dll2010-05-04 17:20 . 2004-08-04 00:56 17408 ------w- c:\windows\system32\corpol.dll2010-05-02 05:22 . 2004-08-03 23:17 1851264 ----a-w- c:\windows\system32\win32k.sys2010-04-29 20:39 . 2009-07-25 20:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-29 20:39 . 2009-07-25 20:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-03-02 86016]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 61952]"Mixersel"="c:\program files\Realtek\InstallShield\mixersel.exe" [2003-11-11 369664]"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]"AlcWzrd"="ALCWZRD.EXE" [2004-10-22 2744832]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-20 198160]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableNotifications"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 10:11 PM 102448]S0 ftnwj;ftnwj; [x]S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\D.tmp --> c:\windows\system32\D.tmp [?]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]--- Other Services/Drivers In Memory ---*NewlyCreated* - KLMDB*Deregistered* - klmdb.Contents of the 'Scheduled Tasks' folder2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]..------- Supplementary Scan -------.uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Brandon&state=MS&site=JAN&textField1=32.2805&textField2=-90.0038&e=0uInternet Settings,ProxyServer = http=127.0.0.1:5577uInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000.- - - - ORPHANS REMOVED - - - -HKLM-Run-Tberacufotizici - c:\windows\acufozuz.dllSafeBoot-klmdb.sys**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-07-27 21:42Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]"ImagePath"="\??\c:\windows\system32\D.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".Completion time: 2010-07-27 21:44:59ComboFix-quarantined-files.txt 2010-07-28 02:44Pre-Run: 178,967,904,256 bytes freePost-Run: 179,593,535,488 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect- - End Of File - - 83330B8514345F6EA58097A096A9AFD9Fran Link to post Share on other sites More sharing options...
Kenny94 Posted July 31, 2010 ID:293470 Share Posted July 31, 2010 Close any open browsers.Open Notepad by click startClick RunType notepad into the box and click enterNotepad will openCopy and Paste everything from the Code box into Notepad:KILLALL::Folder::c:\documents and settings\Owner\Local Settings\Application Data\{682C99AA-1B1E-4427-9092-48FC5CF159BF}c:\documents and settings\Owner\Local Settings\Application Data\lbyvcgsmqc:\documents and settings\Owner\Local Settings\Application Data\dyvhvrnwcc:\documents and settings\Owner\Local Settings\Application Data\{0FDA65B4-3FEE-4E94-9EC3-C315C8C28519}c:\documents and settings\Owner\Local Settings\Application Data\{5BDB6C7C-54D2-48A3-90B9-0EDFF96B1BBA}c:\documents and settings\Owner\Local Settings\Application Data\{258626A1-FA86-4D19-AD58-B71885453FAD}c:\documents and settings\Owner\Local Settings\Application Data\{F09D793D-913B-4F52-B5CE-48F93448829C}c:\documents and settings\Owner\Local Settings\Application Data\{E82CDC65-D3B4-463B-A56E-85905920E8F1}c:\documents and settings\Owner\Local Settings\Application Data\{7C566C15-DBB8-470D-8CD5-F3DCA576CF31}c:\documents and settings\Owner\Local Settings\Application Data\{4189BEF2-2767-4294-A7B1-0C8B1EEFE490}c:\documents and settings\Owner\Local Settings\Application Data\{C54C6E4A-CA87-4ABD-B130-09AEC372A5A2}c:\documents and settings\Owner\Local Settings\Application Data\{19177630-995E-4FA6-8397-8799911C1C7B}c:\documents and settings\Owner\Local Settings\Application Data\{F6A2D5D5-1A79-48FF-9A15-5F4A07838DB6}c:\documents and settings\Owner\Local Settings\Application Data\{D923AA26-308D-47A4-ADCB-72AECF9B5388}c:\documents and settings\Owner\Local Settings\Application Data\{947382DB-39EB-46D6-BF28-547763E3BE3F}c:\documents and settings\Owner\Local Settings\Application Data\{B376E164-DF2A-4E7B-9D3C-699FD67AB5CD}c:\documents and settings\Owner\Local Settings\Application Data\{09D24B01-9033-4AD1-A656-171EF16C2964}c:\documents and settings\NetworkService\Local Settings\Application Data\cqepqxxswc:\documents and settings\Owner\Local Settings\Application Data\{335C706C-7314-4106-A9DC-8855F895E38C}c:\documents and settings\Owner\Local Settings\Application Data\{E3C7DCA5-26A9-4B67-A356-88E0AE2B58C7}c:\documents and settings\Owner\Local Settings\Application Data\{21F7A5FC-4004-41C2-8C1B-3493ADB664A6}c:\documents and settings\Owner\Local Settings\Application Data\{77695730-F0FD-491C-8603-A3655CCEEF28}Driver::ftnwjDDS:: uInternet Settings,ProxyServer = http=127.0.0.1:5577uInternet Settings,ProxyOverride = <local>Save the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply. Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system. Link to post Share on other sites More sharing options...
