BleepingComputer.com: Unknown Trojan

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Unknown Trojan have removed multiple malware but something is still there

#1 User is offline   l_d33 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 30-April 11

Posted 30 April 2011 - 09:39 PM

Hello,

At first I thought I had google redirect, but when I deleted it something else came up. The last problem was winlogon. exe and before that my combofix.exe couldn't run, nor could rkill or tdsskiller. However, when I finially got Combofix to work and did a scan with malware anti-virus when i restarted my computer only my wallpaper came up and i had no internet connection. I believe there is still a virus on my comp. Could someone please take a look at my combo fix log. Both scans told me that there were no viruses but I do not think that's the case. I was thinking of resetting my system restore but would like to know first what a proper protocal for fixing this problem is. Any help is greatly appreciated. Thank you in advance. I will include my ComboFix Log. I scanned my computer after adding the service pack (#2) to it. I have Windows XP Professional. Please let me know if this is enough.

ComboFix 11-04-29.02 - User 04/29/2011 23:24:45.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1540 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\Combolix.exe
Command switches used :: c:\documents and settings\User\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Panda Antivirus Pro 2011 *Disabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Application Data\Adobe\plugs
c:\documents and settings\User\Application Data\Adobe\shed
c:\documents and settings\User\Templates\7yuto747a06k3405k6ao4d24d751768
c:\windows\system32\regedit.exe.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-27 23:39 . 2011-04-27 23:39 -------- d-----w- c:\documents and settings\User\Application Data\IObit
2011-04-27 23:39 . 2011-04-27 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-04-27 23:39 . 2011-04-27 23:39 -------- d-----w- c:\program files\IObit
2011-04-27 04:23 . 2011-04-27 04:54 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-04-26 02:09 . 2011-04-26 02:20 -------- d-----w- C:\32788R22FWJFW.3.tmp
2011-04-26 01:55 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 01:54 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 00:56 . 2011-04-26 00:57 -------- d-----w- C:\32788R22FWJFW.2.tmp
2011-04-26 00:33 . 2011-04-26 01:43 -------- d-----w- C:\ComboFix
2011-04-25 18:52 . 2011-04-25 18:52 -------- d-----w- c:\documents and settings\User\Application Data\U3
2011-04-25 14:51 . 2011-04-25 14:55 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2009-03-18 00:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 10:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 10:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2004-08-04 10:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 10:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-08-07 21:38 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-04 10:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 10:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2009-03-18 00:06 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-03-23_22.35.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 03:03 . 2011-01-11 03:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-11 02:32 . 2011-01-11 02:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2011-01-11 08:05 . 2011-01-11 08:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 08:23 . 2011-01-11 08:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2011-01-11 01:21 . 2011-01-11 01:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2011-04-30 02:45 . 2011-04-30 02:45 16384 c:\windows\Temp\Perflib_Perfdata_78.dat
+ 2011-01-21 04:08 . 2008-10-15 09:54 99072 c:\windows\system32\SYSTOOLS.dll
+ 2011-04-27 04:53 . 2011-04-27 04:55 91388 c:\windows\system32\Restore\rstrlog.dat
- 2006-03-04 03:33 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
+ 2006-03-04 03:33 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 08:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 08:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 10:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 10:00 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 10:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2004-08-04 10:00 . 2008-04-14 00:11 45568 c:\windows\system32\dnsrslvr.dll
+ 2009-08-07 22:11 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-08-07 22:11 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 08:31 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-08-07 22:11 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-08-07 22:11 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 08:34 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:34 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:33 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 08:33 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-20 17:17 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2011-04-25 14:40 . 2011-04-25 14:40 84416 c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
- 2010-03-05 07:06 . 2011-03-09 06:06 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-03-05 07:06 . 2011-04-15 19:13 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-03-05 07:06 . 2011-04-15 19:13 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-03-05 07:06 . 2011-03-09 06:06 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-03-05 07:06 . 2011-03-09 06:06 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-03-05 07:06 . 2011-04-15 19:13 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-04-15 19:11 . 2010-12-20 23:59 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-03-24 04:21 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2524375\update\spcustom.dll
+ 2011-03-24 04:21 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2524375\spmsg.dll
+ 2011-01-11 08:27 . 2011-01-11 08:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 08:24 . 2011-01-11 08:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 08:08 . 2011-01-11 08:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
+ 2011-01-21 04:08 . 2010-06-21 15:02 193344 c:\windows\system32\TpUtil.dll
- 2004-08-04 10:00 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
+ 2004-08-04 10:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2004-08-04 10:00 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
- 2004-08-04 10:00 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
- 2006-03-04 03:33 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
+ 2006-03-04 03:33 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
- 2009-03-08 08:32 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 08:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
+ 2004-08-04 10:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
- 2004-08-04 10:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2006-03-04 03:33 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
+ 2006-03-04 03:33 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 10:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 10:00 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 10:00 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 10:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
+ 2009-03-17 18:56 . 2011-04-16 04:13 288496 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 10:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 10:00 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 10:00 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
- 2009-03-08 08:34 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 08:34 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2009-08-07 21:35 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2009-03-08 08:34 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 08:34 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
- 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2009-03-08 08:32 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 08:32 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-08-07 22:11 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-08-07 22:11 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-08-07 21:31 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys
- 2010-09-18 16:23 . 2010-09-18 16:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-09-18 16:23 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-13 17:04 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-08-07 21:28 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-08-07 21:28 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-08-07 22:11 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-08-07 22:11 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 08:31 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 08:31 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-09 14:46 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-09 14:46 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 18:09 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 18:09 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 08:32 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 08:32 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-06-20 17:46 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2010-04-20 05:30 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll
- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys
+ 2011-04-18 00:09 . 2011-04-18 00:09 459264 c:\windows\Installer\232932f.msi
- 2010-03-05 07:06 . 2011-03-09 06:06 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-03-05 07:06 . 2011-04-15 19:13 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-03-05 07:06 . 2011-03-09 06:06 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-03-05 07:06 . 2011-04-15 19:13 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-03-05 07:06 . 2011-04-15 19:13 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-03-05 07:06 . 2011-03-09 06:06 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-03-05 07:06 . 2011-04-15 19:13 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-03-05 07:06 . 2011-03-09 06:06 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-03-05 07:06 . 2011-03-09 06:06 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-03-05 07:06 . 2011-04-15 19:13 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-03-05 07:06 . 2011-04-15 19:13 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-03-05 07:06 . 2011-03-09 06:06 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-03-05 07:06 . 2011-04-15 19:13 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-03-05 07:06 . 2011-03-09 06:06 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-04-15 19:06 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-04-15 19:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-04-15 19:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-04-15 19:06 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-04-15 19:11 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-04-15 19:11 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-04-15 19:11 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-04-15 19:11 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2009-08-07 21:31 . 2011-02-17 13:18 455936 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-03-24 04:21 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2524375$\spuninst\updspapi.dll
+ 2011-03-24 04:21 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2524375$\spuninst\spuninst.exe
+ 2011-03-24 04:21 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2524375\update\updspapi.dll
+ 2011-03-24 04:21 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2524375\update\update.exe
+ 2011-03-24 04:21 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2524375\spuninst.exe
+ 2011-04-15 18:42 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2011-01-11 02:50 . 2011-01-11 02:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-11 02:50 . 2011-01-11 02:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2006-03-18 11:09 . 2011-02-22 23:06 1210880 c:\windows\system32\urlmon.dll
- 2006-03-18 11:09 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
+ 2006-03-23 17:32 . 2011-02-22 23:06 5962240 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
- 2009-03-08 08:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2009-04-17 12:26 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys
- 2009-03-08 08:34 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 08:34 . 2011-02-22 23:06 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 08:41 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll
- 2009-08-07 22:11 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-07 22:11 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-03-18 00:05 . 2011-03-18 00:05 4989440 c:\windows\Installer\1a814d.msp
+ 2011-01-11 21:49 . 2011-01-11 21:49 9003008 c:\windows\Installer\1a8137.msp
+ 2010-11-21 03:32 . 2010-11-21 03:32 4165120 c:\windows\Installer\1a8121.msp
+ 2011-03-18 00:01 . 2011-03-18 00:01 9563648 c:\windows\Installer\1a810a.msp
+ 2011-01-11 21:50 . 2011-01-11 21:50 8177152 c:\windows\Installer\1a80f4.msp
+ 2010-11-21 03:33 . 2010-11-21 03:33 1980928 c:\windows\Installer\1a80de.msp
+ 2010-03-05 07:06 . 2011-04-15 19:13 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-03-05 07:06 . 2011-03-09 06:06 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-03-05 07:06 . 2011-04-15 19:13 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2010-03-05 07:06 . 2011-03-09 06:06 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-04-15 19:11 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-04-15 19:11 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2009-08-07 22:09 . 2011-04-15 19:07 39828936 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2011-02-22 23:06 11080704 c:\windows\system32\ieframe.dll
- 2009-03-08 08:39 . 2010-12-21 10:29 11080704 c:\windows\system32\ieframe.dll
- 2009-08-07 22:11 . 2010-12-21 10:29 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-07 22:11 . 2011-02-22 23:06 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-04-15 19:11 . 2010-12-21 10:29 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-03-05 557056]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2011\APVXDWIN.EXE" [2010-08-26 988480]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2011\Inicio.exe" [2010-06-11 68928]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2010-3-5 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 17:55 55552 ----a-w- c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [1/21/2011 12:08 AM 26696]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [1/20/2011 11:13 PM 37896]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [1/21/2011 12:07 AM 59080]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [1/20/2011 11:13 PM 163336]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2011\psksvc.exe [1/21/2011 12:08 AM 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [4/27/2011 7:39 PM 312152]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\adm8511.sys [3/17/2009 8:38 PM 20160]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 YORKYDRV;YORKYDRV;c:\windows\system32\drivers\YORKYDRV.sys [12/27/2010 11:20 PM 22408]
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-18 c:\windows\Tasks\switchSevenDays.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-18 13:40]
.
2010-08-18 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-18 13:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://shibuya02.ipcam.jp/SysCamInst.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\jkzi9hz4.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-29 23:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HM080II rev.YE100-15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A50557B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\WININET.dll
c:\windows\system32\avldr.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\WININET.dll
.
Completion time: 2011-04-29 23:39:25
ComboFix-quarantined-files.txt 2011-04-30 03:39
ComboFix2.txt 2011-03-23 22:37
ComboFix3.txt 2010-12-31 03:11
ComboFix4.txt 2010-12-28 04:59
ComboFix5.txt 2011-04-30 03:18
.
Pre-Run: 48,431,169,536 bytes free
Post-Run: 49,280,135,168 bytes free
.
- - End Of File - - 123E21991410C2DA03D8128E6C25167C

Attached File(s)


#2 User is offline   Orange Blossom 

  • OBleepin Investigator
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 29,826
  • Joined: 14-July 06
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 09 May 2011 - 08:33 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.

  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.


We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 User is offline   Orange Blossom 

  • OBleepin Investigator
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 29,826
  • Joined: 14-July 06
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 19 May 2011 - 09:40 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users