Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VIRUS ALERT in taskbar


  • This topic is locked This topic is locked
2 replies to this topic

#1 jujitsu1

jujitsu1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 27 October 2008 - 12:14 AM

I have an issue. like a moron I tried to install a video codec and got hosed.
I read around the forums and got some info and started to try ComboFix
it seemed to work but it keeps coming back. Here is the log from ComboFix.
Help it's my work laptop.

ComboFix 08-10-25.01 - Sean 2008-10-27 0:39:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1491 [GMT -4:00]
Running from: C:\Documents and Settings\Sean.NOYFB-BIACH\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sean.NOYFB-BIACH\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Sean.NOYFB-BIACH\Local Settings\Temporary Internet Files\fbk.sts

.
((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-27 00:29 . 2008-10-27 00:29 <DIR> d-------- C:\Documents and Settings\Sean.NOYFB-BIACH\Application Data\Gool
2008-10-26 21:24 . 2008-10-26 21:24 20,992 --ahs---- C:\WINDOWS\system32\c00FE5B0.mat
2008-10-26 21:18 . 2008-10-26 21:18 <DIR> d-------- C:\Documents and Settings\Sean.NOYFB-BIACH\Application Data\Facegame
2008-10-26 21:15 . 2008-10-24 07:26 352,256 --a------ C:\WINDOWS\aetlsrkntla.dll
2008-10-26 21:15 . 2008-10-24 07:26 344,064 --a------ C:\WINDOWS\vwnskbot.dll
2008-10-26 21:15 . 2008-10-24 07:26 327,680 --a------ C:\WINDOWS\qnflkotm.dll
2008-10-26 21:15 . 2008-10-24 07:26 217,088 --a------ C:\WINDOWS\bkqxdons.dll
2008-10-26 21:15 . 2008-10-24 07:26 94,208 --a------ C:\WINDOWS\woprdagt.exe
2008-10-26 21:14 . 2008-10-26 21:14 46,080 --a------ C:\WINDOWS\system32\gcomd32.dll
2008-10-26 21:14 . 2008-10-26 21:14 44,032 --a------ C:\fukfiukq.exe
2008-10-26 21:14 . 2008-10-26 21:14 27,904 --a------ C:\WINDOWS\system32\drivers\ndisprot.sys
2008-10-26 21:14 . 2008-10-26 21:14 705 --a------ C:\mxlb.exe
2008-10-26 21:14 . 2008-10-26 21:14 705 --a------ C:\lowdn.exe
2008-10-26 21:14 . 2008-10-26 21:14 705 --a------ C:\kbbve.exe
2008-10-26 21:14 . 2008-10-26 21:35 393 --a------ C:\WINDOWS\system32\lm.dat
2008-10-26 21:14 . 2008-10-26 21:14 2 --a------ C:\882382916
2008-10-26 21:13 . 2008-10-26 21:13 <DIR> d-------- C:\Program Files\HDTVNetworks
2008-10-23 23:51 . 2008-10-23 23:52 <DIR> d-------- C:\Program Files\A4Desk
2008-10-23 20:34 . 2008-10-23 20:34 <DIR> d-------- C:\Program Files\BannerDesignerPro
2008-10-23 20:19 . 2008-10-23 20:22 <DIR> d-------- C:\Program Files\common files\SourceTec
2008-10-23 20:19 . 2008-08-15 14:30 17,542 --a------ C:\WINDOWS\SothinkTree.ico
2008-10-23 19:21 . 2008-10-15 12:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-17 00:12 . 2008-10-24 14:42 <DIR> d-------- C:\SCTest
2008-10-17 00:04 . 2008-01-18 06:10 1,097,728 --------- C:\WINDOWS\system32\UniBox210.ocx
2008-10-17 00:04 . 2008-01-18 06:09 880,640 --------- C:\WINDOWS\system32\UniBox10.ocx
2008-10-17 00:04 . 2007-09-14 03:06 380,928 --------- C:\WINDOWS\system32\UniFlexGrid10.ocx
2008-10-17 00:04 . 2008-01-18 06:10 364,544 --------- C:\WINDOWS\system32\UniGrid210.ocx
2008-10-17 00:04 . 2008-01-18 06:10 212,992 --------- C:\WINDOWS\system32\UniBoxVB12.ocx
2008-10-17 00:04 . 2007-09-14 03:06 139,264 --------- C:\WINDOWS\system32\uniflexsup.dll
2008-10-17 00:03 . 2008-10-17 00:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
2008-10-16 23:55 . 2008-10-16 23:56 <DIR> d-------- C:\AllWebMenusBackup
2008-10-16 14:22 . 2008-10-16 14:22 <DIR> d-------- C:\District Website
2008-10-15 01:39 . 2008-09-15 08:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 01:39 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 01:38 . 2008-08-14 06:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 01:38 . 2008-08-14 06:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 01:38 . 2008-08-14 05:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 01:38 . 2008-08-14 05:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 22:47 . 2007-01-10 08:00 244,736 --a------ C:\WINDOWS\system32\drivers\c2scsi.sys
2008-10-13 04:00 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-10-13 03:40 . 2008-10-13 04:01 2,943 --a------ C:\drmHeader.bin
2008-10-12 13:55 . 2008-10-12 13:56 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-10 13:23 . 2008-10-10 13:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avanquest Software
2008-10-10 11:57 . 2008-10-10 11:57 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-10 11:57 . 2008-10-10 11:57 <DIR> d-------- C:\Program Files\common files\L&H
2008-10-10 11:40 . 2008-10-14 22:52 <DIR> d-------- C:\Program Files\MagicISO
2008-10-08 09:38 . 2008-10-08 09:38 24,192 --a------ C:\Documents and Settings\Sean.NOYFB-BIACH\usbsermptxp.sys
2008-10-08 09:38 . 2008-10-08 09:38 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-10-08 09:38 . 2008-10-08 09:38 22,768 --a------ C:\Documents and Settings\Sean.NOYFB-BIACH\usbsermpt.sys
2008-10-07 23:26 . 2008-10-07 23:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-10-07 20:21 . 2008-04-13 14:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-10-07 20:21 . 2008-04-13 14:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-10-07 20:21 . 2003-12-26 12:22 24,192 -ra------ C:\WINDOWS\system32\drivers\OLD3E.tmp
2008-10-07 20:20 . 2008-10-14 23:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
2008-10-07 19:39 . 2008-10-07 19:51 <DIR> d-------- C:\Program Files\BitPim
2008-10-07 15:32 . 2008-10-07 15:32 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-10-07 15:31 . 2008-10-07 15:31 <DIR> d-------- C:\Program Files\common files\Motorola Shared
2008-10-07 15:31 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-10-07 15:29 . 2008-10-07 15:30 <DIR> d-------- C:\Documents and Settings\Sean.NOYFB-BIACH\Application Data\U3
2008-10-03 15:59 . 2008-10-03 15:59 <DIR> d-------- C:\Program Files\GetData
2008-10-03 10:39 . 2008-10-24 15:15 <DIR> d-------- C:\Documents and Settings\Sean.NOYFB-BIACH\Application Data\Likno
2008-10-03 10:33 . 2008-10-03 10:33 13 ---h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\Λ3113.sys
2008-10-03 10:32 . 2008-10-17 00:04 <DIR> d-------- C:\Program Files\AllWebMenus5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 04:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-27 02:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-27 01:18 --------- d-----w C:\Documents and Settings\Sean.NOYFB-BIACH\Application Data\uTorrent
2008-10-27 01:17 --------- d-----w C:\Program Files\PeerGuardian2
2008-10-24 00:22 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-10-23 18:41 --------- d-----w C:\Program Files\Bonjour
2008-10-22 01:37 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-22 01:35 --------- d-----w C:\Documents and Settings\Sean.NOYFB-BIACH\Application Data\Yahoo!
2008-10-15 06:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-10-15 03:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-13 08:00 --------- d-----w C:\Program Files\Xvid
2008-10-12 17:56 --------- d-----w C:\Program Files\iTunes
2008-10-12 17:55 --------- d-----w C:\Program Files\iPod
2008-10-11 00:54 --------- d-----w C:\Program Files\Microsoft Works
2008-10-09 21:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-10-05 00:45 --------- d-----w C:\Program Files\RealArcade
2008-10-03 14:33 --------- d-----w C:\Program Files\CoffeeCup Software
2008-10-01 17:01 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-28 03:39 --------- d-----w C:\Program Files\Norton 360
2008-09-21 02:32 --------- d-----w C:\Documents and Settings\Sean.NOYFB-BIACH\Application Data\Righteous Kill
2008-09-17 04:07 --------- d-----w C:\Program Files\piPOol
2008-09-17 04:05 --------- d-----w C:\Program Files\illiminable
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-09 22:24 --------- d-----w C:\Program Files\QuickTime
2008-09-09 22:24 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-09 03:27 --------- d-----w C:\Documents and Settings\Sean.NOYFB-BIACH\Application Data\Move Networks
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 02:16 1,900,544 ----a-w C:\WINDOWS\system32\usbaaplrc.dll
2008-09-03 23:34 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-31 14:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 04:32 --------- d-----w C:\Program Files\Roxio
2008-08-27 03:29 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-08-27 03:29 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-12 05:53 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-30 01:36 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-24 16:57 13 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\3113.sys
2007-03-02 05:53 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-05-10 03:10 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-27_ 0.25.22.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-27 04:32:52 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54546d93-325d-4f81-8249-b7f061456e6c}]
2008-10-24 07:26 352256 --a------ C:\WINDOWS\aetlsrkntla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BF54CDC2-E0D2-4C75-8BB5-CF71F1DD2AE5}"= "C:\WINDOWS\bkqxdons.dll" [2008-10-24 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\common files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Facegame"="C:\Documents and Settings\Sean.NOYFB-BIACH\Application Data\Facegame\Facegame.exe" [2008-10-26 56832]
"Gool"="C:\Documents and Settings\Sean.NOYFB-BIACH\Application Data\Gool\Gool.exe" [2008-10-27 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"CTAPR2"="C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-02-15 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qnflkotm"= {2FB4E094-CE46-48FA-80BE-C12390A99661} - C:\WINDOWS\qnflkotm.dll [2008-10-24 327680]
"vwnskbot"= {2C507EB3-0429-4FB1-948F-CC2B4AF0C77C} - C:\WINDOWS\vwnskbot.dll [2008-10-24 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00fe5b0]
2008-10-26 21:24 20992 C:\WINDOWS\system32\c00FE5B0.mat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sean.NOYFB-BIACH^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Sean.NOYFB-BIACH\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2007-08-14 03:44 113136 C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-15 12:46 159744 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
--------- 2006-03-08 08:56 278528 C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-15 12:46 131072 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
--a------ 2007-10-19 14:28 202032 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-24 15:52 240112 C:\Program Files\common files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-12 01:53 185896 C:\Program Files\common files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
--------- 2007-02-28 17:50 180224 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-07-26 23:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPIRun]
-ra------ 2006-11-29 06:35 8704 C:\WINDOWS\system32\SPIRun.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\WINDOWS\\system32\\LMabcoms.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-10 244736]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S2 Par1284;Par1284;C:\Program Files\HP DesignJet 500PS\Program\Par1284.sys [2000-09-27 47328]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [ ]
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\SEAN~1.NOY\LOCALS~1\Temp\DX9\SessionLauncher.exe [ ]
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-10-26 27904]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 t3;SB Xtreme Audio Notebook;C:\WINDOWS\system32\drivers\t3.sys [2007-06-19 735744]
S3 t3filt;t3filt;C:\WINDOWS\system32\drivers\t3filt.sys [2007-08-20 1656960]
S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{319ba9b0-94a6-11dd-888c-0014a5eb86e7}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{636ccbbb-f451-11dc-87c3-c47523aa6482}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - E:\system.exe
\Shell\Open\command - E:\system.exe

*Newly Created Service* - catchme
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Sean.NOYFB-BIACH\Application Data\Mozilla\Firefox\Profiles\nkp08623.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 00:42:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\c00FE5B0.mat
.
Completion time: 2008-10-27 0:46:11
ComboFix-quarantined-files.txt 2008-10-27 04:45:59
ComboFix2.txt 2008-10-27 04:26:18

Pre-Run: 10,249,854,976 bytes free
Post-Run: 10,235,031,552 bytes free

297 --- E O F --- 2008-10-23 23:23:22

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:36 PM

Posted 12 November 2008 - 09:28 AM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:36 PM

Posted 22 November 2008 - 09:54 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users