FFF Posted July 31, 2010 Author ID:293535 Share Posted July 31, 2010 Thanks Kenny,Here is what I gotComboFix 10-07-27.01 - Owner 07/31/2010 13:45:38.2.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1872 [GMT -5:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Owner\Desktop\CFScript.txtAV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\NetworkService\Local Settings\Application Data\cqepqxxswc:\documents and settings\Owner\Local Settings\Application Data\{09D24B01-9033-4AD1-A656-171EF16C2964}c:\documents and settings\Owner\Local Settings\Application Data\{09D24B01-9033-4AD1-A656-171EF16C2964}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{09D24B01-9033-4AD1-A656-171EF16C2964}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{09D24B01-9033-4AD1-A656-171EF16C2964}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{0FDA65B4-3FEE-4E94-9EC3-C315C8C28519}c:\documents and settings\Owner\Local Settings\Application Data\{0FDA65B4-3FEE-4E94-9EC3-C315C8C28519}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{0FDA65B4-3FEE-4E94-9EC3-C315C8C28519}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{0FDA65B4-3FEE-4E94-9EC3-C315C8C28519}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{19177630-995E-4FA6-8397-8799911C1C7B}c:\documents and settings\Owner\Local Settings\Application Data\{19177630-995E-4FA6-8397-8799911C1C7B}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{19177630-995E-4FA6-8397-8799911C1C7B}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{19177630-995E-4FA6-8397-8799911C1C7B}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{21F7A5FC-4004-41C2-8C1B-3493ADB664A6}c:\documents and settings\Owner\Local Settings\Application Data\{21F7A5FC-4004-41C2-8C1B-3493ADB664A6}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{21F7A5FC-4004-41C2-8C1B-3493ADB664A6}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{21F7A5FC-4004-41C2-8C1B-3493ADB664A6}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{258626A1-FA86-4D19-AD58-B71885453FAD}c:\documents and settings\Owner\Local Settings\Application Data\{258626A1-FA86-4D19-AD58-B71885453FAD}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{258626A1-FA86-4D19-AD58-B71885453FAD}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{258626A1-FA86-4D19-AD58-B71885453FAD}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{335C706C-7314-4106-A9DC-8855F895E38C}c:\documents and settings\Owner\Local Settings\Application Data\{335C706C-7314-4106-A9DC-8855F895E38C}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{335C706C-7314-4106-A9DC-8855F895E38C}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{335C706C-7314-4106-A9DC-8855F895E38C}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{4189BEF2-2767-4294-A7B1-0C8B1EEFE490}c:\documents and settings\Owner\Local Settings\Application Data\{4189BEF2-2767-4294-A7B1-0C8B1EEFE490}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{4189BEF2-2767-4294-A7B1-0C8B1EEFE490}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{4189BEF2-2767-4294-A7B1-0C8B1EEFE490}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{5BDB6C7C-54D2-48A3-90B9-0EDFF96B1BBA}c:\documents and settings\Owner\Local Settings\Application Data\{5BDB6C7C-54D2-48A3-90B9-0EDFF96B1BBA}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{5BDB6C7C-54D2-48A3-90B9-0EDFF96B1BBA}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{5BDB6C7C-54D2-48A3-90B9-0EDFF96B1BBA}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{682C99AA-1B1E-4427-9092-48FC5CF159BF}c:\documents and settings\Owner\Local Settings\Application Data\{682C99AA-1B1E-4427-9092-48FC5CF159BF}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{682C99AA-1B1E-4427-9092-48FC5CF159BF}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{682C99AA-1B1E-4427-9092-48FC5CF159BF}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{77695730-F0FD-491C-8603-A3655CCEEF28}c:\documents and settings\Owner\Local Settings\Application Data\{77695730-F0FD-491C-8603-A3655CCEEF28}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{77695730-F0FD-491C-8603-A3655CCEEF28}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{77695730-F0FD-491C-8603-A3655CCEEF28}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{7C566C15-DBB8-470D-8CD5-F3DCA576CF31}c:\documents and settings\Owner\Local Settings\Application Data\{7C566C15-DBB8-470D-8CD5-F3DCA576CF31}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{7C566C15-DBB8-470D-8CD5-F3DCA576CF31}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{7C566C15-DBB8-470D-8CD5-F3DCA576CF31}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{947382DB-39EB-46D6-BF28-547763E3BE3F}c:\documents and settings\Owner\Local Settings\Application Data\{947382DB-39EB-46D6-BF28-547763E3BE3F}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{947382DB-39EB-46D6-BF28-547763E3BE3F}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{947382DB-39EB-46D6-BF28-547763E3BE3F}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{B376E164-DF2A-4E7B-9D3C-699FD67AB5CD}c:\documents and settings\Owner\Local Settings\Application