Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virusblaster Infected


  • This topic is locked This topic is locked
2 replies to this topic

#1 beehoo

beehoo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 14 April 2008 - 08:35 PM

heres the combo fix log

ComboFix 08-04-13.3 - Owner 2008-04-14 21:20:35.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Favorites\Online Security Test.url
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS
C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL
C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP
C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT
C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT
C:\Program Files\MyWay\myBar\Cache\0005CEB1
C:\Program Files\MyWay\myBar\Cache\0005D336
C:\Program Files\MyWay\myBar\Cache\0031006F
C:\Program Files\MyWay\myBar\Cache\003F5F25.bin
C:\Program Files\MyWay\myBar\Cache\003F63C8.bin
C:\Program Files\MyWay\myBar\Cache\003F65EB.bin
C:\Program Files\MyWay\myBar\Cache\00DC929D
C:\Program Files\MyWay\myBar\Cache\03556491
C:\Program Files\MyWay\myBar\Cache\06C9B073
C:\Program Files\MyWay\myBar\Cache\files.ini
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\NetProject
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\scu.exe
C:\Program Files\NetProject\ts.ico
C:\Program Files\NetProject\waun.exe
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\system32\403445\403445.dll
C:\WINDOWS\system32\bszip.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-14 21:15 . 2008-04-14 21:15 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-14 21:15 . 2008-04-14 21:16 <DIR> d-------- C:\Program Files\Panda Security
2008-04-14 21:04 . 2008-04-14 21:04 1,428 --a------ C:\sageset2005.reg
2008-04-14 21:03 . 2008-04-14 21:03 88,524 --a------ C:\smitfrau.reg
2008-04-14 21:03 . 2008-04-14 21:03 1,458 --a------ C:\smitfra.reg
2008-04-14 20:58 . 2004-04-01 05:03 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-14 20:58 . 2004-04-02 19:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-14 20:58 . 2004-04-01 17:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-04-14 20:58 . 2008-04-14 20:58 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-14 20:52 . 2008-04-14 21:01 <DIR> d-------- C:\Program Files\roguescanfix
2008-04-14 20:42 . 2008-04-14 20:56 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-14 19:59 . 2008-04-14 21:24 <DIR> d-------- C:\WINDOWS\system32\403445
2008-04-14 19:59 . 2008-04-14 20:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 16:50 . 2008-04-14 16:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-14 16:50 . 2008-04-14 16:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-13 23:28 . 2008-04-14 13:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Juniper Networks
2008-04-13 20:06 . 2008-04-13 20:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nexon
2008-04-13 16:26 . 2008-04-13 16:26 <DIR> d-------- C:\Program Files\Intel
2008-04-13 16:24 . 2007-12-07 11:10 52,736 --a------ C:\WINDOWS\system32\drivers\ViPrt.sys
2008-04-13 16:24 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-13 16:24 . 2007-09-21 16:28 18,432 --a------ C:\WINDOWS\system32\vIdeInst.dll
2008-04-13 16:24 . 2007-12-07 11:13 16,896 --a------ C:\WINDOWS\system32\drivers\ViBus.sys
2008-04-13 16:24 . 2007-09-21 17:49 9,216 --a------ C:\WINDOWS\system32\drivers\videX32.sys
2008-04-13 16:23 . 2008-04-13 16:23 <DIR> d-------- C:\Intel
2008-04-13 16:21 . 2008-04-13 16:21 <DIR> d-------- C:\Program Files\Realtek AC97
2008-04-13 16:21 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-04-13 16:21 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-04-13 16:21 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-04-13 16:21 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-04-13 16:21 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-04-13 16:21 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-04-13 16:12 . 2008-04-13 16:37 <DIR> d-------- C:\Program Files\Driver Magician
2008-04-13 16:12 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-04-13 16:12 . 2005-01-12 11:19 456,536 --a------ C:\WINDOWS\system32\XCEEDZIP.DLL
2008-04-13 16:12 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-04-13 16:12 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\Msinet.ocx
2008-04-13 16:12 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-04-13 16:01 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-04-13 14:22 . 2008-04-13 14:25 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-12 23:42 . 2008-04-12 23:42 <DIR> d-------- C:\ConverterOutput
2008-04-12 23:41 . 2008-04-12 23:41 <DIR> d-------- C:\Program Files\Cucusoft
2008-04-12 23:41 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-04-12 23:41 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-04-12 23:41 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-04-12 23:41 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-04-12 23:41 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-04-12 23:41 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-04-12 23:11 . 2008-04-12 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-12 22:08 . 2008-04-12 22:08 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-12 20:48 . 2008-04-12 20:48 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-12 16:16 . 2008-04-12 16:28 <DIR> d-------- C:\Program Files\Uniblue
2008-04-12 15:35 . 2008-04-12 16:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-04-12 09:01 . 2008-04-12 09:01 <DIR> d-------- C:\Program Files\Geneforge
2008-04-12 08:59 . 2008-04-12 09:00 <DIR> d-------- C:\Program Files\Geneforge 2
2008-04-12 08:59 . 2008-04-12 09:01 286,720 --a------ C:\WINDOWS\iun504.exe
2008-04-12 08:58 . 2008-04-12 14:34 <DIR> d-------- C:\Program Files\Spiderweb Software
2008-04-12 08:58 . 2008-04-12 08:59 <DIR> d-------- C:\Program Files\Geneforge 3
2008-04-11 21:36 . 2008-04-12 14:33 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Downloaded Installations
2008-04-09 21:03 . 2008-04-09 21:03 <DIR> d-------- C:\Program Files\AbiSuite2
2008-04-09 21:03 . 2008-04-09 21:03 <DIR> d-------- C:\Documents and Settings\Owner\AbiSuite
2008-04-09 18:16 . 2008-04-09 18:16 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-04-09 18:11 . 2008-04-13 19:49 <DIR> d-------- C:\Nexon
2008-04-09 05:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-09 05:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-09 05:46 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-08 17:36 . 2008-04-13 11:34 <DIR> d-------- C:\Documents and Settings\Owner\Contacts
2008-04-08 17:30 . 2008-04-08 17:35 <DIR> d-------- C:\Program Files\Windows Live
2008-04-08 17:30 . 2008-04-08 17:31 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 17:29 . 2008-04-08 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 16:55 . 2008-04-14 21:15 3,592 --a------ C:\WINDOWS\mozver.dat
2008-04-08 16:36 . 2008-04-08 16:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 16:28 . 2008-04-14 16:28 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-04-07 20:43 . 2008-04-07 20:53 <DIR> d-------- C:\Program Files\Norton 360
2008-04-07 20:42 . 2008-04-07 21:13 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-07 20:42 . 2008-04-07 21:13 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-07 20:42 . 2008-04-07 21:13 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-07 20:42 . 2008-04-07 21:13 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-07 20:26 . 2008-04-07 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-04-07 19:32 . 2008-04-13 16:28 <DIR> d-------- C:\Program Files\VIA
2008-04-07 19:30 . 2008-04-07 19:31 <DIR> d-------- C:\softpaq
2008-04-07 18:57 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-07 18:57 . 2007-06-30 23:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-07 18:57 . 2007-06-30 23:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-07 18:57 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-07 18:57 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-07 18:57 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-07 18:57 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-07 18:57 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-07 18:57 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-07 18:52 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-07 18:26 . 2008-04-07 18:26 <DIR> d-------- C:\Program Files\iTunes
2008-04-07 18:24 . 2008-04-07 18:24 <DIR> d-------- C:\Program Files\Bonjour
2008-04-07 18:23 . 2008-04-07 18:24 <DIR> d-------- C:\Program Files\QuickTime
2008-04-07 18:20 . 2008-04-08 17:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-07 18:20 . 2008-04-07 18:20 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-04-07 18:20 . 2008-04-07 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-07 18:20 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-04-07 18:14 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-07 17:57 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-07 17:50 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-13 23:46 13,312 --s-a-w C:\WINDOWS\system32\vualf.dll
2008-04-13 20:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 20:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-13 02:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-12 22:33 --------- d-----w C:\Program Files\LimeWire
2008-04-12 20:43 --------- d-----w C:\Program Files\MP3Downloading
2008-04-12 20:42 --------- d-----w C:\Program Files\Blubster
2008-04-11 20:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-04-10 02:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-10 00:58 14,830 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-04-08 11:54 --------- d-----w C:\Program Files\iPod
2008-04-08 11:52 --------- d-----w C:\Program Files\Soulseek
2008-04-08 11:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-04-08 01:37 --------- d-----w C:\Program Files\Java
2008-04-08 01:13 --------- d-----w C:\Program Files\Symantec
2008-04-07 22:21 --------- d-----w C:\Program Files\Apple Software Update
2008-04-07 21:52 --------- d-----w C:\Program Files\Easy Internet signup
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 20:04 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 07:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 07:15 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 00:43 233472]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57 81920]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-18 07:02 176128]
"virtual"="winit.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 11:45 135214]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-10 14:53 185896]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 11:46 53248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 21:54 116072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"virtual"="winit.exe" []

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{12a31567-9883-4cc0-a684-ad5804394d69}"= C:\WINDOWS\system32\vualf.dll [2008-04-13 19:46 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1626:UDP"= 1626:UDP:robot rage

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-12-07 11:13]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 17:49]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-12-07 11:10]
R2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 12:33]
R2 procguard;procguard;C:\WINDOWS\system32\drivers\procguard.sys [2006-08-09 15:57]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2004-12-06 19:44]
S2 DCSPGSRV;DiamondCS ProcessGuard Service v3.410;"C:\Program Files\ProcessGuard\dcsuserprot.exe" []
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 14:36]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 11:38]
S3 xp1;xp1;C:\Documents and Settings\Owner\My Documents\My Music\XMetalSinXHackingPack\xp.sys [2007-03-07 18:56]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 20:29:22 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-12 19:35:23 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-15 01:08:55 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-15 00:42:42 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 21:24:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-14 21:26:46
ComboFix-quarantined-files.txt 2008-04-15 01:26:37

Pre-Run: 39,173,419,008 bytes free
Post-Run: 39,152,775,168 bytes free
.
2008-04-13 19:56:35 --- E O F ---

BC AdBot (Login to Remove)

 


m

#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:03 AM

Posted 26 April 2008 - 05:40 AM

Hello beehoo

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.
if you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.

Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:03 AM

Posted 15 May 2008 - 04:18 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users