Jump to content

Recommended Posts

Hello,

I have caught one of the malwares, xp antivirus 2011 or something. I had dealt with malwares before using the malwarebytes program and everything was smooth but not this time. I tried running the full scan from a version of the program I had installed before on my pc, but it would just keep preparing the scan. I forced shut down on my computer and tried running the scan again, it then scanned stuff but it the scan kept going on and on and nothing infected was found for around 4 hours of the scan, so I figured it isn't really doing its job or somehow the malware is hiding from the scan detector. I tried downloading the newer version from the website, but the malware has blocked access to the download site so I opened a real player browser and downloaded using that (with much difficulty as my pc was slowed down to a 1000 year old turtle's pace). After downloading I tried running it but there is no response. The file seems like it opens at first but then nothing happens. Please help! I really need my pc to type stuff for school this week and it is the only one in my house. I really need this fixed as quickly as possible!

Link to post
Share on other sites

:welcome:

Please reboot your computer, press F8 or Del a couple times and Windows Advanced Options should appear. Select Safe Mode with Networking and press Enter.

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Link to post
Share on other sites

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2952)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\ASTSRV.EXE

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\zHotkey.exe

c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\SearchProtocolHost.exe

c:\windows\ALCWZRD.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2011-03-23 23:13:54 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-24 03:13

.

Pre-Run: 46,525,140,992 bytes free

Post-Run: 48,873,893,888 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 2FB163919E0727849FCFAE5FC985C5D8

That's the log, I see the 'Antivirus Antispyware 2011' still on my Programs and I am still unable to access the internet through Internet Explorer (my usual browser). What do I do next? I'm told repeatedly by this yellow triangle warning sign thing to run chkdsk utility. Should I go ahead and do that? Please let me know as soon as possible.

Link to post
Share on other sites

ComboFix 11-03-23.04 - Owner 03/23/2011 22:07:15.1.2 - x86

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\shs_setup_4059-354328.exe

c:\documents and settings\Owner\Application Data\Adobe\plugs

c:\documents and settings\Owner\Application Data\AntiVirus AntiSpyware 2011

c:\documents and settings\Owner\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe

c:\documents and settings\Owner\Application Data\AntiVirus AntiSpyware 2011\IcoActivate.ico

c:\documents and settings\Owner\Application Data\AntiVirus AntiSpyware 2011\IcoHelp.ico

c:\documents and settings\Owner\Application Data\AntiVirus AntiSpyware 2011\IcoUninstall.ico

c:\documents and settings\Owner\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe

c:\documents and settings\Owner\Application Data\AntiVirus AntiSpyware 2011\securitymanager.exe

c:\documents and settings\Owner\Application Data\inst.exe

c:\documents and settings\Owner\Local Settings\Application Data\odu.exe

c:\documents and settings\Owner\Start Menu\Programs\AntiVirus AntiSpyware 2011

c:\documents and settings\Owner\Start Menu\Programs\AntiVirus AntiSpyware 2011\Activate AntiVirus AntiSpyware 2011.lnk

c:\documents and settings\Owner\Start Menu\Programs\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware 2011.lnk

c:\documents and settings\Owner\Start Menu\Programs\AntiVirus AntiSpyware 2011\Help AntiVirus AntiSpyware 2011.lnk

c:\documents and settings\Owner\Start Menu\Programs\AntiVirus AntiSpyware 2011\How to Activate AntiVirus AntiSpyware 2011.lnk

c:\windows\ehanimifixejo.dll

c:\windows\mshzercz.dll

c:\windows\SET262.tmp

c:\windows\system32\_000003_.tmp.dll

c:\windows\system32\_000004_.tmp.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\_000010_.tmp.dll

c:\windows\system32\_000012_.tmp.dll

c:\windows\system32\_000013_.tmp.dll

c:\windows\system32\_000014_.tmp.dll

C:\xcrashdump.dat

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))

.

.

2011-03-21 09:51 . 2011-03-24 00:31 0 ----a-w- c:\windows\Scukiyema.bin

2011-03-21 09:51 . 2011-03-21 09:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{8F0DA111-CF99-46C5-9823-17298C7658F4}

2011-03-21 09:50 . 2011-03-21 09:50 118784 --sha-r- c:\windows\system32\rasautouh.dll

2011-03-21 09:49 . 2011-03-21 09:48 137728 ----a-w- c:\windows\Xgynaa.exe

2011-03-14 21:43 . 2011-03-14 21:43 -------- d-----w- c:\program files\Lame For Audacity

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-12 06:32 . 2007-10-22 07:16 73728 -c--a-w- c:\windows\ALCFDRTM.VER

2011-02-09 13:53 . 2004-08-26 16:12 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2004-08-26 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2004-08-26 18:00 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2004-08-26 16:12 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-26 16:11 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2007-09-02 02:39 1854976 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 68856]

"MsnMsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-07-26 3883856]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-12 1995512]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]

"CHotkey"="zHotkey.exe" [2004-05-18 543232]

"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]

"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

"AlcFDMonitor"="c:\windows\ALCFDRTM.EXE" [2009-04-15 73728]

"SoundMan"="SOUNDMAN.EXE" [2005-05-12 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-05-12 2805248]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-29 198160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

"Rogers SHS"="c:\program files\Rogers\SelfHealing\shs.exe" [2010-06-03 2736128]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 68856]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\dlbtcoms.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\DLBTPSWX.EXE"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2427:UDP"= 2427:UDP:iPhone

"2727:UDP"= 2727:UDP:iPhone

"135:TCP"= 135:TCP:TCP Port 135

"5000:TCP"= 5000:TCP:TCP Port 5000

"5001:TCP"= 5001:TCP:TCP Port 5001

"5002:TCP"= 5002:TCP:TCP Port 5002

"5003:TCP"= 5003:TCP:TCP Port 5003

"5004:TCP"= 5004:TCP:TCP Port 5004

"5005:TCP"= 5005:TCP:TCP Port 5005

"5006:TCP"= 5006:TCP:TCP Port 5006

"5007:TCP"= 5007:TCP:TCP Port 5007

"5008:TCP"= 5008:TCP:TCP Port 5008

"5009:TCP"= 5009:TCP:TCP Port 5009

"5010:TCP"= 5010:TCP:TCP Port 5010

"5011:TCP"= 5011:TCP:TCP Port 5011

"5012:TCP"= 5012:TCP:TCP Port 5012

"5013:TCP"= 5013:TCP:TCP Port 5013

"5014:TCP"= 5014:TCP:TCP Port 5014

"5015:TCP"= 5015:TCP:TCP Port 5015

"5016:TCP"= 5016:TCP:TCP Port 5016

"5017:TCP"= 5017:TCP:TCP Port 5017

"5018:TCP"= 5018:TCP:TCP Port 5018

"5019:TCP"= 5019:TCP:TCP Port 5019

"5020:TCP"= 5020:TCP:TCP Port 5020

.

R0 hobrnvd;hobrnvd;c:\windows\System32\drivers\riqpyx.sys [x]

R3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\DRIVERS\USB100TX.sys [2005-04-19 26368]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1108000.005\SYMDS.SYS [2009-08-30 328752]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1108000.005\SYMEFA.SYS [2010-04-22 173104]

S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [2010-11-23 691248]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1108000.005\ccHPx86.sys [2010-02-26 501888]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1108000.005\Ironx86.SYS [2010-04-29 116784]

S2 CVCompressionService;CVision Compression Service;c:\program files\CVision\Services\CVCompressionService.exe [2009-08-18 495616]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-04 103280]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [2009-08-24 126392]

S2 RogersSelfHelpService;Rogers SHS Service;c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2010-06-03 139264]

S2 RogersUpdateManager;Rogers Update Manager;c:\program files\Rogers\Update Manager\RogersUpdateManager.exe [2008-07-28 169992]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20110117.001\IDSxpx86.sys [2010-11-09 341944]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-01 00:51]

.

2011-03-24 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

- c:\windows\Xgynaa.exe [2011-03-21 09:48]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

FF - ProfilePath -

.

.

------- File Associations -------

.

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{4E7BD74F-2B8D-469E-BBDC-CC39F0D3F960} - (no file)

HKCU-Run-ares - c:\program files\Ares\Ares.exe

HKCU-Run-BeFree4iPhone - c:\program files\E.W.E.-Software\Befree4iPhone\befree4iphone.exe

HKCU-Run-Wlawihevurija - c:\windows\mshzercz.dll

HKCU-Run-AntiVirus AntiSpyware 2011 - c:\documents and settings\Owner\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe

HKLM-Run-Pcilerutewo - c:\windows\ehanimifixejo.dll

AddRemove-AntiVirus AntiSpyware 2011 - c:\documents and settings\Owner\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-23 22:48

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2952)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\ASTSRV.EXE

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\zHotkey.exe

c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\SearchProtocolHost.exe

c:\windows\ALCWZRD.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2011-03-23 23:13:54 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-24 03:13

.

Pre-Run: 46,525,140,992 bytes free

Post-Run: 48,873,893,888 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 2FB163919E0727849FCFAE5FC985C5D8

I ran chkdsk utility and now I can use internet explorer. So that looks like a good sign, but Antivirus Antispyware 2011 still seems to be in my Programs list.

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\Scukiyema.bin
c:\windows\system32\rasautouh.dll
c:\windows\Xgynaa.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please update mbam and run a quick scan. In your next reply, please include the mbam log along with ComboFix log. Thanks

Link to post
Share on other sites

Here's what I've done so far:

I've downloaded and ran ComboFix, followed its prompts, let it do its thing. I ran Chkdsk utility as I got repeated prompts asking me to do so, so when I restarted my computer, I noticed chkdsk doing its thing and thats that. I updated and ran malwarebytes twice. I also downloaded Symnatec Antivirus from my school's website as it is free for us and it detected and deleted some stuff. My PC looks clean and all the annoying crap seems to be gone but I don't know for sure as I'm no expert. Now, I've done the above drag and drop Combofix thing. The following are two MBAM logs and the latest ComboFix log.

MBAM log 1:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6162

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

3/25/2011 4:38:03 AM

mbam-log-2011-03-25 (04-38-03).txt

Scan type: Quick scan

Objects scanned: 180820

Time elapsed: 21 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\2SPI9KEA4C (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\A9YA3MI1CF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\rasautouh.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.

c:\WINDOWS\Xgynaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\start menu\Programs\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\application data\microsoft\internet explorer\quick launch\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

------------------------------------

MBAM log 2:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6162

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

3/26/2011 1:44:07 AM

mbam-log-2011-03-26 (01-44-07).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|I:\|J:\|K:\|)

Objects scanned: 320036

Time elapsed: 3 hour(s), 27 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 11

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Owner\application data\Sun\Java\deployment\cache\6.0\45\62cc40ad-1d0ded4f (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\my documents\Apps\vremamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\my documents\Apps\vremover.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\my documents\Apps\microsoft.office.2007.enterprise.keygen.only-microsoft\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\my documents\Apps\Keygen\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\program files\Sony\dvd architect pro 4.5\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\documents and settings\Owner\local settings\application data\odu.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\documents and settings\Owner\local settings\application data\ulo.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\qoobox\quarantine\c\windows\mshzercz.dll.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP721\A0280454.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\system volume information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP721\A0280460.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

-------------------------------

Latest ComboFix log:

ComboFix 11-03-25.01 - Owner 03/26/2011 2:29.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.224 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

FILE ::

"c:\windows\Scukiyema.bin"

"c:\windows\system32\rasautouh.dll"

"c:\windows\Xgynaa.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\Local Settings\Application Data\{8F0DA111-CF99-46C5-9823-17298C7658F4}

c:\documents and settings\Owner\Local Settings\Application Data\{8F0DA111-CF99-46C5-9823-17298C7658F4}\chrome.manifest

c:\documents and settings\Owner\Local Settings\Application Data\{8F0DA111-CF99-46C5-9823-17298C7658F4}\chrome\content\_cfg.js

c:\documents and settings\Owner\Local Settings\Application Data\{8F0DA111-CF99-46C5-9823-17298C7658F4}\chrome\content\overlay.xul

c:\documents and settings\Owner\Local Settings\Application Data\{8F0DA111-CF99-46C5-9823-17298C7658F4}\install.rdf

c:\windows\Scukiyema.bin

.

.

((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))

.

.

2011-03-26 02:49 . 2011-03-26 02:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec

2011-03-26 02:32 . 2011-03-26 02:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-03-26 02:32 . 2011-03-26 02:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-03-26 02:19 . 2011-03-26 02:33 -------- d-----w- c:\program files\Symantec

2011-03-14 21:43 . 2011-03-14 21:43 -------- d-----w- c:\program files\Lame For Audacity

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-12 06:32 . 2007-10-22 07:16 73728 -c--a-w- c:\windows\ALCFDRTM.VER

2011-02-09 13:53 . 2004-08-26 16:12 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2004-08-26 16:11 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2004-08-26 18:00 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2004-08-26 18:00 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2004-08-26 16:12 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2004-08-26 16:11 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2007-09-02 02:39 1854976 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 68856]

"MsnMsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2009-07-26 3883856]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-12 1995512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]

"CHotkey"="zHotkey.exe" [2004-05-18 543232]

"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]

"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 290816]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

"AlcFDMonitor"="c:\windows\ALCFDRTM.EXE" [2009-04-15 73728]

"SoundMan"="SOUNDMAN.EXE" [2005-05-12 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-05-12 2805248]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-29 198160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 68856]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\dlbtcoms.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\DLBTPSWX.EXE"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2427:UDP"= 2427:UDP:iPhone

"2727:UDP"= 2727:UDP:iPhone

"135:TCP"= 135:TCP:TCP Port 135

"5000:TCP"= 5000:TCP:TCP Port 5000

"5001:TCP"= 5001:TCP:TCP Port 5001

"5002:TCP"= 5002:TCP:TCP Port 5002

"5003:TCP"= 5003:TCP:TCP Port 5003

"5004:TCP"= 5004:TCP:TCP Port 5004

"5005:TCP"= 5005:TCP:TCP Port 5005

"5006:TCP"= 5006:TCP:TCP Port 5006

"5007:TCP"= 5007:TCP:TCP Port 5007

"5008:TCP"= 5008:TCP:TCP Port 5008

"5009:TCP"= 5009:TCP:TCP Port 5009

"5010:TCP"= 5010:TCP:TCP Port 5010

"5011:TCP"= 5011:TCP:TCP Port 5011

"5012:TCP"= 5012:TCP:TCP Port 5012

"5013:TCP"= 5013:TCP:TCP Port 5013

"5014:TCP"= 5014:TCP:TCP Port 5014

"5015:TCP"= 5015:TCP:TCP Port 5015

"5016:TCP"= 5016:TCP:TCP Port 5016

"5017:TCP"= 5017:TCP:TCP Port 5017

"5018:TCP"= 5018:TCP:TCP Port 5018

"5019:TCP"= 5019:TCP:TCP Port 5019

"5020:TCP"= 5020:TCP:TCP Port 5020

.

R2 CVCompressionService;CVision Compression Service;c:\program files\CVision\Services\CVCompressionService.exe [10/13/2009 2:59 AM 495616]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [12/16/2009 6:54 PM 103280]

R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [12/16/2009 6:54 PM 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/25/2011 10:57 PM 102448]

S0 hobrnvd;hobrnvd;c:\windows\system32\drivers\riqpyx.sys --> c:\windows\system32\drivers\riqpyx.sys [?]

S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [9/1/2007 10:24 PM 26368]

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-26 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-01 00:51]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-Symantec Antvirus

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-26 02:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2011-03-26 02:58:05

ComboFix-quarantined-files.txt 2011-03-26 06:57

ComboFix2.txt 2011-03-25 11:40

ComboFix3.txt 2011-03-24 03:13

.

Pre-Run: 49,795,792,896 bytes free

Post-Run: 49,803,051,008 bytes free

.

- - End Of File - - 4D396935D9C33580779FB0BD8E35E833

Link to post
Share on other sites

Actually scratch my last post. I just got attacked again by XP Home Security. I can't run MBAM and ComboFix keeps giving me error messages and basically nothing happens after that. The Symnatec Antivirus I installed gets turned off and so does the Automatic Updates and Firewall. My Internet connection is also turned off (typing from iPhone now). What should I do now? Please let me know what the next step should be. I'm not even visiting weird sites, just surfing on msn.com and suddenly getting those pop up dialogue bodes telling me my system has been hijacked and this system scan thing pops up telling me my system is infected and I need to register now. I don't know why this is happening, it's really annoying me! Sorry for ranting and replying to my own topic. I really need urgent help regarding this matter!

Sorry for

Link to post
Share on other sites

  • 5 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.