Data\{B376E164-DF2A-4E7B-9D3C-699FD67AB5CD}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{B376E164-DF2A-4E7B-9D3C-699FD67AB5CD}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{B376E164-DF2A-4E7B-9D3C-699FD67AB5CD}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{C54C6E4A-CA87-4ABD-B130-09AEC372A5A2}c:\documents and settings\Owner\Local Settings\Application Data\{C54C6E4A-CA87-4ABD-B130-09AEC372A5A2}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{C54C6E4A-CA87-4ABD-B130-09AEC372A5A2}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{C54C6E4A-CA87-4ABD-B130-09AEC372A5A2}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{D923AA26-308D-47A4-ADCB-72AECF9B5388}c:\documents and settings\Owner\Local Settings\Application Data\{D923AA26-308D-47A4-ADCB-72AECF9B5388}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{D923AA26-308D-47A4-ADCB-72AECF9B5388}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{D923AA26-308D-47A4-ADCB-72AECF9B5388}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{E3C7DCA5-26A9-4B67-A356-88E0AE2B58C7}c:\documents and settings\Owner\Local Settings\Application Data\{E3C7DCA5-26A9-4B67-A356-88E0AE2B58C7}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{E3C7DCA5-26A9-4B67-A356-88E0AE2B58C7}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{E3C7DCA5-26A9-4B67-A356-88E0AE2B58C7}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{E82CDC65-D3B4-463B-A56E-85905920E8F1}c:\documents and settings\Owner\Local Settings\Application Data\{E82CDC65-D3B4-463B-A56E-85905920E8F1}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{E82CDC65-D3B4-463B-A56E-85905920E8F1}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{E82CDC65-D3B4-463B-A56E-85905920E8F1}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{F09D793D-913B-4F52-B5CE-48F93448829C}c:\documents and settings\Owner\Local Settings\Application Data\{F09D793D-913B-4F52-B5CE-48F93448829C}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{F09D793D-913B-4F52-B5CE-48F93448829C}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{F09D793D-913B-4F52-B5CE-48F93448829C}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\{F6A2D5D5-1A79-48FF-9A15-5F4A07838DB6}c:\documents and settings\Owner\Local Settings\Application Data\{F6A2D5D5-1A79-48FF-9A15-5F4A07838DB6}\chrome.manifestc:\documents and settings\Owner\Local Settings\Application Data\{F6A2D5D5-1A79-48FF-9A15-5F4A07838DB6}\chrome\content\_cfg.jsc:\documents and settings\Owner\Local Settings\Application Data\{F6A2D5D5-1A79-48FF-9A15-5F4A07838DB6}\install.rdfc:\documents and settings\Owner\Local Settings\Application Data\dyvhvrnwcc:\documents and settings\Owner\Local Settings\Application Data\lbyvcgsmq.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_FTNWJ-------\Service_ftnwj((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-31 ))))))))))))))))))))))))))))))).2010-07-28 02:54 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2010-07-10 08:54 . 2010-07-10 08:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2010-07-08 13:52 . 2010-07-10 08:57 664 ----a-w- c:\windows\system32\d3d9caps.dat.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-31 18:51 . 2009-07-25 20:37 -------- d-----w- c:\program files\Symantec AntiVirus2010-07-28 02:20 . 2004-08-03 22:59 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys2010-07-10 14:15 . 2010-03-23 20:33 0 ----a-w- c:\windows\Awosuro.dat2010-07-09 11:50 . 2010-03-23 20:33 0 ----a-w- c:\windows\Bjedokimakige.bin2010-06-29 13:21 . 2010-04-07 01:07 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe2010-06-14 14:31 . 2009-07-25 17:32 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe2010-05-27 21:55 . 2010-05-27 21:55 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-618ca634-n\msvcp71.dll2010-05-27 21:55 . 2010-05-27 21:55 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d0dceae-n\decora-sse.dll2010-05-27 21:55 . 2010-05-27 21:55 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-618ca634-n\jmc.dll2010-05-27 21:55 . 2010-05-27 21:55 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-618ca634-n\msvcr71.dll2010-05-27 21:55 . 2010-05-27 21:55 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d0dceae-n\decora-d3d.dll2010-05-19 04:07 . 2010-05-19 04:07 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4954fdff-n\msvcp71.dll2010-05-19 04:07 . 2010-05-19 04:07 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4954fdff-n\jmc.dll2010-05-19 04:07 . 2010-05-19 04:07 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4954fdff-n\msvcr71.dll2010-05-19 04:07 . 2010-05-19 04:07 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f8f527f-n\decora-sse.dll2010-05-19 04:07 . 2010-05-19 04:07 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f8f527f-n\decora-d3d.dll2010-05-04 17:20 . 2004-08-04 00:56 832512 ----a-w- c:\windows\system32\wininet.dll2010-05-04 17:20 . 2004-08-04 00:56 78336 ----a-w- c:\windows\system32\ieencode.dll2010-05-04 17:20 . 2004-08-04 00:56 17408 ------w- c:\windows\system32\corpol.dll.((((((((((((((((((((((((((((( SnapShot@2010-07-28_02.42.56 ))))))))))))))))))))))))))))))))))))))))).+ 2010-07-31 18:51 . 2010-07-31 18:51 16384 c:\windows\temp\Perflib_Perfdata_224.dat+ 2009-07-25 19:29 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-03-02 86016]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 61952]"Mixersel"="c:\program files\Realtek\InstallShield\mixersel.exe" [2003-11-11 369664]"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]"AlcWzrd"="ALCWZRD.EXE" [2004-10-22 2744832]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-20 198160]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableNotifications"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 10:11 PM 102448]S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\D.tmp --> c:\windows\system32\D.tmp [?]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464].Contents of the 'Scheduled Tasks' folder2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]..------- Supplementary Scan -------.uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Brandon&state=MS&site=JAN&textField1=32.2805&textField2=-90.0038&e=0IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-07-31 13:52Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]"ImagePath"="\??\c:\windows\system32\D.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(3956)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Symantec Shared\ccSetMgr.exec:\program files\Common Files\Symantec Shared\ccEvtMgr.exec:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exec:\program files\Symantec AntiVirus\DefWatch.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Symantec AntiVirus\Rtvscan.exec:\windows\SOUNDMAN.EXEc:\windows\ALCWZRD.EXE.**************************************************************************.Completion time: 2010-07-31 13:56:14 - machine was rebootedComboFix-quarantined-files.txt 2010-07-31 18:56ComboFix2.txt 2010-07-28 02:45Pre-Run: 179,469,672,448 bytes freePost-Run: 179,447,746,560 bytes free- - End Of File - - B5D6180798ED5021C13BF229FCFB502B Link to post Share on other sites More sharing options...
FFF Posted July 31, 2010 Author ID:293537 Share Posted July 31, 2010 I have no idea what all of that means. Is it good, bad, ugly? Link to post Share on other sites More sharing options...
Kenny94 Posted July 31, 2010 ID:293541 Share Posted July 31, 2010 Smile we are getting closer. Good job you done there!ESET Online ScannerNote: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.Please go here then click on: Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Now click on: [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.[*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first![*]Now click on: [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.[*]Copy and paste that log as a reply to this topic.Note: Do not forget to re-enable your Anti-Virus application after running the above scan! Link to post Share on other sites More sharing options...
FFF Posted July 31, 2010 Author ID:293586 Share Posted July 31, 2010 Here it is. When saving the log I clicked the x and it exited the program without my clicking finish. Don't know if that matters???ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)# OnlineScanner.ocx=1.0.0.6211# api_version=3.0.2# EOSSerial=1db7a4f74cb9cf4f991acb01240b7dc8# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2010-07-31 08:49:20# local_time=2010-07-31 03:49:20 (-0600, Central Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=56997# found=1# cleaned=0# scan_time=2137C:\Qoobox\Quarantine\C\WINDOWS\acufozuz.dll.vir a variant of Win32/Cimag.CK trojan 00000000000000000000000000000000 I Link to post Share on other sites More sharing options...
Kenny94 Posted July 31, 2010 ID:293587 Share Posted July 31, 2010 C:\Qoobox\Quarantine is ComboFix that we will remove.Your Computer is CleanSome final items:Follow these steps to uninstall Combofix and tools used in the removal of malwarePlease press the Windows Key and R on your keyboard. This will bring up the Run... command.Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)Please follow the prompts to uninstall Combofix.You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.This will uninstall Combofix and anything assoicated with it.Here are some additional links for you to check out to help you with your computer security. BrowsersJust because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options.Click once on the Security tabClick once on the Internet icon so it becomes highlighted.Click once on the Custom Level button.Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop items to PromptChange the Launching programs and files in an IFRAME to PromptChange the Navigate sub-frames across different domains to PromptWhen all these settings have been made, click on the OK buttonIf it prompts you as to whether or not you want to save the settings, press the Yes button.Next press the Apply button and then the OK to exit the Internet Properties page.Additional Security MeasuresVisit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.Secunia software inspector & update checker Visit My Blog for Malware and Spyware Tips Link to post Share on other sites More sharing options...
Staff screen317 Posted August 29, 2010 Staff ID:306324 Share Posted August 29, 2010 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts