panfriedhardrive Posted December 18, 2010 ID:362787 Share Posted December 18, 2010 I'm new to malwarebytes forums and my computer has been really messed up lately. I'll get rid of three fourths of all the infections and then they all come back. I curreently have: Malware.Packer.Gen, Backdoor.Bifrose, Worm.Spambot, Trojan.Spambot, Bifrose.Trace, Backdoor.Bot, Virus.Sality, and there are multiple of all listed. I ran ComboFix which will take a lot of them out but then they all come back. Here is the log for my scan with ComboFix. Thanks.ComboFix 10-12-18.01 - Administrator 12/18/2010 16:14:08.3.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.461 [GMT -5:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Autorun.infc:\windows\system\javapc.dll.---- Previous Run -------.C:\Autorun.infc:\windows\system\java.exec:\windows\system\javapc.dll.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_ASC3360PR-------\Service_amsint32-------\Service_asc3360pr-------\Legacy_ASC3360PR-------\Service_amsint32-------\Service_asc3360pr((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 ))))))))))))))))))))))))))))))).2010-12-18 03:49 . 2010-12-18 03:52 -------- d-----w- c:\program files\Active PC Optimizer2010-12-18 02:48 . 2010-12-18 02:48 -------- d-----w- c:\program files\SUPERAntiSpyware2010-12-18 02:30 . 2010-02-22 15:37 147456 ----a-w- c:\windows\system\java.exe2010-12-17 18:59 . 2010-12-17 18:59 7475200 ----a-w- c:\windows\system32\rmslt.nt2010-12-17 18:38 . 2010-12-17 18:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert2010-12-17 17:14 . 2010-12-17 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure2010-12-17 17:14 . 2010-12-17 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\ParetoLogic2010-12-17 17:13 . 2010-12-17 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic2010-12-17 04:18 . 2010-12-17 04:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment2010-12-15 22:12 . 2010-12-15 22:24 -------- d-----w- c:\windows\system32\MpEngineStore2010-12-14 21:41 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2010-12-12 22:33 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-12-12 22:33 . 2010-12-12 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-12-12 22:33 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-12-10 17:55 . 2010-12-15 21:55 -------- d-----w- c:\program files\Microsoft IntelliType Pro2010-12-10 17:33 . 2010-12-10 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles2010-12-10 17:15 . 2010-09-11 06:46 887912 ----a-w- c:\windows\system32\nvdispco32.dll2010-12-10 17:15 . 2010-09-11 06:46 813672 ----a-w- c:\windows\system32\nvgenco32.dll2010-12-09 03:58 . 2010-12-09 03:58 -------- d-----w- c:\program files\Bonjour2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll2010-12-09 03:43 . 2010-12-09 03:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll2010-12-08 17:31 . 2010-12-08 23:46 -------- d--h--w- c:\windows\msdownld.tmp2010-12-08 14:05 . 2010-12-08 14:05 -------- d-----w- c:\program files\Common Files\xing shared2010-12-08 14:04 . 2010-12-08 14:05 -------- d-----w- c:\program files\real2010-12-08 01:33 . 2010-12-08 01:33 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\SoftGrid Client2010-12-08 01:33 . 2010-12-08 11:58 -------- d-----w- c:\documents and settings\Guest\Application Data\SoftGrid Client2010-12-01 16:59 . 2010-12-01 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-12-18 21:31 . 2010-03-02 18:53 9216 ----a-w- c:\windows\base64.exe2010-12-16 00:03 . 2009-05-15 13:02 90112 ----a-w- c:\windows\DUMP606f.tmp2010-12-14 22:20 . 2007-04-09 16:32 93696 ----a-w- c:\windows\system32\Ctxfihlp.exe2010-12-08 14:05 . 2006-07-11 22:35 348160 ----a-w- c:\windows\system32\msvcr71.dll2010-11-18 18:12 . 2009-05-15 17:49 81920 ----a-w- c:\windows\system32\isign32.dll2010-11-15 22:20 . 2010-11-15 22:20 138 ---ha-w- c:\documents and settings\Administrator\Application Data\lakerda1967.sys2010-11-15 22:20 . 2010-11-15 22:20 360580 ----a-w- c:\windows\eSellerateEngine.dll2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec2010-11-02 15:17 . 2009-05-18 13:50 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll2010-10-26 13:25 . 2009-05-18 13:50 1853312 ----a-w- c:\windows\system32\win32k.sys2010-10-21 22:44 . 2010-11-10 19:15 438976 ----a-w- c:\windows\system32\Mshflxgd.ocx2010-10-21 22:44 . 2010-11-10 19:15 212240 ----a-w- c:\windows\system32\Richtx32.ocx2010-10-21 22:44 . 2010-11-10 19:15 196608 ----a-w- c:\windows\system32\Utility.dll2010-10-21 22:44 . 2010-11-10 19:15 117507 ----a-w- c:\windows\system32\msinet.ocx2010-10-21 22:44 . 2010-11-10 19:15 139264 ----a-w- c:\windows\system32\gswin32c.exe2010-10-19 20:51 . 2010-11-04 17:28 222080 ------w- c:\windows\system32\MpSigStub.exe2010-10-12 15:11 . 2010-10-01 17:33 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-27 39408]"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 200192]"ares"="c:\program files\Ares\Ares.exe" [2010-07-21 4185088]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 458752]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 278528]"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 139264]"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 114688]"SetDefPrt"="c:\program files\Brother\Brmfl05b\BrStDvPt.exe" [2005-01-26 122880]"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2010-12-14 1081344]"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 126976]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1028096]"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 147456]"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [2010-12-14 122880]"ScanSoft PDF Professional 4-reminder"="c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe" [2006-11-16 107520]"CTxfiHlp"="CTXFIHLP.EXE" [2010-12-14 93696]"CTHelper"="CTHELPER.EXE" [2009-06-23 89088]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 330256]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 136192]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 242688]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 99840]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 1004544]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1159168]"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-08 274608]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 495616]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-09-11 110696]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-09-11 13851752]"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1824256]"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-03-26 1433600][HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"shdocvw"="wscript.exe" [2008-05-08 155648]c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 393216]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-19 884736]QuickBooks Delivery Agent.lnk - c:\program files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe [2009-5-25 192512]Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2007-12-14 6991872][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]"AntiVirusOverride"=dword:00000001"AntiVirusDisableNotify"=dword:00000001"FirewallDisableNotify"=dword:00000001"FirewallOverride"=dword:00000001"UpdatesDisableNotify"=dword:00000001"UacDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableNotifications"= 1 (0x1)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\WINDOWS\\system32\\mrtMngr.EXE"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"="c:\\program files\\real\\realplayer\\RealPlay.exe"="c:\\Program Files\\Microsoft IntelliType Pro\\itype.exe"="c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"="c:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe"="c:\\Program Files\\Brother\\Brmfl05b\\BrStDvPt.exe"="c:\\Program Files\\Ares\\Ares.exe"="c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"="c:\\Program Files\\Intuit\\QuickBooks\\Components\\QBAgent\\QBDAgent.exe"="c:\\WINDOWS\\system\\java.exe"="c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"="c:\\Program Files\\Google\\Update\\1.2.183.39\\GoogleCrashHandler.exe"="c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"="c:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"="c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"="c:\\WINDOWS\\stsystra.exe"="c:\\Program Files\\iTunes\\iTunesHelper.exe"="c:\\Program Files\\Microsoft IntelliType Pro\\dpupdchk.exe"="c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\1.2.183.39\\GoogleCrashHandler.exe"="c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"="c:\\Program Files\\Linksys\\WUSB600N\\WUSB600N.exe"="c:\\Program Files\\Common Files\\Logishrd\\KHAL2\\KHALMNPR.EXE"="c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"="c:\\Program Files\\NVIDIA Corporation\\nView\\nwiz.exe"="c:\\Program Files\\Logitech\\SetPoint\\SetPoint.exe"="c:\\WINDOWS\\system32\\CTHELPER.EXE"="c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DW20.EXE"="c:\\USBStorage\\USBDetector.exe"="c:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe"="c:\\Program Files\\Logitech\\SetPoint\\LU\\LULnchr.exe"="c:\\Documents and Settings\\Administrator\\Desktop\\ComboFix.exe"="c:\\WINDOWS\\system32\\cmd.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [5/19/2009 12:53 PM 45824]R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688]R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 4:25 PM 14080]R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 4:25 PM 36352]R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 12:34 PM 99352]R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 12:34 PM 555032]R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [6/23/2009 12:36 PM 18840]R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 12:34 PM 566296]R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [5/19/2009 12:53 PM 56960]R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [5/19/2009 4:32 AM 91830]R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432]R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768]R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 4:25 PM 77056]S1 khichjfa;khichjfa;\??\c:\windows\system32\drivers\khichjfa.sys --> c:\windows\system32\drivers\khichjfa.sys [?]S1 tuptnchl;tuptnchl;\??\c:\windows\system32\drivers\tuptnchl.sys --> c:\windows\system32\drivers\tuptnchl.sys [?]S1 xugkgpwf;xugkgpwf;\??\c:\windows\system32\drivers\xugkgpwf.sys --> c:\windows\system32\drivers\xugkgpwf.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/28/2010 12:22 AM 212480]S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [5/15/2009 1:51 PM 20160]S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [6/23/2009 12:34 PM 99352]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/29/2009 10:13 PM 157184]S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [6/23/2009 12:34 PM 555032]S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 12:35 PM 100888]S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [6/23/2009 12:35 PM 100888]S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [6/23/2009 12:34 PM 566296]S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4710912]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]--- Other Services/Drivers In Memory ---*NewlyCreated* - ASC3360PR[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]WINRM REG_MULTI_SZ WINRM[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder2010-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 05:22]2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 05:22]2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-220523388-839522115-500Core.job- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 04:27]2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-220523388-839522115-500UA.job- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-24 04:27]2010-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-220523388-839522115-500.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]2010-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-220523388-839522115-500.job- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{DE3F6AD8-35DF-4765-8202-9AB46C8BB149}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comIE: Copy to &Lightning Note - c:\program files\WordPerfect Lightning\Programs\WPLightningCopyToNote.htaIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.htmlIE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.htaDPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-12-18 16:29Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\RunCTxfiHlp = CTXFIHLP.EXE? CTHelper = CTHELPER.EXE? scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-1645522239-220523388-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,e4,ad,53,a1,b5,3c,48,a3,76,59,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,e4,ad,53,a1,b5,3c,48,a3,76,59,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(504)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dllc:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLLc:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dllc:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dllc:\program files\common files\logitech\bluetooth\LBTWlgn.dllc:\program files\common files\logitech\bluetooth\LBTServ.dll- - - - - - - > 'explorer.exe'(2448)c:\windows\system32\WININET.dllc:\windows\system32\ctagent.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\nvsvc32.exec:\windows\system32\brsvc01a.exec:\program files\Creative\Shared Files\CTAudSvc.exec:\windows\system32\brss01a.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\windows\system32\CTsvcCDA.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\PSIService.exec:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\windows\system32\MsPMSPSv.exec:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\windows\stsystra.exec:\windows\system32\CTHELPER.EXEc:\windows\system32\RUNDLL32.EXEc:\program files\iPod\bin\iPodService.exec:\windows\system32\mrtMngr.EXEc:\windows\system\java.exec:\program files\real\realplayer\RealPlay.exe.**************************************************************************.Completion time: 2010-12-18 16:36:38 - machine was rebootedComboFix-quarantined-files.txt 2010-12-18 21:36ComboFix2.txt 2010-12-17 17:04Pre-Run: 54,478,782,464 bytes freePost-Run: 54,561,247,232 bytes free- - End Of File - - F4BA7FE55C20F810C47F99FCC5D2EC33 Link to post Share on other sites More sharing options...
panfriedhardrive Posted December 20, 2010 Author ID:363190 Share Posted December 20, 2010 bump Link to post Share on other sites More sharing options...
Staff screen317 Posted December 21, 2010 Staff ID:363666 Share Posted December 21, 2010 Hi and welcome to Malwarebytes.I'm afraid I have some very bad news...Sality is what we call a file-infector.These are particularly malicious, in that they infect all of your legitimate programs.The problem is... the virus is very buggy, so it does not do a good job of infecting your files, so any attempt to disinfect and possibly save your files would be futile, in that, due to the buggy virus, we cannot properly disinfect your files.What I highly recommend now is a reformat and a reinstallation of Windows XP.Please let me know if you are prepared to do so.You may backup and save all files except programs (meaning pictures and documents are okay), because if you backup any applications, they will transfer to your clean system, and you will be reinfected.-screen317 Link to post Share on other sites More sharing options...
panfriedhardrive Posted December 21, 2010 Author ID:363983 Share Posted December 21, 2010 If I were to take it into the shop and pay for them to fix it would they tell me the same thing? The reason being this is the family computer and my uncle wants me to take it into a shop. I would prefer to fix it myself and save the money, I currently do not have my xp cd but I do have my xp upgrade cd to upgrade to windows xp professional. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 22, 2010 Staff ID:364304 Share Posted December 22, 2010 The shop would format it for you and charge you for it most likely. You should be able to do it yourself with your XP Pro CD. Link to post Share on other sites More sharing options...
panfriedhardrive Posted December 23, 2010 Author ID:364393 Share Posted December 23, 2010 okay, thanks. can you give me a list of procedures that I can print out and follow and if I have any other oroblems I can get on my laptop and ask you. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 24, 2010 Staff ID:364896 Share Posted December 24, 2010 Sure,Microsoft's writeup here does a good job of explaining the procedures:http://support.microsoft.com/kb/313348If anything is unclear, please let me know. Link to post Share on other sites More sharing options...
Staff screen317 Posted January 22, 2011 Staff ID:377732 Share Posted January 22, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts