|
|
|
Micro AntiVirus Pro 2009 - Help!!
|
|
|
oryfan
Newbie
|
14. November 2008 @ 13:46 |
Link to this message
|
I went to bed night before last and my computer installed some updates before shutting down. I woke up the next morning and after a while of surfing I disabled my firewall to check something out in itunes. Suddenly my computer restarts and keeps trying to install AV Pro. I couldn't get norton or to open. So I ran a trojan remover, AF cleaner, Avast (which seemed to load more spyware than I had to begin with), Combo Fix, and Hijackthis. It's seems everythign is back to normal after running combo fix. The installer is gone. Could someone take a look at my logs?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:55 PM, on 11/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\nda.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netscape.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20051...all/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.cinemanow.com/dlControl_3_3.CAB
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/8102-b424h/rnl/java/RntX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - AppInit_DLLs: karna.dat fptane.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 9468 bytes
And this is the log from combo-fix (I ran this before hijackthis)
ComboFix 08-11-12.02 - HP_Owner 2008-11-14 13:00:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.132 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\My Documents\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Owner\Application Data\gadcom
c:\documents and settings\HP_Owner\Application Data\gadcom\gadcom.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\dokeqat.db
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\ibiqogywun._dl
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\ufuwa.db
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\upopisima.bat
c:\program files\GetModule
c:\program files\GetModule\GetModule27.exe
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\windows\brastk.exe
c:\windows\IA
c:\windows\IE4 Error Log.txt
c:\windows\system32\bhmodl.dll
c:\windows\system32\bqyykcid.dll
c:\windows\system32\brastk.exe
c:\windows\system32\cdpavqsn.ini
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\egjlm.bak2
c:\windows\system32\egjlm.ini
c:\windows\system32\egjlm.ini2
c:\windows\system32\egjlm.tmp
c:\windows\system32\fptane.dll
c:\windows\system32\iowsnvxv.ini
c:\windows\system32\mlJYropP.dll
c:\windows\system32\mlJYrspm.dll
c:\windows\system32\mpsrYJlm.ini
c:\windows\system32\mpsrYJlm.ini2
c:\windows\system32\msansspc.dll
c:\windows\system32\nnnmnkHY.dll
c:\windows\system32\nsqvapdc.dll
c:\windows\system32\ps.a3d
c:\windows\system32\qxqflbsr.dll
c:\windows\system32\TDSShrxr.dll
c:\windows\system32\TDSSkkbi.log
c:\windows\system32\TDSSlrvd.dat
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSrtqp.dll
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\wini1087100.exe
c:\windows\system32\wini10894.exe
c:\windows\system32\WinNB55.dll
c:\windows\system32\wpv261226639170.cpx
c:\windows\wiaserviv.log
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))
.
2008-11-14 02:22 . 2008-11-14 02:22 <DIR> d-------- c:\program files\Trend Micro
2008-11-14 00:40 . 2008-11-14 00:40 <DIR> d-------- c:\program files\Alwil Software
2008-11-14 00:35 . 2008-11-14 00:35 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\GetModule
2008-11-14 00:35 . 2008-11-14 00:35 18,432 --a------ c:\documents and settings\HP_Owner\~.exe
2008-11-14 00:22 . 2008-11-14 00:23 <DIR> d-------- c:\program files\Trojan Remover
2008-11-14 00:22 . 2008-11-14 00:22 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Simply Super Software
2008-11-14 00:22 . 2008-11-14 00:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-14 00:22 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-14 00:22 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-14 00:22 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-14 00:22 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-14 00:22 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-13 18:23 . 2008-11-13 18:23 1,689 --a------ c:\windows\Sysvxd.exe
2008-11-13 16:35 . 2008-11-13 16:35 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2008-11-13 15:57 . 2008-11-13 16:13 <DIR> d-------- c:\program files\RogueRemover FREE
2008-11-13 15:34 . 2008-11-13 15:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-13 15:18 . 2008-11-13 15:18 <DIR> d-------- c:\windows\system32\drivers\NAV
2008-11-13 15:18 . 2008-11-13 15:18 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-13 13:47 . 2008-11-13 13:47 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-13 13:47 . 2008-11-13 13:47 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-13 13:46 . 2008-11-13 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-13 13:41 . 2008-11-13 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings
2008-11-13 12:54 . 2008-11-13 12:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-13 10:51 . 2008-11-13 23:52 10,752 --a------ c:\windows\brastk.exe.vir
2008-11-13 10:33 . 2008-11-13 10:33 19,262 --a------ c:\windows\gufih.scr
2008-11-13 10:33 . 2008-11-13 10:33 18,973 --a------ c:\documents and settings\All Users\Application Data\likyqe.com
2008-11-13 10:33 . 2008-11-13 10:33 17,507 --a------ c:\windows\ipul.vbs
2008-11-13 10:33 . 2008-11-13 10:33 16,179 --a------ c:\windows\yrigehatik.dat
2008-11-13 10:33 . 2008-11-13 10:33 15,820 --a------ c:\documents and settings\HP_Owner\Application Data\acaw.exe
2008-11-13 10:33 . 2008-11-13 10:33 14,056 --a------ c:\windows\system32\ulik.pif
2008-11-13 10:33 . 2008-11-13 10:33 13,776 --a------ c:\documents and settings\HP_Owner\Application Data\kuvija.scr
2008-11-13 10:33 . 2008-11-13 10:33 12,638 --a------ c:\documents and settings\HP_Owner\Application Data\wudicex.sys
2008-11-13 10:33 . 2008-11-13 10:33 11,181 --a------ c:\windows\atalyzuk.com
2008-11-13 10:33 . 2008-11-13 10:33 10,826 --a------ c:\windows\system32\unybuvul.exe
2008-11-13 10:28 . 2008-11-13 07:56 156 --a------ c:\documents and settings\HP_Owner\delself.bat
2008-11-13 10:26 . 2008-11-13 23:52 10,752 --a------ c:\windows\system32\brastk.exe.vir
2008-11-13 08:16 . 2008-11-13 08:18 <DIR> d-------- C:\a84bebd03b14490a27
2008-11-13 08:16 . 2008-11-13 08:16 19,120 --a------ c:\windows\xasilufy.db
2008-11-13 08:16 . 2008-11-13 08:16 17,444 --a------ c:\windows\system32\puba.inf
2008-11-13 08:16 . 2008-11-13 08:16 16,964 --a------ c:\documents and settings\HP_Owner\Application Data\soma.exe
2008-11-13 08:16 . 2008-11-13 08:16 16,857 --a------ c:\windows\zutes._dl
2008-11-13 08:16 . 2008-11-13 08:16 16,561 --a------ c:\windows\obumer.sys
2008-11-13 08:16 . 2008-11-13 08:16 15,977 --a------ c:\windows\system32\ucalipe.db
2008-11-13 08:16 . 2008-11-13 08:16 14,351 --a------ c:\windows\dykasyw.dat
2008-11-13 08:16 . 2008-11-13 08:16 13,422 --a------ c:\program files\Common Files\cagyxake.reg
2008-11-13 08:16 . 2008-11-13 08:16 13,204 --a------ c:\windows\nodat.inf
2008-11-13 08:16 . 2008-11-13 08:16 12,937 --a------ c:\documents and settings\All Users\Application Data\awodawesad.bat
2008-11-13 08:16 . 2008-11-13 08:16 12,312 --a------ c:\windows\iqopop.com
2008-11-13 08:16 . 2008-11-13 08:16 11,210 --a------ c:\documents and settings\HP_Owner\Application Data\fonasy.com
2008-11-12 13:53 . 2008-09-04 09:15 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 13:53 . 2008-10-24 03:21 455,296 --a--c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-06 16:40 . 2008-11-14 00:26 <DIR> d-------- c:\program files\Common
2008-10-28 19:51 . 2008-10-28 19:51 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-10-28 19:46 . 2008-10-28 19:46 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-28 19:46 . 2008-10-28 19:48 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-24 11:21 . 2008-10-15 08:34 337,408 --a--c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 16:15 . 2008-08-14 02:11 2,189,184 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 16:15 . 2008-08-14 02:09 2,145,280 --a--c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 16:15 . 2008-08-14 01:33 2,066,048 --a--c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 16:15 . 2008-08-14 01:33 2,023,936 --a--c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 16:11 . 2008-09-08 02:41 333,824 --a--c--- c:\windows\system32\dllcache\srv.sys
2008-10-14 16:06 . 2008-09-15 04:12 1,846,400 --a--c--- c:\windows\system32\dllcache\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 20:55 4,124 ----a-w c:\windows\viassary-hp.reg
2008-11-14 09:25 --------- d-----w c:\program files\Puzzle Hero
2008-11-14 08:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-13 23:18 --------- d-----w c:\program files\Norton AntiVirus
2008-11-13 21:47 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2008-11-13 21:47 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-13 21:47 --------- d-----w c:\program files\Symantec
2008-11-13 18:33 11,869 ----a-w c:\program files\Common Files\rafadax.inf
2008-11-13 16:16 13,705 ----a-w c:\program files\Common Files\urezecyg._sy
2008-11-06 06:05 --------- d-----w c:\program files\LimeWire
2008-11-06 06:05 --------- d-----w c:\program files\Incomplete
2008-11-05 08:43 --------- d-----w c:\program files\ABC Amber LIT Converter
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2(2).dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-13 02:07 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-10-13 02:07 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-21 21:21 --------- d-----w c:\program files\InterActual
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-12 22:21 98,304 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\PluginCtrl.dll
2008-09-12 22:21 3,072 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\pchealthde.exe
2008-09-12 22:21 139,264 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\ContentUpdater.exe
2008-09-12 22:20 69,632 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\msxmlwrapper.dll
2008-09-12 22:20 5,632 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\GUI.dll
2008-09-12 22:20 4,096 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\winverifytrustwrapper.dll
2008-09-12 22:20 356,352 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\client_motkt.dll
2008-09-12 22:20 315,392 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\pchmsxml.dll
2008-09-12 22:20 307,200 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\pchnotify.exe
2008-09-12 22:20 282,624 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\clientutil52.dll
2008-09-12 22:20 213,089 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\motive.zip
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 02:34 0 ----a-w c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2005-09-26 16:47 424,685 --sh--w c:\windows\system\bilsp.bak1
2005-10-01 17:27 425,991 --sh--w c:\windows\system\bilsp.bak2
2005-10-01 22:56 182,819 --sh--w c:\windows\system\bilsp.ini2
2005-03-10 07:03 56 --sh--r c:\windows\system32\5383F6A747.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-17 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-08 1233800]
"VTTimer"="VTTimer.exe" [2004-10-22 c:\windows\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-08-11 36864]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 241664]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-09-17 200704]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-01-29 118784]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-11 16423]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat fptane.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 c:\program files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
--a------ 2005-09-11 17:04 937984 c:\program files\Athan\Athan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2005-11-16 14:38 3759104 c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-09-26 18:14 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\interMute\\SpySubtract\\SpySub.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\burst\\core-new1.1.3\\btdownloadheadless.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\burst\\core-shad0w5.7.6\\btdownloadheadless.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\FSCAgent.exe"=
"c:\\WINDOWS\\system32\\ClubBox.exe"=
"c:\\WINDOWS\\system32\\pdbox28.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule: tcp incoming
R0 SSI;SSI;c:\windows\system32\Drivers\SSI.SYS [2005-11-16 78336]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-13 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe [ ]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
S3 SPCP825K;Sunplus Serial port driver;c:\windows\system32\DRIVERS\SPCP825K.sys [ ]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -
BHO-{8FEF4547-2D46-4C6A-9CBF-F74CAC69D043} - c:\windows\system32\mlJYrspm.dll
BHO-{B0B3393C-62D1-44D8-ABF5-08E0F067F29E} - c:\windows\system32\mlJYropP.dll
HKCU-Run-zziz - c:\progra~1\COMMON~1\zziz\zzizm.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-GetModule27 - c:\program files\GetModule\GetModule27.exe
HKCU-Run-brastk - c:\windows\system32\brastk.exe
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-NAV - c:\documents and settings\HP_Owner\My Documents\NAV[1].2009.90.Days_Patch\NAV.2009.90.Days+Patch\NAV2009_16.0.exe
HKLM-Run-d8e99d0d - c:\windows\system32\nsqvapdc.dll
HKLM-Run-ClubBox - (no file)
ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)
ShellExecuteHooks-{B0B3393C-62D1-44D8-ABF5-08E0F067F29E} - c:\windows\system32\mlJYropP.dll
MSConfigStartUp-Antivirus Pro 2009 - c:\program files\AntivirusPro2009\AntivirusPro2009.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\2kx2aisv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://iheartlakorns.com/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 13:15:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ewido\security suite\ewidoctrl.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Musicmatch\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\HEWLET~1\HPORGA~1\bin\nda.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-11-14 13:27:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-14 21:27:27
Pre-Run: 29,661,110,272 bytes free
Post-Run: 30,181,736,448 bytes free
338 --- E O F --- 2008-11-13 16:18:06
Thanks in Advance!
|
|
Advertisement
|
 |
|
|
|
oryfan
Newbie
|
14. November 2008 @ 17:33 |
Link to this message
|
Addign a new Hijackthis log afer scanning with Panda Internet Security:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:49 PM, on 11/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\ApvxdWin.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE
c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\psimreal.exe
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netscape.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: WMP10ctrl - http://www.cinemanow.com/WMP10ctrl.CAB
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20051...all/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.cinemanow.com/dlControl_3_3.CAB
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.custhelp.com/8102-b424h/rnl/java/RntX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - AppInit_DLLs: karna.dat fptane.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 11726 bytes
|
Senior Member
|
15. November 2008 @ 07:52 |
Link to this message
|
Hi oryfan
Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.
Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.
Configuring Malwarebytes
? Click on the tab Settings.
? Make sure only these boxes are checked:
Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects
Updating Malwarebytes
? Click on the tab Update.
? Press the button Check for Updates
? Wait for Malwarebytes to be fully updated.
Scanning Time
? Click on the tab Scanner.
? Check Perform full scan and click on Scan
? Wait for the scan to complete, and then click on Show Results.
? Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.
Post A Log
? A text box will pop up after the removal process is over. Post the contents of the text here.
? If no text box pops up, launch Malwarebytes, and click on the tab Logs.
? The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
? Post the log here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
oryfan
Newbie
|
15. November 2008 @ 15:00 |
Link to this message
|
Thanks for your help! Here's my MBAM log
Malwarebytes' Anti-Malware 1.30
Database version: 1400
Windows 5.1.2600 Service Pack 3
11/15/2008 2:57:37 PM
mbam-log-2008-11-15 (14-57-37).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 193750
Time elapsed: 1 hour(s), 45 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 79
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.1 (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f553c18-15e6-4e5e-8f44-add50de754ed} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0409743c-e5e3-4bdd-9ec7-eff622530282} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40722371-e24c-4b36-8e76-010bb6c7185b} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{825c19d3-35ce-428f-876b-88e080466689} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/system32/nowstarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\HP_Owner\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\brastk.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fptane.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bhmodl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bqyykcid.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\brastk.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJYrspm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nsqvapdc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qxqflbsr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP746\A0205800.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP747\A0205803.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP747\A0205831.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP747\A0205832.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP748\A0206831.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP748\A0206832.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP748\A0207831.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP748\A0207832.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP750\A0207833.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP750\A0207834.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP750\A0208833.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP750\A0208834.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP750\A0209833.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP750\A0209834.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0209835.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0209836.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0210835.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0210836.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0210837.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0210838.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0210839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0210840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0211839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0211840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0212839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0212840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0213839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0213840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0214839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0214840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0215839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0216839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0216840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0217839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0217840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0218839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0218840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0219839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0219840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0220839.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0220840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0221844.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0221845.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0221847.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0221864.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0221877.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0215840.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP751\A0221846.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP752\A0221919.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222142.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222143.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222144.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222147.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222162.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222164.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222165.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0222166.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
|
Senior Member
|
16. November 2008 @ 00:24 |
Link to this message
|
|
Hey oryfan
Delete C:\Combofix.txt and run Combofix again. Post the new log here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
oryfan
Newbie
|
16. November 2008 @ 12:35 |
Link to this message
|
ComboFix 08-11-12.02 - HP_Owner 2008-11-16 12:06:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.94 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\My Documents\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.
2008-11-16 11:56 . 2008-11-16 11:56 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys
2008-11-15 13:08 . 2008-11-15 13:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 13:08 . 2008-11-15 13:08 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2008-11-15 13:08 . 2008-11-15 13:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-15 13:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 13:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-14 16:05 . 2008-11-16 12:05 8,627 --a------ c:\windows\system32\PAV_FOG.OPC
2008-11-14 15:54 . 2008-11-16 12:02 237,096 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-11-14 15:54 . 2008-11-16 12:02 237,096 --a------ c:\windows\system32\drivers\APPFCONT.DAT
2008-11-14 15:54 . 2008-06-18 16:06 193,792 --a------ c:\windows\system32\drivers\idsflt.sys
2008-11-14 15:54 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys
2008-11-14 15:54 . 2008-06-18 16:06 52,992 --a------ c:\windows\system32\drivers\dsaflt.sys
2008-11-14 15:54 . 2008-06-18 16:06 46,720 --a------ c:\windows\system32\drivers\wnmflt.sys
2008-11-14 15:54 . 2008-11-16 11:56 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-11-14 15:54 . 2008-11-16 11:56 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG
2008-11-14 15:54 . 2008-11-14 15:54 261 --a------ c:\windows\system32\PavCPL.dat
2008-11-14 15:53 . 2008-11-14 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Backup
2008-11-14 15:53 . 2008-07-11 14:58 158,848 --a------ c:\windows\system32\drivers\NETFLTDI.SYS
2008-11-14 15:53 . 2008-06-25 15:42 73,728 --a------ c:\windows\system32\drivers\APPFLT.SYS
2008-11-14 15:53 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\pavcpl.cpl
2008-11-14 15:53 . 2008-03-28 11:25 22,072 --a------ c:\windows\system32\drivers\fnetmon.sys
2008-11-14 15:52 . 2008-11-14 15:52 <DIR> d-------- c:\windows\system32\PAV
2008-11-14 15:52 . 2008-11-14 15:52 <DIR> d-------- c:\program files\Panda Security
2008-11-14 15:52 . 2008-11-14 15:52 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Panda Security
2008-11-14 15:52 . 2008-11-14 15:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Panda Security
2008-11-14 15:52 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll
2008-11-14 15:52 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll
2008-11-14 15:52 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys
2008-11-14 15:52 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll
2008-11-14 15:52 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL
2008-11-14 15:52 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll
2008-11-14 15:52 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\avldr.dll
2008-11-14 15:52 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\pavipc.dll
2008-11-14 15:49 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys
2008-11-14 15:49 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys
2008-11-14 15:49 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-14 15:35 . 2008-11-14 15:35 <DIR> d-------- c:\program files\Common Files\Panda Security
2008-11-14 14:58 . 2008-11-14 14:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-14 14:35 . 2008-11-14 15:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-14 14:27 . 2008-11-14 15:56 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-14 02:22 . 2008-11-14 02:22 <DIR> d-------- c:\program files\Trend Micro
2008-11-14 00:40 . 2008-11-14 00:40 <DIR> d-------- c:\program files\Alwil Software
2008-11-14 00:22 . 2008-11-14 00:23 <DIR> d-------- c:\program files\Trojan Remover
2008-11-14 00:22 . 2008-11-14 00:22 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Simply Super Software
2008-11-14 00:22 . 2008-11-14 00:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-14 00:22 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-14 00:22 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-14 00:22 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-14 00:22 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-14 00:22 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-13 18:23 . 2008-11-13 18:23 1,689 --a------ c:\windows\Sysvxd.exe
2008-11-13 16:35 . 2008-11-13 16:35 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2008-11-13 15:57 . 2008-11-13 16:13 <DIR> d-------- c:\program files\RogueRemover FREE
2008-11-13 15:34 . 2008-11-13 15:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-13 15:18 . 2008-11-13 15:18 <DIR> d-------- c:\windows\system32\drivers\NAV
2008-11-13 15:18 . 2008-11-13 15:18 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-13 13:46 . 2008-11-13 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-13 13:41 . 2008-11-13 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings
2008-11-13 12:54 . 2008-11-13 12:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-13 10:33 . 2008-11-13 10:33 19,262 --a------ c:\windows\gufih.scr
2008-11-13 10:33 . 2008-11-13 10:33 18,973 --a------ c:\documents and settings\All Users\Application Data\likyqe.com
2008-11-13 10:33 . 2008-11-13 10:33 17,507 --a------ c:\windows\ipul.vbs
2008-11-13 10:33 . 2008-11-13 10:33 16,179 --a------ c:\windows\yrigehatik.dat
2008-11-13 10:33 . 2008-11-13 10:33 15,820 --a------ c:\documents and settings\HP_Owner\Application Data\acaw.exe
2008-11-13 10:33 . 2008-11-13 10:33 14,056 --a------ c:\windows\system32\ulik.pif
2008-11-13 10:33 . 2008-11-13 10:33 13,776 --a------ c:\documents and settings\HP_Owner\Application Data\kuvija.scr
2008-11-13 10:33 . 2008-11-13 10:33 12,638 --a------ c:\documents and settings\HP_Owner\Application Data\wudicex.sys
2008-11-13 10:33 . 2008-11-13 10:33 11,181 --a------ c:\windows\atalyzuk.com
2008-11-13 10:33 . 2008-11-13 10:33 10,826 --a------ c:\windows\system32\unybuvul.exe
2008-11-13 08:16 . 2008-11-13 08:18 <DIR> d-------- C:\a84bebd03b14490a27
2008-11-13 08:16 . 2008-11-13 08:16 19,120 --a------ c:\windows\xasilufy.db
2008-11-13 08:16 . 2008-11-13 08:16 17,444 --a------ c:\windows\system32\puba.inf
2008-11-13 08:16 . 2008-11-13 08:16 16,964 --a------ c:\documents and settings\HP_Owner\Application Data\soma.exe
2008-11-13 08:16 . 2008-11-13 08:16 16,857 --a------ c:\windows\zutes._dl
2008-11-13 08:16 . 2008-11-13 08:16 16,561 --a------ c:\windows\obumer.sys
2008-11-13 08:16 . 2008-11-13 08:16 15,977 --a------ c:\windows\system32\ucalipe.db
2008-11-13 08:16 . 2008-11-13 08:16 14,351 --a------ c:\windows\dykasyw.dat
2008-11-13 08:16 . 2008-11-13 08:16 13,422 --a------ c:\program files\Common Files\cagyxake.reg
2008-11-13 08:16 . 2008-11-13 08:16 13,204 --a------ c:\windows\nodat.inf
2008-11-13 08:16 . 2008-11-13 08:16 12,937 --a------ c:\documents and settings\All Users\Application Data\awodawesad.bat
2008-11-13 08:16 . 2008-11-13 08:16 12,312 --a------ c:\windows\iqopop.com
2008-11-13 08:16 . 2008-11-13 08:16 11,210 --a------ c:\documents and settings\HP_Owner\Application Data\fonasy.com
2008-11-12 13:53 . 2008-09-04 09:15 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 13:53 . 2008-10-24 03:21 455,296 --a--c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-06 16:40 . 2008-11-14 00:26 <DIR> d-------- c:\program files\Common
2008-10-28 19:51 . 2008-10-28 19:51 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-10-28 19:46 . 2008-10-28 19:46 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-28 19:46 . 2008-10-28 19:48 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-24 11:21 . 2008-10-15 08:34 337,408 --a--c--- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 19:57 4,124 ----a-w c:\windows\viassary-hp.reg
2008-11-15 00:45 --------- d-----w c:\program files\Go-Go Gourmet
2008-11-15 00:45 --------- d-----w c:\program files\Diner Dash 2
2008-11-14 23:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-14 22:41 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Symantec
2008-11-14 09:25 --------- d-----w c:\program files\Puzzle Hero
2008-11-14 08:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-13 23:18 --------- d-----w c:\program files\Norton AntiVirus
2008-11-13 18:33 11,869 ----a-w c:\program files\Common Files\rafadax.inf
2008-11-13 16:16 13,705 ----a-w c:\program files\Common Files\urezecyg._sy
2008-11-06 06:05 --------- d-----w c:\program files\LimeWire
2008-11-06 06:05 --------- d-----w c:\program files\Incomplete
2008-11-05 08:43 --------- d-----w c:\program files\ABC Amber LIT Converter
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-13 02:07 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-10-13 02:07 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2008-09-21 21:21 --------- d-----w c:\program files\InterActual
2008-09-04 02:34 0 ----a-w c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat
2005-09-26 16:47 424,685 --sh--w c:\windows\system\bilsp.bak1
2005-10-01 17:27 425,991 --sh--w c:\windows\system\bilsp.bak2
2005-10-01 22:56 182,819 --sh--w c:\windows\system\bilsp.ini2
2005-03-10 07:03 56 --sh--r c:\windows\system32\5383F6A747.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-14_13.26.50.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-02-23 19:41:02 466,944 ----a-w c:\windows\system32\capicom.dll
+ 2007-04-11 19:11:20 511,328 ----a-w c:\windows\system32\capicom.dll
- 2008-01-29 19:01:28 16,168 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 21:12:54 15,464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 21:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 21:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
- 2008-01-29 19:02:30 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 21:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
- 2008-11-14 20:57:38 69,436 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-16 19:58:50 69,436 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-14 20:57:38 419,350 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-16 19:58:50 419,350 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-17 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-08 1233800]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2008-07-16 857344]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]
"VTTimer"="VTTimer.exe" [2004-10-22 c:\windows\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-08-11 36864]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 241664]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-09-17 200704]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-01-29 118784]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-11 16423]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat fptane.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 c:\program files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
--a------ 2005-09-11 17:04 937984 c:\program files\Athan\Athan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
--a------ 2005-11-16 14:38 3759104 c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-09-26 18:14 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\interMute\\SpySubtract\\SpySub.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\burst\\core-new1.1.3\\btdownloadheadless.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\burst\\core-shad0w5.7.6\\btdownloadheadless.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\FSCAgent.exe"=
"c:\\WINDOWS\\system32\\ClubBox.exe"=
"c:\\WINDOWS\\system32\\pdbox28.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule: tcp incoming
R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-06-19 28544]
R0 SSI;SSI;c:\windows\system32\Drivers\SSI.SYS [2005-11-16 78336]
R1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2008-06-25 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2008-06-18 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2008-03-28 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2008-06-18 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2008-07-11 14:58 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\Drivers\ShlDrv51.sys [2008-03-04 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2008-06-18 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda [ ]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-13 14336]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2008-02-07 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\PskSvc.exe [2008-06-25 28928]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe [ ]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2008-11-16 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-06-26 197888]
R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [ ]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
S3 SPCP825K;Sunplus Serial port driver;c:\windows\system32\DRIVERS\SPCP825K.sys [ ]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
*Newly Created Service* - COMFILTR
*Newly Created Service* - GTNDIS5
*Newly Created Service* - PSEXESVC
.
Contents of the 'Scheduled Tasks' folder
2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\2kx2aisv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://iheartlakorns.com/
.
.
------- File Associations -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 12:16:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-16 12:27:38
ComboFix-quarantined-files.txt 2008-11-16 20:27:32
Pre-Run: 27,978,694,656 bytes free
Post-Run: 29,467,779,072 bytes free
293 --- E O F --- 2008-11-13 16:18:06
|
Senior Member
|
16. November 2008 @ 22:21 |
Link to this message
|
Hey oryfan
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
Open Notepad and copy/paste the text in the code box below into it:
File::
c:\windows\gufih.scr
c:\documents and settings\All Users\Application Data\likyqe.com
c:\windows\ipul.vbs
c:\windows\yrigehatik.dat
c:\documents and settings\HP_Owner\Application Data\acaw.exe
c:\windows\system32\ulik.pif
c:\documents and settings\HP_Owner\Application Data\kuvija.scr
c:\documents and settings\HP_Owner\Application Data\wudicex.sys
c:\windows\atalyzuk.com
c:\windows\system32\unybuvul.exe
c:\windows\xasilufy.db
c:\windows\system32\puba.inf
c:\documents and settings\HP_Owner\Application Data\soma.exe
c:\windows\zutes._dl
c:\windows\obumer.sys
c:\windows\system32\ucalipe.db
c:\windows\dykasyw.dat
c:\program files\Common Files\cagyxake.reg
c:\windows\nodat.inf
c:\documents and settings\All Users\Application Data\awodawesad.bat
c:\windows\iqopop.com
c:\documents and settings\HP_Owner\Application Data\fonasy.com
c:\windows\viassary-hp.reg
c:\windows\system32\karna.dat
C:\WINDOWS\karna.dat
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
DirLook::
C:\a84bebd03b14490a27
? Save this as CFScript.txt in the same folder as ComboFix.
? Then drag the CFScript.txt into Combo-Fix.exe.
? This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).
Do not click on the ComoboFix window, as it may cause it to stall.
After that, zip this folder C:\Qoobox and upload it to http://www.uploadmalware.com/
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
oryfan
Newbie
|
17. November 2008 @ 13:09 |
Link to this message
|
I submitted the file and here's my log
ComboFix 08-11-12.02 - HP_Owner 2008-11-17 12:42:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.101 [GMT -8:00]
Running from: c:\documents and settings\HP_Owner\My Documents\combo\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\My Documents\combo\CFScript.txt
* Created a new restore point
FILE ::
c:\documents and settings\All Users\Application Data\awodawesad.bat
c:\documents and settings\All Users\Application Data\likyqe.com
c:\documents and settings\HP_Owner\Application Data\acaw.exe
c:\documents and settings\HP_Owner\Application Data\fonasy.com
c:\documents and settings\HP_Owner\Application Data\kuvija.scr
c:\documents and settings\HP_Owner\Application Data\soma.exe
c:\documents and settings\HP_Owner\Application Data\wudicex.sys
c:\program files\Common Files\cagyxake.reg
c:\windows\atalyzuk.com
c:\windows\dykasyw.dat
c:\windows\gufih.scr
c:\windows\ipul.vbs
c:\windows\iqopop.com
c:\windows\karna.dat
c:\windows\nodat.inf
c:\windows\obumer.sys
c:\windows\system32\karna.dat
c:\windows\system32\puba.inf
c:\windows\system32\ucalipe.db
c:\windows\system32\ulik.pif
c:\windows\system32\unybuvul.exe
c:\windows\viassary-hp.reg
c:\windows\xasilufy.db
c:\windows\yrigehatik.dat
c:\windows\zutes._dl
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\awodawesad.bat
c:\documents and settings\All Users\Application Data\likyqe.com
c:\documents and settings\HP_Owner\Application Data\acaw.exe
c:\documents and settings\HP_Owner\Application Data\fonasy.com
c:\documents and settings\HP_Owner\Application Data\kuvija.scr
c:\documents and settings\HP_Owner\Application Data\soma.exe
c:\documents and settings\HP_Owner\Application Data\wudicex.sys
c:\program files\Common Files\cagyxake.reg
c:\windows\atalyzuk.com
c:\windows\dykasyw.dat
c:\windows\gufih.scr
c:\windows\ipul.vbs
c:\windows\iqopop.com
c:\windows\nodat.inf
c:\windows\obumer.sys
c:\windows\system32\puba.inf
c:\windows\system32\ucalipe.db
c:\windows\system32\ulik.pif
c:\windows\system32\unybuvul.exe
c:\windows\viassary-hp.reg
c:\windows\xasilufy.db
c:\windows\yrigehatik.dat
c:\windows\zutes._dl
.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.
2008-11-16 11:56 . 2008-11-17 09:36 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys
2008-11-15 13:08 . 2008-11-15 13:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 13:08 . 2008-11-15 13:08 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2008-11-15 13:08 . 2008-11-15 13:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-15 13:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 13:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-14 16:05 . 2008-11-16 12:05 8,627 --a------ c:\windows\system32\PAV_FOG.OPC
2008-11-14 15:54 . 2008-11-17 09:36 237,096 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-11-14 15:54 . 2008-11-17 09:36 237,096 --a------ c:\windows\system32\drivers\APPFCONT.DAT
2008-11-14 15:54 . 2008-06-18 16:06 193,792 --a------ c:\windows\system32\drivers\idsflt.sys
2008-11-14 15:54 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys
2008-11-14 15:54 . 2008-06-18 16:06 52,992 --a------ c:\windows\system32\drivers\dsaflt.sys
2008-11-14 15:54 . 2008-06-18 16:06 46,720 --a------ c:\windows\system32\drivers\wnmflt.sys
2008-11-14 15:54 . 2008-11-17 12:39 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-11-14 15:54 . 2008-11-17 12:39 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG
2008-11-14 15:54 . 2008-11-14 15:54 261 --a------ c:\windows\system32\PavCPL.dat
2008-11-14 15:53 . 2008-11-14 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Backup
2008-11-14 15:53 . 2008-07-11 14:58 158,848 --a------ c:\windows\system32\drivers\NETFLTDI.SYS
2008-11-14 15:53 . 2008-06-25 15:42 73,728 --a------ c:\windows\system32\drivers\APPFLT.SYS
2008-11-14 15:53 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\pavcpl.cpl
2008-11-14 15:53 . 2008-03-28 11:25 22,072 --a------ c:\windows\system32\drivers\fnetmon.sys
2008-11-14 15:52 . 2008-11-14 15:52 <DIR> d-------- c:\windows\system32\PAV
2008-11-14 15:52 . 2008-11-14 15:52 <DIR> d-------- c:\program files\Panda Security
2008-11-14 15:52 . 2008-11-14 15:52 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Panda Security
2008-11-14 15:52 . 2008-11-14 15:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Panda Security
2008-11-14 15:52 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll
2008-11-14 15:52 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll
2008-11-14 15:52 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys
2008-11-14 15:52 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll
2008-11-14 15:52 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL
2008-11-14 15:52 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll
2008-11-14 15:52 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\avldr.dll
2008-11-14 15:52 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\pavipc.dll
2008-11-14 15:49 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys
2008-11-14 15:49 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys
2008-11-14 15:49 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-14 15:35 . 2008-11-14 15:35 <DIR> d-------- c:\program files\Common Files\Panda Security
2008-11-14 14:58 . 2008-11-14 14:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-14 14:35 . 2008-11-14 15:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-14 14:27 . 2008-11-14 15:56 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-14 02:22 . 2008-11-14 02:22 <DIR> d-------- c:\program files\Trend Micro
2008-11-14 00:40 . 2008-11-14 00:40 <DIR> d-------- c:\program files\Alwil Software
2008-11-13 18:23 . 2008-11-13 18:23 1,689 --a------ c:\windows\Sysvxd.exe
2008-11-13 16:35 . 2008-11-13 16:35 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2008-11-13 15:57 . 2008-11-13 16:13 <DIR> d-------- c:\program files\RogueRemover FREE
2008-11-13 15:34 . 2008-11-13 15:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-13 15:18 . 2008-11-13 15:18 <DIR> d-------- c:\windows\system32\drivers\NAV
2008-11-13 15:18 . 2008-11-13 15:18 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-13 13:46 . 2008-11-13 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-13 13:41 . 2008-11-13 13:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings
2008-11-13 12:54 . 2008-11-13 12:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-13 08:16 . 2008-11-13 08:18 <DIR> d-------- C:\a84bebd03b14490a27
2008-11-12 13:53 . 2008-09-04 09:15 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 13:53 . 2008-10-24 03:21 455,296 --a--c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-06 16:40 . 2008-11-14 00:26 <DIR> d-------- c:\program files\Common
2008-10-28 19:51 . 2008-10-28 19:51 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-10-28 19:46 . 2008-10-28 19:46 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-28 19:46 . 2008-10-28 19:48 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-24 11:21 . 2008-10-15 08:34 337,408 --a--c--- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 20:40 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Lavasoft
2008-11-15 00:45 --------- d-----w c:\program files\Go-Go Gourmet
2008-11-15 00:45 --------- d-----w c:\program files\Diner Dash 2
2008-11-14 23:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-14 22:41 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Symantec
2008-11-14 09:25 --------- d-----w c:\program files\Puzzle Hero
2008-11-14 08:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-13 23:18 --------- d-----w c:\program files\Norton AntiVirus
2008-11-13 18:33 11,869 ----a-w c:\program files\Common Files\rafadax.inf
2008-11-13 16:16 13,705 ----a-w c:\program files\Common Files\urezecyg._sy
2008-11-06 06:05 --------- d-----w c:\program files\LimeWire
2008-11-06 06:05 --------- d-----w c:\program files\Incomplete
2008-11-05 08:43 --------- d-----w c:\program files\ABC Amber LIT Converter
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-13 02:07 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-10-13 02:07 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2008-09-21 21:21 --------- d-----w c:\program files\InterActual
2008-09-04 02:34 0 ----a-w c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat
2005-09-26 16:47 424,685 --sh--w c:\windows\system\bilsp.bak1
2005-10-01 17:27 425,991 --sh--w c:\windows\system\bilsp.bak2
2005-10-01 22:56 182,819 --sh--w c:\windows\system\bilsp.ini2
2005-03-10 07:03 56 --sh--r c:\windows\system32\5383F6A747.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\a84bebd03b14490a27 ----
2008-11-03 16:19 896390 --a------ c:\a84bebd03b14490a27\mrt.exe._p
2008-11-03 16:10 44992 --a------ c:\a84bebd03b14490a27\mrtstub.exe
((((((((((((((((((((((((((((( snapshot@2008-11-14_13.26.50.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-02-23 19:41:02 466,944 ----a-w c:\windows\system32\capicom.dll
+ 2007-04-11 19:11:20 511,328 ----a-w c:\windows\system32\capicom.dll
- 2008-01-29 19:01:28 16,168 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 21:12:54 15,464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 21:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 21:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
- 2008-01-29 19:02:30 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 21:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
- 2008-11-14 20:57:38 69,436 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-17 18:10:54 69,436 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-14 20:57:38 419,350 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-17 18:10:54 419,350 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-17 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2008-10-22 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]
"VTTimer"="VTTimer.exe" [2004-10-22 c:\windows\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-08-11 36864]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 241664]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-09-17 200704]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-01-29 118784]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-11 16423]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIXL"= pclepixl.dll
"VIDC.NTN1"= NUVision.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 c:\program files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
--a------ 2005-09-11 17:04 937984 c:\program files\Athan\Athan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-09-26 18:14 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\interMute\\SpySubtract\\SpySub.exe"=
"c:\\Program Files\\burst\\core-new1.1.3\\btdownloadheadless.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\burst\\core-shad0w5.7.6\\btdownloadheadless.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\FSCAgent.exe"=
"c:\\WINDOWS\\system32\\ClubBox.exe"=
"c:\\WINDOWS\\system32\\pdbox28.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule: tcp incoming
R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-06-19 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2008-06-25 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2008-06-18 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2008-03-28 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2008-06-18 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2008-07-11 14:58 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\Drivers\ShlDrv51.sys [2008-03-04 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2008-06-18 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda [ ]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-13 14336]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2008-02-07 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\PskSvc.exe [2008-06-25 28928]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe [ ]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2008-11-17 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-06-26 197888]
R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [ ]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264]
S3 SPCP825K;Sunplus Serial port driver;c:\windows\system32\DRIVERS\SPCP825K.sys [ ]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 12:48:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-17 12:59:51
ComboFix-quarantined-files.txt 2008-11-17 20:59:47
ComboFix2.txt 2008-11-16 20:27:39
Pre-Run: 28,590,931,968 bytes free
Post-Run: 29,209,890,816 bytes free
303 --- E O F --- 2008-11-13 16:18:06
|
Senior Member
|
18. November 2008 @ 00:16 |
Link to this message
|
|
Hey oryfan
Any more problems?
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
oryfan
Newbie
|
18. November 2008 @ 00:21 |
Link to this message
|
|
Nope. Everything seems to be orking fine now. Thanks for your help!
|
|
Advertisement
|
|
|
Senior Member
|
18. November 2008 @ 04:55 |
Link to this message
|
|
Hey oryfan
Glad to hear it! You're welcome. Enjoy!
Cheers :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
