Jump to content

need help fast


Recommended Posts

Hi,

My antivirus (MSE) has detected a virus named TrojanDowloader:Win32/Unruy. I removed the virus, it asked me to reboot the computer so i did then it came back. please help.

i followed the instructions here

http://forums.malwarebytes.org/index.php?showtopic=9573

DDS (Ver_10-03-17.01) - NTFSx86

Run by User at 18:55:48.37 on Sun 08/01/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.351.87 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\program files\pcsgvmbqezmzr\jdqguja.exe

C:\program files\pcsgvmbqezmzr\jdqguja.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = ${URL_SEARCHPAGE}

uSearch Bar = hxxp://www.google.com

uStart Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://in.yahoo.com

mSearch Page = ${URL_SEARCHPAGE}

mStart Page = ${URL_STARTPAGE}

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jd

uRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jd

mRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jd

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoSMMyPictures = 1 (0x1)

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

mPolicies-system: DisableCAD = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

dPolicies-explorer: NoSMMyPictures = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: kuaiche.com\software

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/stg_drm.ocx

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271369202235

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.solidaxision.com/setup/solidstateion.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx

DPF: {D84EB4B0-BFA9-4B0C-B75A-17ABAD45ABB7} - hxxp://images.friendster.com/201003A-017/js/aurigma/FriendsterImageUploader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 ndisex;ndisex;c:\windows\system32\drivers\ndisex.sys [2010-3-17 18432]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2010-1-24 53248]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2010-1-23 21144]

R1 atapint;atapint;c:\windows\system32\drivers\atapint.sys [2010-3-17 18944]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]

S1 asyncm2k;asyncm2k;c:\windows\system32\drivers\asyncm2k.sys --> c:\windows\system32\drivers\asyncm2k.sys [?]

S2 KAVSafe;KAVSafe;\??\c:\windows\system32\drivers\kavsafe.sys --> c:\windows\system32\drivers\KAVSafe.sys [?]

S3 cpuz130;cpuz130;\??\c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2010-1-24 714240]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]

=============== Created Last 30 ================

2010-08-05 08:11:52 0 d-----w- c:\program files\Paint.NET

2010-08-05 06:19:54 0 d--h--r- C:\AHCache

2010-08-01 21:53:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-01 21:53:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-01 21:53:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-01 17:48:24 0 ----a-w- c:\documents and settings\user\defogger_reenable

2010-08-01 17:30:24 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat

2010-08-01 01:20:31 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes

2010-08-01 00:17:21 0 d-----w- c:\program files\SUPERAntiSpyware

2010-07-31 23:54:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-31 23:27:28 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-07-31 23:26:32 0 d-----w- c:\program files\Pando Networks

2010-07-31 23:26:32 0 d-----w- c:\program files\Monopoly City

2010-07-31 23:26:32 0 d-----w- c:\program files\Fizzy

2010-07-31 23:26:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files

2010-07-31 23:26:27 0 d-----w- c:\windows\Virtual Families

2010-07-31 23:26:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Cached Installations

2010-07-31 23:26:25 0 d-----w- c:\docume~1\user\applic~1\SpinTop

2010-07-31 23:26:22 0 d-----w- c:\windows\Diner Dash Flo Through Time

2010-07-31 22:24:20 0 d-----w- c:\windows\system32\XPSViewer

2010-07-31 20:08:52 0 d-----w- c:\docume~1\user\applic~1\SUPERAntiSpyware.com

2010-07-31 19:32:43 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-07-31 19:32:42 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-30 22:19:38 0 d-----w- c:\windows\uninstall

2010-07-30 19:05:56 0 d-----w- c:\windows\system32\wbem\Repository

2010-07-29 19:08:51 679936 ----a-w- c:\windows\system32\D3DX81ab.dll

2010-07-29 19:08:51 1970176 ----a-w- c:\windows\system32\d3dx9.dll

2010-07-29 19:08:31 0 d-----w- c:\program files\Cheat Engine

2010-07-27 22:59:24 0 d-----w- c:\program files\Virtual Families

2010-07-27 20:58:41 224 ----a-w- c:\windows\system32\9B13A86D.plf

2010-07-27 04:12:18 0 d-----w- c:\docume~1\user\applic~1\Pogo

2010-07-27 04:12:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Pogo

2010-07-23 20:46:27 25 ----a-w- c:\windows\popcinfot.dat

2010-07-23 06:09:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia

2010-07-23 06:08:26 19 ----a-w- c:\windows\popcinfo.dat

2010-07-22 16:54:07 0 d-----w- C:\Desktop

2010-07-22 16:08:09 642 ----a-w- c:\windows\system32\runkgb.lnk

2010-07-21 19:49:39 787 ----a-w- c:\windows\system\akstart.lnk

2010-07-17 21:07:52 0 d-----w- c:\docume~1\user\applic~1\fizzy

2010-07-16 21:15:26 0 d-----w- c:\docume~1\user\applic~1\uTorrent

2010-07-14 02:58:07 0 d-----w- c:\program files\common files\Futuremark Shared

2010-07-07 19:46:38 16832 ----a-w- c:\windows\system32\amcompat.tlb

2010-07-07 19:46:37 23392 ----a-w- c:\windows\system32\nscompat.tlb

==================== Find3M ====================

2010-08-01 22:28:45 9845 -c--a-w- c:\windows\system32\msw2n1o0e.dll

2010-07-23 06:07:40 737280 -c--a-w- c:\windows\iun6002.exe

2010-07-17 19:46:07 30912 -c-ha-w- c:\windows\system32\mlfcache.dat

2010-06-28 19:30:41 15728 ----a-w- c:\windows\system32\drivers\bootsafe.sys

2010-06-28 19:30:32 24472 ----a-w- c:\windows\system32\drivers\bc.sys

2010-06-13 01:52:09 1770 ----a-w- c:\windows\system32\secushr.dat

2010-06-01 17:37:48 221568 -c----w- c:\windows\system32\MpSigStub.exe

2010-05-20 22:40:10 20 -c--a-w- c:\docume~1\user\applic~1\qvjsge.dat

2010-05-11 01:51:41 286720 -c----w- c:\windows\Setup1.exe

2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

============= FINISH: 18:57:15.74 ===============

attach.zip

Link to post
Share on other sites

  • Staff

Hello and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4386

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/3/2010 7:12:22 PM

mbam-log-2010-08-03 (19-12-22).txt

Scan type: Quick scan

Objects scanned: 141359

Time elapsed: 32 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System volume information\Microsoft\services.exe (Trojan.Cycler) -> Delete on reboot.

C:\System volume information\Microsoft\smss.exe (Trojan.Cycler) -> Delete on reboot.

Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by User at 19:34:36.08 on Tue 08/03/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.351.60 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\program files\pcsgvmbqezmzr\jdqguja.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\program files\pcsgvmbqezmzr\jdqguja.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = ${URL_SEARCHPAGE}

uSearch Bar = hxxp://www.google.com

uStart Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://in.yahoo.com

mSearch Page = ${URL_SEARCHPAGE}

mStart Page = ${URL_STARTPAGE}

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jd

uRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jd

mRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jd

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoSMMyPictures = 1 (0x1)

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

mPolicies-system: DisableCAD = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

dPolicies-explorer: NoSMMyPictures = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: kuaiche.com\software

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/stg_drm.ocx

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271369202235

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.solidaxision.com/setup/solidstateion.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx

DPF: {D84EB4B0-BFA9-4B0C-B75A-17ABAD45ABB7} - hxxp://images.friendster.com/201003A-017/js/aurigma/FriendsterImageUploader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 ndisex;ndisex;c:\windows\system32\drivers\ndisex.sys [2010-3-17 18432]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2010-1-24 53248]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2010-1-23 21144]

R1 atapint;atapint;c:\windows\system32\drivers\atapint.sys [2010-3-17 18944]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]

S1 asyncm2k;asyncm2k;c:\windows\system32\drivers\asyncm2k.sys --> c:\windows\system32\drivers\asyncm2k.sys [?]

S2 KAVSafe;KAVSafe;\??\c:\windows\system32\drivers\kavsafe.sys --> c:\windows\system32\drivers\KAVSafe.sys [?]

S3 cpuz130;cpuz130;\??\c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2010-1-24 714240]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]

=============== Created Last 30 ================

2010-08-05 08:11:52 0 d-----w- c:\program files\Paint.NET

2010-08-05 06:19:54 0 d--h--r- C:\AHCache

2010-08-04 02:12:36 54016 ----a-w- c:\windows\system32\drivers\lnmv.sys

2010-08-03 02:25:16 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-08-01 21:53:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-01 21:53:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-01 21:53:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-01 17:48:24 0 ----a-w- c:\documents and settings\user\defogger_reenable

2010-08-01 17:30:24 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat

2010-08-01 01:20:31 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes

2010-08-01 00:17:21 0 d-----w- c:\program files\SUPERAntiSpyware

2010-07-31 23:54:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-31 23:27:28 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-07-31 23:26:32 0 d-----w- c:\program files\Pando Networks

2010-07-31 23:26:32 0 d-----w- c:\program files\Monopoly City

2010-07-31 23:26:32 0 d-----w- c:\program files\Fizzy

2010-07-31 23:26:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files

2010-07-31 23:26:27 0 d-----w- c:\windows\Virtual Families

2010-07-31 23:26:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Cached Installations

2010-07-31 23:26:25 0 d-----w- c:\docume~1\user\applic~1\SpinTop

2010-07-31 23:26:22 0 d-----w- c:\windows\Diner Dash Flo Through Time

2010-07-31 22:24:20 0 d-----w- c:\windows\system32\XPSViewer

2010-07-31 20:08:52 0 d-----w- c:\docume~1\user\applic~1\SUPERAntiSpyware.com

2010-07-31 19:32:43 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-07-31 19:32:42 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-30 22:19:38 0 d-----w- c:\windows\uninstall

2010-07-30 19:05:56 0 d-----w- c:\windows\system32\wbem\Repository

2010-07-29 19:08:31 0 d-----w- c:\program files\Cheat Engine

2010-07-27 22:59:24 0 d-----w- c:\program files\Virtual Families

2010-07-27 20:58:41 224 ----a-w- c:\windows\system32\9B13A86D.plf

2010-07-27 04:12:18 0 d-----w- c:\docume~1\user\applic~1\Pogo

2010-07-27 04:12:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Pogo

2010-07-23 20:46:27 25 ----a-w- c:\windows\popcinfot.dat

2010-07-23 06:09:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia

2010-07-23 06:08:26 19 ----a-w- c:\windows\popcinfo.dat

2010-07-22 16:54:07 0 d-----w- C:\Desktop

2010-07-22 16:08:09 642 ----a-w- c:\windows\system32\runkgb.lnk

2010-07-21 19:49:39 787 ----a-w- c:\windows\system\akstart.lnk

2010-07-17 21:07:52 0 d-----w- c:\docume~1\user\applic~1\fizzy

2010-07-16 21:15:26 0 d-----w- c:\docume~1\user\applic~1\uTorrent

2010-07-14 02:58:07 0 d-----w- c:\program files\common files\Futuremark Shared

2010-07-07 19:46:38 16832 ----a-w- c:\windows\system32\amcompat.tlb

2010-07-07 19:46:37 23392 ----a-w- c:\windows\system32\nscompat.tlb

==================== Find3M ====================

2010-08-03 20:09:15 2589 -c--a-w- c:\windows\system32\comcat.dll

2010-07-23 06:07:40 737280 -c--a-w- c:\windows\iun6002.exe

2010-07-17 19:46:07 30912 -c-ha-w- c:\windows\system32\mlfcache.dat

2010-06-28 19:30:41 15728 ----a-w- c:\windows\system32\drivers\bootsafe.sys

2010-06-28 19:30:32 24472 ----a-w- c:\windows\system32\drivers\bc.sys

2010-06-13 01:52:09 1770 ----a-w- c:\windows\system32\secushr.dat

2010-06-01 17:37:48 221568 -c----w- c:\windows\system32\MpSigStub.exe

2010-05-20 22:40:10 20 -c--a-w- c:\docume~1\user\applic~1\qvjsge.dat

2010-05-11 01:51:41 286720 -c----w- c:\windows\Setup1.exe

============= FINISH: 19:36:14.66 ===============

Link to post
Share on other sites

ComboFix 10-08-04.02 - User 08/04/2010 12:43:32.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.351.84 [GMT -7:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

c:\documents and settings\User\Application Data\BITS

c:\documents and settings\User\Application Data\BITS\BITS.ini

c:\documents and settings\User\Application Data\BITS\DHTTable.dat

c:\documents and settings\User\Application Data\BITS\ProxyList.ini

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182309.torrent

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182309.torrent.filelist

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182317.torrent

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182317.torrent.filelist

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182318.torrent

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182318.torrent.~tmp

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182318.torrent.bits

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182318.torrent.filelist

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182318.torrent.statistic

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182549.torrent

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182549.torrent.filelist

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182611.torrent

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182611.torrent.filelist

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.~tmp

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.bits

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.filelist

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.hybridlist

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.seeds

c:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.statistic

c:\documents and settings\User\Application Data\BITS\Torrent\20100612184027.torrent

c:\documents and settings\User\Application Data\BITS\Torrent\20100612184027.torrent.filelist

c:\documents and settings\User\Application Data\FlashGetBHO

c:\documents and settings\User\Application Data\FlashGetBHO\FlashGetBHO3.dll

c:\documents and settings\User\Application Data\FlashGetBHO\FlashGetHook.dll

c:\documents and settings\User\Application Data\FlashGetBHO\GetAllUrl.htm

c:\documents and settings\User\Application Data\FlashGetBHO\GetUrl.htm

c:\program files\FlashGet Network

c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_03.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_107x7322222.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_1309444450.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_33665566.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5-04400194A.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5_4504_1.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_a44.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_a66999.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_km.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_OL-2.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1276393331.zip

c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif

c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt

c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg

c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif

c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak

c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db

c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini

c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat

c:\program files\FlashGet Network\FlashGet 3\dat\torrent\1641610_[isoHunt] Naruto Ultimate Ninja Heroes USA.cso.torrent

c:\program files\FlashGet Network\FlashGet 3\dat\torrent\1815450_PSP_Naruto_Shippuden_Ultimate_Ninja_Heroes_3__JAP__PSP__WwW_GamesTo

rr.torrent

c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini

c:\program files\FlashGet Network\FlashGet 3\perf.ini

c:\program files\FlashGet Network\FlashGet 3\pstat.dat

c:\program files\FlashGet Network\FlashGet 3\pup.dat

c:\system volume information\Microsoft

c:\system volume information\Microsoft\services.exe

c:\system volume information\Microsoft\smss.exe

c:\windows\system32\del.bat

c:\windows\system32\msconfig.exe

c:\windows\system32\secushr.dat

c:\windows\system32\secustat.dat

.

\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected

.

((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 )))))))))))))))))))))))))))))))

.

2010-08-05 08:11 . 2010-07-31 23:24 -------- d-----w- c:\program files\Paint.NET

2010-08-05 08:11 . 2010-08-04 04:37 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Paint.NET

2010-08-05 06:26 . 2010-08-05 06:26 -------- d-----w- c:\program files\Reference Assemblies

2010-08-05 06:19 . 2010-08-05 06:19 -------- d-----r- C:\AHCache

2010-08-03 02:25 . 2010-07-27 06:30 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-08-01 21:53 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-01 21:53 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-01 21:53 . 2010-08-01 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-01 01:20 . 2010-08-01 01:20 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes

2010-08-01 00:18 . 2010-08-01 00:18 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-01 00:18 . 2010-08-01 00:18 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-01 00:17 . 2010-08-01 00:17 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-01 00:17 . 2010-08-01 00:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2010-08-01 00:17 . 2010-08-01 00:17 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-07-31 23:54 . 2010-07-31 23:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-07-31 23:54 . 2010-07-31 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-31 23:38 . 2010-07-31 23:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Paint.NET

2010-07-31 23:27 . 2010-07-31 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\program files\Pando Networks

2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\program files\Monopoly City

2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\program files\Fizzy

2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PMB Files

2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\windows\Virtual Families

2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations

2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\User\Application Data\SpinTop

2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\windows\Diner Dash Flo Through Time

2010-07-31 23:22 . 2010-07-31 23:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-07-31 22:24 . 2010-07-31 23:27 -------- d-----w- c:\windows\system32\XPSViewer

2010-07-31 22:24 . 2010-07-31 22:24 -------- d-----w- c:\program files\MSBuild

2010-07-31 20:11 . 2010-07-31 20:11 63488 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-07-31 20:11 . 2010-07-31 20:11 52224 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-07-31 20:11 . 2010-07-31 20:11 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-07-31 20:08 . 2010-07-31 20:08 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com

2010-07-31 19:34 . 2010-07-31 23:27 -------- d-----w- c:\program files\Common Files\Java

2010-07-31 19:32 . 2010-07-31 19:31 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-30 22:19 . 2010-08-03 20:09 -------- d-----w- c:\windows\uninstall

2010-07-30 19:05 . 2010-07-30 19:05 -------- d-----w- c:\windows\system32\wbem\Repository

2010-07-29 19:08 . 2010-08-03 20:13 -------- d-----w- c:\program files\Cheat Engine

2010-07-28 04:49 . 2010-07-28 04:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-07-28 04:48 . 2010-07-28 04:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2010-07-27 22:59 . 2010-07-31 23:26 -------- d-----w- c:\program files\Virtual Families

2010-07-27 04:12 . 2010-07-27 04:12 -------- d-----w- c:\documents and settings\User\Application Data\Pogo

2010-07-27 04:12 . 2010-07-27 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Pogo

2010-07-23 20:46 . 2010-07-23 22:24 25 ----a-w- c:\windows\popcinfot.dat

2010-07-23 18:00 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst

2010-07-23 18:00 . 2010-07-24 03:01 -------- d-----w- c:\documents and settings\User\Application Data\PlayFirst

2010-07-23 06:09 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia

2010-07-23 06:08 . 2010-07-23 20:31 19 ----a-w- c:\windows\popcinfo.dat

2010-07-22 16:54 . 2010-07-31 23:26 -------- d-----w- C:\Desktop

2010-07-17 21:07 . 2010-07-17 21:07 -------- d-----w- c:\documents and settings\User\Application Data\fizzy

2010-07-16 21:15 . 2010-08-01 17:44 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent

2010-07-14 02:58 . 2010-07-14 02:58 -------- d-----w- c:\program files\Common Files\Futuremark Shared

2010-07-14 02:58 . 2010-07-14 02:58 -------- d--h--w- c:\program files\InstallShield Installation Information

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-04 19:36 . 2010-03-03 18:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-08-03 20:09 . 2001-08-23 11:00 2589 -c--a-w- c:\windows\system32\comcat.dll

2010-08-01 01:21 . 2010-01-24 05:34 29632 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-31 23:38 . 2010-01-24 19:15 29632 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-31 23:26 . 2010-03-13 03:12 -------- d-----w- c:\program files\IObit

2010-07-23 06:07 . 2010-04-18 05:03 737280 -c--a-w- c:\windows\iun6002.exe

2010-07-17 19:46 . 2010-02-27 00:20 30912 -c-ha-w- c:\windows\system32\mlfcache.dat

2010-07-15 22:00 . 2010-04-15 05:48 -------- d-----w- c:\program files\LimeWire

2010-07-15 21:59 . 2010-04-15 05:52 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire

2010-07-15 05:04 . 2010-01-24 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-14 04:55 . 2010-05-02 19:53 -------- d-----w- c:\program files\Yahoo!

2010-07-09 16:09 . 2010-02-24 04:05 -------- d-----w- c:\program files\Google

2010-07-07 19:41 . 2010-05-19 06:16 -------- d-----w- c:\program files\epson

2010-07-07 19:38 . 2010-04-18 04:34 -------- d-----w- c:\program files\Windows Media Connect 2

2010-07-07 19:22 . 2010-04-15 20:56 -------- d-----w- c:\documents and settings\User\Application Data\DivX

2010-07-07 19:14 . 2010-02-23 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON

2010-07-05 00:32 . 2010-04-01 21:13 -------- d-----w- c:\program files\Common Files\Adobe

2010-06-30 18:20 . 2010-03-18 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-06-30 05:35 . 2010-06-28 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\kingsoft

2010-06-29 23:41 . 2010-06-28 03:05 -------- d-----w- c:\program files\Maxthon2

2010-06-29 23:36 . 2010-06-28 03:06 -------- d-----w- c:\documents and settings\User\Application Data\MxBoost

2010-06-29 05:58 . 2010-06-29 05:58 29632 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-29 05:58 . 2010-01-24 19:13 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-06-28 19:30 . 2010-06-28 19:45 15728 ----a-w- c:\windows\system32\drivers\bootsafe.sys

2010-06-28 19:30 . 2010-06-28 19:45 24472 ----a-w- c:\windows\system32\drivers\bc.sys

2010-06-27 01:49 . 2010-06-27 01:49 -------- d-----w- c:\documents and settings\User\Application Data\RadioBar

2010-06-24 04:19 . 2010-06-24 04:19 -------- d-----w- c:\program files\Conduit

2010-06-13 01:12 . 2010-06-13 01:12 -------- d-----w- c:\documents and settings\User\Application Data\FlashGet

2010-06-11 02:44 . 2010-03-25 01:13 29632 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-11 02:44 . 2010-06-11 02:44 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer

2010-06-08 02:15 . 2010-02-24 03:07 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer

2010-06-07 06:10 . 2010-06-07 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-06-07 06:07 . 2010-02-24 02:56 -------- d-----w- c:\program files\Common Files\Apple

2010-06-07 05:58 . 2010-06-07 05:56 -------- d-----w- c:\program files\QuickTime

2010-06-07 05:56 . 2010-02-24 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-06-07 05:50 . 2010-06-07 05:50 -------- d-----w- c:\program files\Apple Software Update

2010-06-07 05:43 . 2010-06-07 05:43 -------- d-----w- c:\program files\Bonjour

2010-06-01 17:37 . 2010-01-24 19:16 221568 -c----w- c:\windows\system32\MpSigStub.exe

2010-05-20 22:40 . 2010-05-20 22:39 20 -c--a-w- c:\documents and settings\User\Application Data\qvjsge.dat

2010-05-11 01:51 . 2010-02-28 21:40 286720 -c----w- c:\windows\Setup1.exe

.

------- Sigcheck -------

[-] 2009-12-14 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

c:\windows\System32\wscntfy.exe ... is missing !!

c:\windows\System32\regsvc.dll ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-04-23 1668920]

"ralom"="c:\program files\pcsgvmbqezmzr\jdqguja.exe" [2006-01-09 2184844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

"ralom"="c:\program files\pcsgvmbqezmzr\jdqguja.exe" [2006-01-09 2184844]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Hibernate mode.lnk]

path=c:\documents and settings\User\Start Menu\Programs\Startup\Hibernate mode.lnk

backup=c:\windows\pss\Hibernate mode.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46 1135912 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-07-09 17:40 136176 ----atw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Desktop\\Mydocuments\\Babin\\Mpk.exe"=

"c:\\Desktop\\Mydocuments\\Babin\\MpkView.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 ndisex;ndisex;c:\windows\system32\drivers\ndisex.sys [3/17/2010 12:20 PM 18432]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [1/24/2010 3:12 PM 53248]

R1 atapint;atapint;c:\windows\system32\drivers\atapint.sys [3/17/2010 12:20 PM 18944]

S1 asyncm2k;asyncm2k;c:\windows\system32\drivers\asyncm2k.sys --> c:\windows\system32\drivers\asyncm2k.sys [?]

S2 KAVSafe;KAVSafe;\??\c:\windows\system32\Drivers\KAVSafe.sys --> c:\windows\system32\Drivers\KAVSafe.sys [?]

S3 cpuz130;cpuz130;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [10/19/2007 1:50 AM 24320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC

.

Contents of the 'Scheduled Tasks' folder

2010-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1364589140-1177238915-1001Core.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-09 17:40]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1364589140-1177238915-1001UA.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-09 17:40]

2010-08-04 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]

2010-08-04 c:\windows\Tasks\User_Feed_Synchronization-{2D012A41-B16D-4D9C-ABA4-BEEA2361171D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = ${URL_STARTPAGE}

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: kuaiche.com\software

DPF: {D84EB4B0-BFA9-4B0C-B75A-17ABAD45ABB7} - hxxp://images.friendster.com/201003A-017/js/aurigma/FriendsterImageUploader.cab

.

- - - - ORPHANS REMOVED - - - -

BHO-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)

Toolbar-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

MSConfigStartUp-Uniblue SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-04 12:53

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,70,d4,2d,da,5c,e6,4f,9b,8c,e5,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,70,d4,2d,da,5c,e6,4f,9b,8c,e5,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2010-08-04 12:56:12

ComboFix-quarantined-files.txt 2010-08-04 19:56

Pre-Run: 7,225,823,232 bytes free

Post-Run: 7,417,647,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

- - End Of File - - DDE971F0B874641539C39B680A043B9A

Link to post
Share on other sites

  • Staff

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Scanning Report

Thursday, August 5, 2010 13:46:43 - 16:50:01

Computer name: Home Computer

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\

2 malware found

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

Joke.FakePopup.A (virus)

C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\BABIN\POPUP.EXE (Renamed & Submitted)

Statistics

Scanned:

Files: 34409

System: 2616

Not scanned: 10

Actions:

Disinfected: 1

Renamed: 1

Deleted: 0

Not cleaned: 0

Submitted: 1

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\HSPERFDATA_USER\4032

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\HSPERFDATA_USER\2488

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\MPSCANCACHE-1.BIN

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

Microsoft Security Essentials successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 21

Adobe Flash Player 10.0.45.2

Adobe Reader 9.3.3

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

The sound issue is likely something with your sound driver.

Right-click My Computer and click Properties. Navigate to Device Manager and see if there is a yellow exclamation mark next to your audio device.

Link to post
Share on other sites

  • Staff

Hi,

Re: ComboFix, do this:

Ensure that ComboFix is on your Desktop.

Then click Start --> Run; enter this command exactly as shown:

"%userprofile%\Desktop\ComboFix.exe" /uninstall

Press Enter.

Restart your computer.

Now click Start --> Run, type cmd.exe and press Enter.

Next, type in this command:

ipconfig /flushdns

Press Enter. Restart your computer and see if the Internet issues persists.

If no joy, access cmd.exe again. Enter this command:

netsh winsock reset

Press Enter, restart your computer and see if the issue is resolved.

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

You will need your Windows XP CD. If you have it, then we can replace the file. Do you have it..?

Also, you have uTorrent installed.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

Uninstall it before proceeding please. Post a fresh DDS log after.

Link to post
Share on other sites

Hi,

I did not put the Attach.txt but i put the DDS here

DDS (Ver_10-03-17.01) - NTFSx86

Run by User at 22:12:27.28 on Fri 08/20/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.351.127 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\program files\pcsgvmbqezmzr\jdqguja.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\program files\pcsgvmbqezmzr\jdqguja.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Desktop\Virus Fiixing\dds.scr

============== Pseudo HJT Report ===============

mSearch Bar = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoSMMyPictures = 1 (0x1)

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

mPolicies-system: DisableCAD = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

dPolicies-explorer: NoSMMyPictures = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: google.com\www

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/stg_drm.ocx

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271369202235

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.solidaxision.com/setup/solidstateion.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx

DPF: {D84EB4B0-BFA9-4B0C-B75A-17ABAD45ABB7} - hxxp://images.friendster.com/201003A-017/js/aurigma/FriendsterImageUploader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

============= SERVICES / DRIVERS ===============

R0 ndisex;ndisex;c:\windows\system32\drivers\ndisex.sys [2010-3-17 18432]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2010-1-24 53248]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2010-1-23 21144]

R1 atapint;atapint;c:\windows\system32\drivers\atapint.sys [2010-3-17 18944]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-7 54760]

S1 asyncm2k;asyncm2k;c:\windows\system32\drivers\asyncm2k.sys --> c:\windows\system32\drivers\asyncm2k.sys [?]

S2 KAVSafe;KAVSafe;\??\c:\windows\system32\drivers\kavsafe.sys --> c:\windows\system32\drivers\KAVSafe.sys [?]

S3 cpuz130;cpuz130;\??\c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 cpuz132;cpuz132;\??\c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2010-1-24 714240]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]

=============== Created Last 30 ================

2010-08-14 20:24:02 0 d-----w- c:\program files\Epson Software

2010-08-12 21:14:49 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-08-12 21:14:41 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2010-08-07 17:44:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Messenger Plus!

2010-08-07 17:39:27 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-08-07 17:35:21 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-08-07 16:45:43 0 d-----w- c:\program files\Messenger Plus! Live

2010-08-07 05:14:32 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MPK

2010-08-06 01:51:55 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters

2010-08-05 20:45:20 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure

2010-08-05 08:11:52 0 d-----w- c:\program files\Paint.NET

2010-08-05 06:19:54 0 d-----r- C:\AHCache

2010-08-04 21:56:04 0 d-----w- c:\windows\system32\wbem\snmp

2010-08-04 21:56:03 0 d-----w- c:\windows\srchasst

2010-08-04 21:56:01 0 d-----w- c:\windows\system32\xircom

2010-08-04 21:56:01 0 d-----w- c:\program files\msn gaming zone

2010-08-04 21:55:59 0 d-----w- c:\windows\system32\inetsrv

2010-08-04 21:55:59 0 d-----w- c:\windows\msagent

2010-08-04 19:32:50 0 d-sha-r- C:\cmdcons

2010-08-04 19:29:27 98816 ----a-w- c:\windows\sed.exe

2010-08-04 19:29:27 77312 ----a-w- c:\windows\MBR.exe

2010-08-04 19:29:27 256512 ----a-w- c:\windows\PEV.exe

2010-08-04 19:29:27 161792 ----a-w- c:\windows\SWREG.exe

2010-08-03 02:25:16 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-08-01 21:53:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-01 17:48:24 0 ----a-w- c:\documents and settings\user\defogger_reenable

2010-08-01 17:30:24 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat

2010-08-01 01:20:31 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes

2010-07-31 23:54:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-31 23:27:28 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-07-31 23:26:32 0 d-----w- c:\program files\Pando Networks

2010-07-31 23:26:32 0 d-----w- c:\program files\Monopoly City

2010-07-31 23:26:32 0 d-----w- c:\program files\Fizzy

2010-07-31 23:26:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files

2010-07-31 23:26:27 0 d-----w- c:\windows\Virtual Families

2010-07-31 23:26:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Cached Installations

2010-07-31 23:26:25 0 d-----w- c:\docume~1\user\applic~1\SpinTop

2010-07-31 23:26:22 0 d-----w- c:\windows\Diner Dash Flo Through Time

2010-07-31 22:24:20 0 d-----w- c:\windows\system32\XPSViewer

2010-07-31 19:32:43 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-07-31 19:32:42 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-30 22:19:38 0 d-----w- c:\windows\uninstall

2010-07-30 19:05:56 0 d-----w- c:\windows\system32\wbem\Repository

2010-07-29 19:08:31 0 d-----w- c:\program files\Cheat Engine

2010-07-27 20:58:41 224 ----a-w- c:\windows\system32\9B13A86D.plf

2010-07-27 04:12:18 0 d-----w- c:\docume~1\user\applic~1\Pogo

2010-07-27 04:12:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Pogo

2010-07-23 20:46:27 25 ----a-w- c:\windows\popcinfot.dat

2010-07-23 06:09:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia

2010-07-23 06:08:26 19 ----a-w- c:\windows\popcinfo.dat

2010-07-22 16:54:07 0 d-----w- C:\Desktop

2010-07-22 16:08:09 642 ----a-w- c:\windows\system32\runkgb.lnk

==================== Find3M ====================

2010-08-03 20:09:15 2589 -c--a-w- c:\windows\system32\comcat.dll

2010-07-23 06:07:40 737280 -c--a-w- c:\windows\iun6002.exe

2010-07-17 19:46:07 30912 -c-ha-w- c:\windows\system32\mlfcache.dat

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-28 19:30:41 15728 ----a-w- c:\windows\system32\drivers\bootsafe.sys

2010-06-28 19:30:32 24472 ----a-w- c:\windows\system32\drivers\bc.sys

2010-06-25 00:51:58 11077120 ----a-w- c:\windows\system32\dllcache\ieframe.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll

2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll

2010-06-24 12:22:01 611840 ------w- c:\windows\system32\dllcache\mstime.dll

2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll

2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll

2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll

2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll

2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys

2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-01 17:37:48 221568 -c----w- c:\windows\system32\MpSigStub.exe

============= FINISH: 22:13:03.11 ===============

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall Service Pack 3.

When that completes, restart your computer. Download Service Pack 3 from here:

http://www.microsoft.com/downloads/details...;displaylang=en

Ensure that all security programs are disabled, then install it. Restart your computer and run ComboFix again; post its log.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.