Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm.Win32.AutoRun.sqi, Trojan.Win32.Inject.klc, Trojan.Win32.Monder.zfd


  • This topic is locked This topic is locked
19 replies to this topic

#1 mxm

mxm

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 26 November 2008 - 06:44 PM

please help me....idk what to do....i've removed a lot of other things that were on here but my nod32 didnt detect the following infections.....what can i do next to get rid of all this stuff? and i also have a file called fdccffbffbd.dll that keeps showing up...and i cant delete it....thank you..........and happy thanksgiving




*KASPERSKY ONLINE SCANNER 7 REPORT*
Wednesday, November 26, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3
(build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, November 26, 2008 09:59:47
Records in database: 1418243

*Scan settings*
Scan using the following database extended
Scan archives yes
Scan mail databases yes
*Scan area* My Computer
A:\
C:\
D:\
*Scan statistics*
Files scanned 101537
Threat name 5
Infected objects 14
Suspicious objects 0
Duration of the scan 03:13:31


*File name* *Threat name* *Threats count*
C:\RECYCLER\S-1-5-21-1951078608-3892172462-226310285-2436\service.exe
Infected: Trojan.Win32.Inject.klc 1
C:\WINDOWS\E9799D51180EBCF428C0E71E5EC4E.exe Infected:
Trojan.Win32.Qhost.kng 1
C:\WINDOWS\system32\217a4f513bda8c39391806b701df2f85.TMP Infected:
Worm.Win32.AutoRun.sqi 1
C:\WINDOWS\system32\2efb3b0a17c581a7bec8fd94826f0358.TMP Infected:
Worm.Win32.AutoRun.sqi 1
C:\WINDOWS\system32\76690fc87fd1453bc483de47389e1230.TMP Infected:
Worm.Win32.AutoRun.sqi 1
C:\WINDOWS\system32\979e69aafdc832e62090f6d0de5e4aa9.TMP Infected:
Worm.Win32.AutoRun.sqi 1
C:\WINDOWS\system32\ad2390b0b25029200f77aecc21da43b6.TMP Infected:
Worm.Win32.AutoRun.sqi 1
C:\WINDOWS\system32\ca1dab7784d557ec124815fdabe329c6.TMP Infected:
Worm.Win32.AutoRun.sqi 1
C:\WINDOWS\system32\geBropno.dll Infected: Trojan.Win32.Monder.zfd 1
C:\WINDOWS\system32\gkdbecbi.dll Infected:
not-a-virus:AdWare.Win32.SuperJuan.evh 1
C:\WINDOWS\system32\rqRJAqOH.dll Infected: Trojan.Win32.Monder.zfd 1
C:\WINDOWS\system32\urqQkLef.dll Infected: Trojan.Win32.Monder.zfd 1
C:\WINDOWS\system32\yayyVlLB.dll Infected: Trojan.Win32.Monder.zfd 1
C:\WINDOWS\system32\ylnmwh.dll Infected:
not-a-virus:AdWare.Win32.SuperJuan.evh 1
* The selected area was scanned.*










Logfile of random's system information tool 1.04 (written by random/random)
Run by mike at 2008-11-26 18:43:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (36%) free of 76 GB
Total RAM: 479 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:33 PM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\mike\Local Settings\Temp\jkos-mike\binaries\ScanningProcess.exe
C:\Documents and Settings\mike\My Documents\Downloads\programs\RSIT.exe
C:\Documents and Settings\mike\Desktop\mike.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104293769734
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O20 - AppInit_DLLs: karna.dat cavhwz.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 5457 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avoiocas.job
C:\WINDOWS\tasks\lusxwixo.job
C:\WINDOWS\tasks\pgndjjpo.job
C:\WINDOWS\tasks\phtlektb.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"=C:\WINDOWS\system32\VTPreset.exe [2004-02-24 45056]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat cavhwz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Disabled:SoulSeek"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\YahELite\YahVox.exe"="C:\Program Files\YahELite\YahVox.exe:*:Disabled:Yahoo! voice chat for YahELite"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Guest\Application Data\MySpace\IM\bin\MySpaceIM.exe"="C:\Documents and Settings\Guest\Application Data\MySpace\IM\bin\MySpaceIM.exe:*:Disabled:MySpace Instant Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe"="C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe:*:Disabled:Y!TunnelPro V2.0 Build 366"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe"="C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Disabled:MySpaceIM"
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\Documents and Settings\Guest\My Documents\emulators\snes\ZSNESW.EXE"="C:\Documents and Settings\Guest\My Documents\emulators\snes\ZSNESW.EXE:*:Disabled:ZSNESW"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe:*:Enabled:ESET NOD32 Antivirus"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-26 12:50:38 ----D---- C:\rsit
2008-11-26 07:56:45 ----D---- C:\Program Files\Lavasoft
2008-11-26 07:56:40 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-26 07:53:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-26 07:30:58 ----N---- C:\WINDOWS\system32\ad2390b0b25029200f77aecc21da43b6.TMP
2008-11-26 07:30:58 ----N---- C:\WINDOWS\system32\217a4f513bda8c39391806b701df2f85.TMP
2008-11-25 19:20:07 ----N---- C:\WINDOWS\system32\979e69aafdc832e62090f6d0de5e4aa9.TMP
2008-11-25 11:57:28 ----N---- C:\WINDOWS\system32\2efb3b0a17c581a7bec8fd94826f0358.TMP
2008-11-23 18:06:45 ----D---- C:\Documents and Settings\mike\Application Data\Malwarebytes
2008-11-23 18:06:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-23 18:06:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-23 17:58:27 ----D---- C:\Program Files\ESET
2008-11-23 17:58:26 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-11-23 16:58:14 ----A---- C:\WINDOWS\system32\cavhwz.dll
2008-11-23 16:58:13 ----A---- C:\WINDOWS\system32\qabohcvu.dll
2008-11-23 16:57:19 ----A---- C:\WINDOWS\system32\rqRJAqOH.dll
2008-11-22 17:04:20 ----D---- C:\Program Files\Avira
2008-11-22 16:56:01 ----A---- C:\WINDOWS\E9799D51180EBCF428C0E71E5EC4E.exe
2008-11-22 16:52:49 ----A---- C:\WINDOWS\system32\ylnmwh.dll
2008-11-22 16:52:48 ----A---- C:\WINDOWS\system32\gkdbecbi.dll
2008-11-22 16:50:04 ----A---- C:\WINDOWS\system32\abf6c139-.txt
2008-11-22 00:24:42 ----A---- C:\WINDOWS\system32\wini108023.exe
2008-11-22 00:24:34 ----A---- C:\WINDOWS\system32\urqQkLef.dll
2008-11-21 21:43:05 ----A---- C:\WINDOWS\system32\geBropno.dll
2008-11-21 21:33:58 ----A---- C:\WINDOWS\system32\yayyVlLB.dll
2008-11-21 21:30:51 ----D---- C:\Program Files\mIRC
2008-11-21 09:20:12 ----D---- C:\Program Files\Music NFO Builder
2008-11-12 03:00:55 ----D---- C:\Program Files\MSXML 4.0
2008-11-11 17:26:22 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-11-06 15:57:24 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2008-11-06 15:45:53 ----A---- C:\WINDOWS\system32\instwdm.ini
2008-11-06 15:45:53 ----A---- C:\WINDOWS\system32\ctdc0000.dll
2008-11-06 15:45:52 ----A---- C:\WINDOWS\system32\devreg.dll
2008-11-06 15:45:52 ----A---- C:\WINDOWS\system32\ctemupia.dll
2008-11-06 15:45:52 ----A---- C:\WINDOWS\system32\CTBurst.dll
2008-11-06 15:45:52 ----A---- C:\WINDOWS\system32\APOIM32.exe
2008-11-06 15:45:51 ----A---- C:\WINDOWS\system32\sfms32.dll
2008-11-06 15:45:51 ----A---- C:\WINDOWS\system32\psconv.exe
2008-11-06 15:45:51 ----A---- C:\WINDOWS\system32\ctsfinst.dll
2008-11-06 15:45:51 ----A---- C:\WINDOWS\system32\ctdcres.dll
2008-11-06 15:45:51 ----A---- C:\WINDOWS\system32\ct_oal.dll
2008-11-06 15:45:51 ----A---- C:\WINDOWS\INRES.DLL
2008-11-06 15:45:50 ----A---- C:\WINDOWS\system32\regplib.exe
2008-11-06 15:45:50 ----A---- C:\WINDOWS\system32\ctasio.dll
2008-11-06 15:45:49 ----A---- C:\WINDOWS\system32\ac3api.dll
2008-11-06 15:45:48 ----A---- C:\WINDOWS\system32\readreg.exe
2008-11-06 15:45:48 ----A---- C:\WINDOWS\system32\eaxac3.dll
2008-11-06 15:45:48 ----A---- C:\WINDOWS\system32\ctthxcal.dll
2008-11-06 15:45:48 ----A---- C:\WINDOWS\system32\CTpcmcia.dll
2008-11-06 15:45:48 ----A---- C:\WINDOWS\system32\ctmmep.dll
2008-11-06 15:45:47 ----A---- C:\WINDOWS\system32\OALInst.exe
2008-11-06 15:45:47 ----A---- C:\WINDOWS\system32\ctpxst32.exe
2008-11-06 15:45:46 ----A---- C:\WINDOWS\system32\sfman32.dll
2008-11-06 15:45:46 ----A---- C:\WINDOWS\system32\SET1C4.tmp
2008-11-06 15:45:46 ----A---- C:\WINDOWS\system32\killapps.exe
2008-11-06 15:45:46 ----A---- C:\WINDOWS\system32\enlocstr.exe
2008-11-06 15:45:46 ----A---- C:\WINDOWS\system32\ctmmactl.dll
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\SET1C6.tmp
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\kill.ini
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\ctscal.dll
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\ctpres.dll
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\AppSetup.exe
2008-11-06 15:30:21 ----D---- C:\Program Files\Innovative Solutions

======List of files/folders modified in the last 1 months======

2008-11-26 18:03:03 ----D---- C:\WINDOWS\Temp
2008-11-26 17:45:40 ----D---- C:\Documents and Settings\mike\Application Data\uTorrent
2008-11-26 13:18:44 ----D---- C:\WINDOWS\Prefetch
2008-11-26 12:53:07 ----D---- C:\Program Files\Mozilla Firefox
2008-11-26 12:33:31 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 09:53:00 ----D---- C:\WINDOWS\Debug
2008-11-26 07:58:29 ----SHD---- C:\WINDOWS\Installer
2008-11-26 07:58:28 ----D---- C:\WINDOWS
2008-11-26 07:58:26 ----SHD---- C:\Config.Msi
2008-11-26 07:56:45 ----D---- C:\Program Files
2008-11-26 07:56:43 ----D---- C:\WINDOWS\system32
2008-11-26 07:53:13 ----D---- C:\Program Files\Common Files
2008-11-26 07:30:55 ----N---- C:\WINDOWS\system32\fdccffbffbd.dll
2008-11-26 07:24:39 ----D---- C:\WINDOWS\network diagnostic
2008-11-26 07:24:25 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-26 07:19:41 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-11-25 14:09:50 ----N---- C:\WINDOWS\system32\76690fc87fd1453bc483de47389e1230.TMP
2008-11-23 18:02:04 ----HD---- C:\WINDOWS\inf
2008-11-23 16:57:26 ----SD---- C:\WINDOWS\Tasks
2008-11-23 16:43:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-23 16:43:16 ----D---- C:\Program Files\Internet Explorer
2008-11-23 16:26:07 ----D---- C:\WINDOWS\Minidump
2008-11-22 18:54:33 ----D---- C:\Documents and Settings\mike\Application Data\mIRC
2008-11-22 17:19:43 ----SD---- C:\Documents and Settings\mike\Application Data\Microsoft
2008-11-21 09:09:49 ----D---- C:\Program Files\uTorrent
2008-11-18 11:32:39 ----D---- C:\WINDOWS\security
2008-11-18 11:27:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-14 06:36:19 ----D---- C:\WINDOWS\Help
2008-11-12 03:04:22 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:00:56 ----D---- C:\WINDOWS\WinSxS
2008-11-11 17:26:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-08 13:40:43 ----D---- C:\Documents and Settings\mike\Application Data\LimeWire
2008-11-06 16:10:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-06 15:57:24 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2008-11-06 15:56:48 ----D---- C:\WINDOWS\system32\Data
2008-11-06 15:04:59 ----D---- C:\Program Files\Apple Software Update
2008-11-06 15:02:25 ----D---- C:\Program Files\Ahead
2008-11-06 15:01:31 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-06 15:01:31 ----D---- C:\Program Files\CyberLink
2008-11-06 14:30:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-06 14:21:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-06 14:21:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-06 12:35:51 ----D---- C:\Program Files\Google
2008-11-06 12:35:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-06 12:32:56 ----D---- C:\Program Files\MySpace
2008-11-06 12:32:04 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-06 12:30:57 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-06 12:26:44 ----D---- C:\Program Files\Common Files\Apple
2008-11-06 11:49:36 ----D---- C:\WINDOWS\system32\config
2008-11-06 11:48:57 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 11:48:56 ----D---- C:\WINDOWS\Registration
2008-11-06 11:42:02 ----D---- C:\WINDOWS\system32\Restore
2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-29 18:38:27 ----A---- C:\additdiag.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys []
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 ubsbm;Unibrain 1394 SBM Driver; C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2008-08-06 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver; C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2008-08-06 39424]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2008-07-07 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-07-07 532376]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2008-07-07 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2008-07-07 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2008-07-07 92696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2008-07-07 797720]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
R3 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-01-21 61952]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-07-07 127512]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-13 167168]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 ubohci;Unibrain 1394 OHCI Driver; C:\WINDOWS\system32\DRIVERS\ubohci.sys [2008-08-06 114688]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATWPKT2;ATWPKT2; \??\C:\Program Files\America Online 8.0\ATWPKT2.SYS []
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL []
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL []
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2008-07-07 347080]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL []
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL []
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2008-07-07 162840]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-07-06 16694]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Edited by mxm, 27 November 2008 - 09:40 AM.


BC AdBot (Login to Remove)

 


#2 mxm

mxm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 27 November 2008 - 09:41 AM

bump

#3 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:04 AM

Posted 27 November 2008 - 10:05 AM

Hello ,

Welcome to Bleeping Computer.

My name mas_pogi and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Attention!

Please do not run any other tool untill instructed to do so.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.
Please reply to this thread, do not start another.




You might want to save this page on your bookmark, so you can find it again when you return.

Firefox: Posted Image Then click on Done.

IExplorer: Posted Image Then click on Add.

Stay calm and everything will be just alright.

I will be analyzing your log. I will get back to you with instructions after it is approved.

With Regards,
mas_pogi

#4 mxm

mxm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 27 November 2008 - 10:54 AM

thank you....at the moment im running the trial version of kaspersky....i hope that is atleast allowed :thumbsup:

idk quite how it started, but as soon as it did the following symptoms started happening:

-taking 2-5 minutes to log onto windows xp with all user names
-something was hijacking my outgoing http requests exp: it would redirect me to a generic search site when trying to search in google, and it would not let me goto any of the antivirus program websites
-random popups, which still occur occasionally
-lots of different named programs/dlls in my startup, mainly the fdccffbffbd.dll one
-very very very slow performance....
-also, when i did finally install an antivirus, it would close it as soon as the program would autorun at startup, and it would not let me load process explorer....only thing i could run was an internet browser and games it seemed
-took away the 'Folder Options' under 'Tools' in windows explorer, so i could not view hidden files


hope that helps....i have since deleted nod32 and installed Kaspersky b/c of the online scanner finding things that nod did not....i also have process explorer, adaware, and the rsit/hijack this installed and i no longer have any problems getting online to the sites i need to and can load any software i want....


thank you soooooo much....and happy turkey day :)

#5 mxm

mxm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 27 November 2008 - 10:57 AM

heres a current rsit log file, just thought since i did install/uninstall some things and cleaned some things up i'd post a new one...hope that doesnt make your job harder :/


Logfile of random's system information tool 1.04 (written by random/random)
Run by mike at 2008-11-27 10:55:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (35%) free of 76 GB
Total RAM: 479 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:54 AM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mike\Desktop\security bleep\RSIT.exe
C:\Documents and Settings\mike\Desktop\mike.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104293769734
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O20 - AppInit_DLLs: karna.dat c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 5713 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avoiocas.job
C:\WINDOWS\tasks\lusxwixo.job
C:\WINDOWS\tasks\pgndjjpo.job
C:\WINDOWS\tasks\phtlektb.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"=C:\WINDOWS\system32\VTPreset.exe [2004-02-24 45056]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-07-29 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Disabled:SoulSeek"
"C:\Program Files\support.com\bin\tgcmd.exe"="C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\YahELite\YahVox.exe"="C:\Program Files\YahELite\YahVox.exe:*:Disabled:Yahoo! voice chat for YahELite"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Guest\Application Data\MySpace\IM\bin\MySpaceIM.exe"="C:\Documents and Settings\Guest\Application Data\MySpace\IM\bin\MySpaceIM.exe:*:Disabled:MySpace Instant Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe"="C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe:*:Disabled:Y!TunnelPro V2.0 Build 366"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe"="C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Disabled:MySpaceIM"
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\Documents and Settings\Guest\My Documents\emulators\snes\ZSNESW.EXE"="C:\Documents and Settings\Guest\My Documents\emulators\snes\ZSNESW.EXE:*:Disabled:ZSNESW"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe:*:Enabled:ESET NOD32 Antivirus"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-27 10:03:33 ----D---- C:\Program Files\Kaspersky Lab
2008-11-27 10:03:33 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-11-27 09:44:10 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-27 09:34:08 ----N---- C:\WINDOWS\system32\e6e62370542dcf1d18992147dede65a4.TMP
2008-11-26 20:48:03 ----A---- C:\WINDOWS\{00000000-00000000-00000009-00001102-00000004-00511102}.BAK
2008-11-26 12:50:38 ----D---- C:\rsit
2008-11-26 07:56:45 ----D---- C:\Program Files\Lavasoft
2008-11-26 07:56:40 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-26 07:53:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-26 07:30:58 ----N---- C:\WINDOWS\system32\ad2390b0b25029200f77aecc21da43b6.TMP
2008-11-23 18:06:45 ----D---- C:\Documents and Settings\mike\Application Data\Malwarebytes
2008-11-23 18:06:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-23 18:06:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-23 17:58:26 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-11-23 16:58:14 ----A---- C:\WINDOWS\system32\cavhwz.dll
2008-11-23 16:58:13 ----A---- C:\WINDOWS\system32\qabohcvu.dll
2008-11-22 16:52:49 ----A---- C:\WINDOWS\system32\ylnmwh.dll
2008-11-22 16:52:48 ----A---- C:\WINDOWS\system32\gkdbecbi.dll
2008-11-22 16:50:04 ----A---- C:\WINDOWS\system32\abf6c139-.txt
2008-11-21 21:30:51 ----D---- C:\Program Files\mIRC
2008-11-21 09:20:12 ----D---- C:\Program Files\Music NFO Builder
2008-11-12 03:00:55 ----D---- C:\Program Files\MSXML 4.0
2008-11-11 17:26:22 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-11-11 17:26:16 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-11-06 15:57:24 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2008-11-06 15:45:53 ----A---- C:\WINDOWS\system32\instwdm.ini
2008-11-06 15:45:53 ----A---- C:\WINDOWS\system32\ctdc0000.dll
2008-11-06 15:45:52 ----A---- C:\WINDOWS\system32\devreg.dll
2008-11-06 15:45:52 ----A---- C:\WINDOWS\system32\ctemupia.dll
2008-11-06 15:45:52 ----A---- C:\WINDOWS\system32\CTBurst.dll
2008-11-06 15:45:52 ----A---- C:\WINDOWS\system32\APOIM32.exe
2008-11-06 15:45:51 ----A---- C:\WINDOWS\system32\sfms32.dll
2008-11-06 15:45:51 ----A---- C:\WINDOWS\system32\psconv.exe
2008-11-06 15:45:51 ----A---- C:\WINDOWS\system32\ctsfinst.dll
2008-11-06 15:45:51 ----A---- C:\WINDOWS\system32\ctdcres.dll
2008-11-06 15:45:51 ----A---- C:\WINDOWS\system32\ct_oal.dll
2008-11-06 15:45:51 ----A---- C:\WINDOWS\INRES.DLL
2008-11-06 15:45:50 ----A---- C:\WINDOWS\system32\regplib.exe
2008-11-06 15:45:50 ----A---- C:\WINDOWS\system32\ctasio.dll
2008-11-06 15:45:49 ----A---- C:\WINDOWS\system32\ac3api.dll
2008-11-06 15:45:48 ----A---- C:\WINDOWS\system32\readreg.exe
2008-11-06 15:45:48 ----A---- C:\WINDOWS\system32\eaxac3.dll
2008-11-06 15:45:48 ----A---- C:\WINDOWS\system32\ctthxcal.dll
2008-11-06 15:45:48 ----A---- C:\WINDOWS\system32\CTpcmcia.dll
2008-11-06 15:45:48 ----A---- C:\WINDOWS\system32\ctmmep.dll
2008-11-06 15:45:47 ----A---- C:\WINDOWS\system32\OALInst.exe
2008-11-06 15:45:47 ----A---- C:\WINDOWS\system32\ctpxst32.exe
2008-11-06 15:45:46 ----A---- C:\WINDOWS\system32\sfman32.dll
2008-11-06 15:45:46 ----A---- C:\WINDOWS\system32\SET1C4.tmp
2008-11-06 15:45:46 ----A---- C:\WINDOWS\system32\killapps.exe
2008-11-06 15:45:46 ----A---- C:\WINDOWS\system32\enlocstr.exe
2008-11-06 15:45:46 ----A---- C:\WINDOWS\system32\ctmmactl.dll
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\SET1C6.tmp
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\kill.ini
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\ctscal.dll
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\ctpres.dll
2008-11-06 15:45:45 ----A---- C:\WINDOWS\system32\AppSetup.exe
2008-11-06 15:30:21 ----D---- C:\Program Files\Innovative Solutions

======List of files/folders modified in the last 1 months======

2008-11-27 10:55:06 ----D---- C:\WINDOWS\Prefetch
2008-11-27 10:54:08 ----D---- C:\WINDOWS\Temp
2008-11-27 10:47:43 ----D---- C:\WINDOWS\system32
2008-11-27 10:47:12 ----D---- C:\Program Files\Mozilla Firefox
2008-11-27 10:39:52 ----D---- C:\WINDOWS
2008-11-27 10:37:24 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-27 10:31:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-27 10:24:51 ----D---- C:\Documents and Settings\mike\Application Data\uTorrent
2008-11-27 10:23:23 ----D---- C:\WINDOWS\system32\drivers
2008-11-27 10:05:09 ----SHD---- C:\WINDOWS\Installer
2008-11-27 10:05:09 ----SHD---- C:\Config.Msi
2008-11-27 10:04:38 ----HD---- C:\WINDOWS\inf
2008-11-27 10:03:33 ----D---- C:\Program Files
2008-11-26 09:53:00 ----D---- C:\WINDOWS\Debug
2008-11-26 07:53:13 ----D---- C:\Program Files\Common Files
2008-11-26 07:24:39 ----D---- C:\WINDOWS\network diagnostic
2008-11-23 16:57:26 ----SD---- C:\WINDOWS\Tasks
2008-11-23 16:43:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-23 16:43:16 ----D---- C:\Program Files\Internet Explorer
2008-11-23 16:26:07 ----D---- C:\WINDOWS\Minidump
2008-11-22 18:54:33 ----D---- C:\Documents and Settings\mike\Application Data\mIRC
2008-11-22 17:19:43 ----SD---- C:\Documents and Settings\mike\Application Data\Microsoft
2008-11-21 09:09:49 ----D---- C:\Program Files\uTorrent
2008-11-18 11:32:39 ----D---- C:\WINDOWS\security
2008-11-18 11:27:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-14 06:36:19 ----D---- C:\WINDOWS\Help
2008-11-12 03:04:22 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:00:56 ----D---- C:\WINDOWS\WinSxS
2008-11-11 17:26:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-08 13:40:43 ----D---- C:\Documents and Settings\mike\Application Data\LimeWire
2008-11-06 16:10:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-06 15:57:24 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2008-11-06 15:56:48 ----D---- C:\WINDOWS\system32\Data
2008-11-06 15:04:59 ----D---- C:\Program Files\Apple Software Update
2008-11-06 15:02:25 ----D---- C:\Program Files\Ahead
2008-11-06 15:01:31 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-06 15:01:31 ----D---- C:\Program Files\CyberLink
2008-11-06 14:30:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-06 14:21:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-06 14:21:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-06 12:35:51 ----D---- C:\Program Files\Google
2008-11-06 12:35:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-06 12:32:56 ----D---- C:\Program Files\MySpace
2008-11-06 12:32:04 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-06 12:30:57 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-06 12:26:44 ----D---- C:\Program Files\Common Files\Apple
2008-11-06 11:49:36 ----D---- C:\WINDOWS\system32\config
2008-11-06 11:48:57 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 11:48:56 ----D---- C:\WINDOWS\Registration
2008-11-06 11:42:02 ----D---- C:\WINDOWS\system32\Restore
2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-29 18:38:27 ----A---- C:\additdiag.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-11-27 213008]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 ubsbm;Unibrain 1394 SBM Driver; C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2008-08-06 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver; C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2008-08-06 39424]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2008-07-07 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-07-07 532376]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2008-07-07 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2008-07-07 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2008-07-07 92696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2008-07-07 797720]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
R3 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-01-21 61952]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-07-07 127512]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-13 167168]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 ubohci;Unibrain 1394 OHCI Driver; C:\WINDOWS\system32\DRIVERS\ubohci.sys [2008-08-06 114688]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATWPKT2;ATWPKT2; \??\C:\Program Files\America Online 8.0\ATWPKT2.SYS []
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL []
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL []
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2008-07-07 347080]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL []
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL []
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2008-07-07 162840]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-07-06 16694]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-07-29 206088]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#6 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:04 AM

Posted 28 November 2008 - 07:56 AM

Hi.

Welcome to Bleeping Computer once again.
We will now start hte malware removal.

Please follow the instructions below.
  • Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Soulseek and Utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

    Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

  • We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Please include the C:\ComboFix.txt in your next reply for further review.
In your reply, please post

C:\combofix.txt
C:\QooBox\Add-Remove Programs.txt


Mark

#7 mxm

mxm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 28 November 2008 - 04:18 PM

thank you mark...i ran the program and everything...d/l'd the windows restore thing....ill follow everything you say to a t to get it back....the computer has been running like it was a couple weeks ago but i know there are still things on here that shouldnt be, i just hope that everything is ok and i dont have to do a full format/re install, but it loox like i wont be having to do that....


thanx again
-mike


log.txt:
ComboFix 08-11-27.07 - mike 2008-11-28 15:53:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.208 [GMT -5:00]
Running from: c:\documents and settings\mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mike\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\cavhwz.dll
c:\windows\Tasks\avoiocas.job
c:\windows\Tasks\lusxwixo.job
c:\windows\Tasks\pgndjjpo.job
c:\windows\Tasks\phtlektb.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 10:04 . 2008-11-27 10:23 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-27 10:04 . 2008-11-27 10:04 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-27 10:03 . 2008-11-27 10:03 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-27 10:03 . 2008-11-28 16:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-27 10:03 . 2008-11-28 16:03 4,236,320 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-27 10:03 . 2008-11-28 16:07 417,824 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-27 10:03 . 2008-11-28 16:03 34,176 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-27 10:03 . 2008-11-28 16:07 2,508 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-27 09:44 . 2008-11-27 09:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-26 20:48 . 2008-11-28 16:07 4,958,588 --a------ c:\windows\{00000000-00000000-00000009-00001102-00000004-00511102}.BAK
2008-11-26 12:50 . 2008-11-26 12:50 <DIR> d-------- C:\rsit
2008-11-26 07:56 . 2008-11-26 07:56 <DIR> d-------- c:\program files\Lavasoft
2008-11-26 07:56 . 2008-11-26 07:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-26 07:53 . 2008-11-26 07:53 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-23 18:06 . 2008-11-23 18:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 18:06 . 2008-11-23 18:06 <DIR> d-------- c:\documents and settings\mike\Application Data\Malwarebytes
2008-11-23 18:06 . 2008-11-23 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-23 18:06 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 18:06 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-23 17:58 . 2008-11-23 17:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-23 16:58 . 2008-11-23 16:58 120,320 --a------ c:\windows\system32\qabohcvu.dll
2008-11-23 15:59 . 2008-11-23 15:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Talkback
2008-11-21 21:30 . 2008-11-22 18:54 <DIR> d-------- c:\program files\mIRC
2008-11-21 09:20 . 2008-11-21 09:20 <DIR> d-------- c:\program files\Music NFO Builder
2008-11-12 03:00 . 2008-11-12 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-11 17:26 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-11-11 17:26 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-11-11 17:26 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-11-11 17:26 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-11-11 17:26 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-11-11 17:26 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-11-11 17:26 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-11-11 17:26 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-11-11 16:01 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 16:00 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-06 19:49 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-06 19:47 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-06 19:47 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-06 19:47 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-06 19:47 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-06 19:47 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-06 19:46 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-06 15:57 . 2008-11-06 15:57 444,952 --a------ c:\windows\system32\wrap_oal.dll
2008-11-06 15:42 . 2008-08-06 13:48 114,688 --a------ c:\windows\system32\drivers\ubohci.sys
2008-11-06 15:42 . 2008-08-06 13:52 100,352 --a------ c:\windows\system32\drivers\UB1394.sys
2008-11-06 15:42 . 2008-08-06 13:53 39,424 --a------ c:\windows\system32\drivers\UBUMAPI.sys
2008-11-06 15:42 . 2008-08-06 13:52 17,408 --a------ c:\windows\system32\drivers\UBSBM.sys
2008-11-06 15:40 . 2007-09-21 17:49 9,216 --a------ c:\windows\system32\drivers\videX32.sys
2008-11-06 15:30 . 2008-11-06 15:30 <DIR> d-------- c:\program files\Innovative Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 19:34 --------- d-----w c:\documents and settings\mike\Application Data\uTorrent
2008-11-22 23:54 --------- d-----w c:\documents and settings\mike\Application Data\mIRC
2008-11-21 14:09 --------- d-----w c:\program files\uTorrent
2008-11-08 18:40 --------- d-----w c:\documents and settings\mike\Application Data\LimeWire
2008-11-06 20:04 --------- d-----w c:\program files\Apple Software Update
2008-11-06 20:02 --------- d-----w c:\program files\Ahead
2008-11-06 20:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 20:01 --------- d-----w c:\program files\CyberLink
2008-11-06 19:30 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-06 19:21 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-06 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-06 17:35 --------- d-----w c:\program files\Google
2008-11-06 17:32 --------- d-----w c:\program files\MySpace
2008-11-06 17:32 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-06 17:26 --------- d-----w c:\program files\Common Files\Apple
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-02 15:25 --------- d-----w c:\documents and settings\mike\Application Data\vlc
2008-09-30 19:21 --------- d-----w c:\program files\VideoLAN
2008-09-29 18:32 --------- d-----w c:\program files\Common Files\InstallShield
2008-07-09 17:11 13,195 ----a-w c:\documents and settings\mike\zguicfgw.dat
2006-03-20 19:37 5,689,344 ----a-w c:\documents and settings\Guest\mplayerc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"VTPreset"="VTPreset.exe" [2004-02-24 c:\windows\system32\VTPreset.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi8"= ProdMidi.dll
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56854:TCP"= 56854:TCP:uTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-11-06 9216]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2008-11-06 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2008-11-06 39424]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-11-06 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-11-06 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-11-06 566296]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2008-11-06 114688]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-11-06 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-11-06 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-11-06 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-11-06 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-11-06 566296]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-brastk - c:\windows\system32\brastk.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\9rbecrms.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 16:07:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\MsPMSPSv.exe
.
**************************************************************************
.
Completion time: 2008-11-28 16:14:26 - machine was rebooted [mike]
ComboFix-quarantined-files.txt 2008-11-28 21:14:23

Pre-Run: 27,893,415,936 bytes free
Post-Run: 29,578,027,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

190 --- E O F --- 2008-11-12 08:08:59



Add-Remove Programs.txt:

µTorrent
Ad-Aware
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
AusLogics Disk Defrag
BlackBerry Desktop Software 4.3
CCleaner (remove only)
DriverMax 4
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Kaspersky Anti-Virus 2009
LimeWire PRO 4.18.3
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Mozilla Firefox (2.0.0.18)
MSXML 4.0 SP2 (KB954430)
Music NFO Builder v1.20
Palm
QuickTime
Roxio Media Manager
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Sound Blaster Audigy
TurboTax Premier 2007
VLC media player 0.9.2
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

Edited by mxm, 28 November 2008 - 04:37 PM.


#8 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:04 AM

Posted 29 November 2008 - 04:38 AM

hi

Lets continue cleaning. BTW, I will set your Windows Security Center to monitor you Antivirus and
Windows updated because they were disabled. I suggest you will enable them so that you will prompted
or get a warning when your AV is disabled and will notify you when new windows updates is available.
  • Please uninstall the following. Using windows ADD/REMOVE program at the control panel.

    Outdated java runtimes:

    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Java™ 6 Update 3
    Java™ 6 Update 5


  • 1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    FILE::
    C:\RECYCLER\S-1-5-21-1951078608-3892172462-226310285-2436\service.exe
    C:\WINDOWS\E9799D51180EBCF428C0E71E5EC4E.exe
    C:\WINDOWS\system32\217a4f513bda8c39391806b701df2f85.TMP
    C:\WINDOWS\system32\2efb3b0a17c581a7bec8fd94826f0358.TMP
    C:\WINDOWS\system32\76690fc87fd1453bc483de47389e1230.TMP
    C:\WINDOWS\system32\979e69aafdc832e62090f6d0de5e4aa9.TMP
    C:\WINDOWS\system32\ad2390b0b25029200f77aecc21da43b6.TMP
    C:\WINDOWS\system32\ca1dab7784d557ec124815fdabe329c6.TMP
    C:\WINDOWS\system32\geBropno.dll
    C:\WINDOWS\system32\gkdbecbi.dll
    C:\WINDOWS\system32\rqRJAqOH.dll
    C:\WINDOWS\system32\urqQkLef.dll
    C:\WINDOWS\system32\yayyVlLB.dll
    C:\WINDOWS\system32\ylnmwh.dll
    c:\windows\{00000000-00000000-00000009-00001102-00000004-00511102}.BAK
    c:\windows\system32\qabohcvu.dll

    REGISTRY::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    "AntiVirusOverride"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"=-


    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

  • Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
In your reply, please post

C:\combofix.txt
Bitdefender scan result


Mark

#9 mxm

mxm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 29 November 2008 - 11:03 AM

i did everything with combofix, but im having a problem with the bitdefender online scan...i ran it in ie and everytime i try to update the virus sig's, it only gets to 8%...never anymore....so idk what i should do next....heres the combofix log tho::

ComboFix 08-11-28.03 - mike 2008-11-29 10:24:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.197 [GMT -5:00]
Running from: c:\documents and settings\mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mike\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\recycler\S-1-5-21-1951078608-3892172462-226310285-2436\service.exe
c:\windows\{00000000-00000000-00000009-00001102-00000004-00511102}.BAK
c:\windows\E9799D51180EBCF428C0E71E5EC4E.exe
c:\windows\system32\217a4f513bda8c39391806b701df2f85.TMP
c:\windows\system32\2efb3b0a17c581a7bec8fd94826f0358.TMP
c:\windows\system32\76690fc87fd1453bc483de47389e1230.TMP
c:\windows\system32\979e69aafdc832e62090f6d0de5e4aa9.TMP
c:\windows\system32\ad2390b0b25029200f77aecc21da43b6.TMP
c:\windows\system32\ca1dab7784d557ec124815fdabe329c6.TMP
c:\windows\system32\geBropno.dll
c:\windows\system32\gkdbecbi.dll
c:\windows\system32\qabohcvu.dll
c:\windows\system32\rqRJAqOH.dll
c:\windows\system32\urqQkLef.dll
c:\windows\system32\yayyVlLB.dll
c:\windows\system32\ylnmwh.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\{00000000-00000000-00000009-00001102-00000004-00511102}.BAK
c:\windows\system32\qabohcvu.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-27 10:04 . 2008-11-27 10:23 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-27 10:04 . 2008-11-27 10:04 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-27 10:03 . 2008-11-27 10:03 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-27 10:03 . 2008-11-29 10:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-27 10:03 . 2008-11-28 16:03 4,236,320 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-27 10:03 . 2008-11-29 10:25 458,784 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-27 10:03 . 2008-11-28 16:03 34,176 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-27 10:03 . 2008-11-29 10:25 2,648 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-27 09:44 . 2008-11-27 09:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-26 12:50 . 2008-11-26 12:50 <DIR> d-------- C:\rsit
2008-11-26 07:56 . 2008-11-26 07:56 <DIR> d-------- c:\program files\Lavasoft
2008-11-26 07:56 . 2008-11-26 07:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-26 07:53 . 2008-11-26 07:53 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-23 18:06 . 2008-11-23 18:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-23 18:06 . 2008-11-23 18:06 <DIR> d-------- c:\documents and settings\mike\Application Data\Malwarebytes
2008-11-23 18:06 . 2008-11-23 18:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-23 18:06 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-23 18:06 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-23 17:58 . 2008-11-23 17:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-23 15:59 . 2008-11-23 15:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Talkback
2008-11-21 21:30 . 2008-11-22 18:54 <DIR> d-------- c:\program files\mIRC
2008-11-21 09:20 . 2008-11-21 09:20 <DIR> d-------- c:\program files\Music NFO Builder
2008-11-12 03:00 . 2008-11-12 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-11 17:26 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-11-11 17:26 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-11-11 17:26 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-11-11 17:26 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-11-11 17:26 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-11-11 17:26 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-11-11 17:26 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-11-11 17:26 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-11-11 16:01 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 16:00 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-06 19:49 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-06 19:47 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-06 19:47 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-06 19:47 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-06 19:47 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-06 19:47 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-06 19:46 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-06 15:57 . 2008-11-06 15:57 444,952 --a------ c:\windows\system32\wrap_oal.dll
2008-11-06 15:42 . 2008-08-06 13:48 114,688 --a------ c:\windows\system32\drivers\ubohci.sys
2008-11-06 15:42 . 2008-08-06 13:52 100,352 --a------ c:\windows\system32\drivers\UB1394.sys
2008-11-06 15:42 . 2008-08-06 13:53 39,424 --a------ c:\windows\system32\drivers\UBUMAPI.sys
2008-11-06 15:42 . 2008-08-06 13:52 17,408 --a------ c:\windows\system32\drivers\UBSBM.sys
2008-11-06 15:40 . 2007-09-21 17:49 9,216 --a------ c:\windows\system32\drivers\videX32.sys
2008-11-06 15:30 . 2008-11-06 15:30 <DIR> d-------- c:\program files\Innovative Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 15:21 --------- d-----w c:\program files\Java
2008-11-27 19:34 --------- d-----w c:\documents and settings\mike\Application Data\uTorrent
2008-11-22 23:54 --------- d-----w c:\documents and settings\mike\Application Data\mIRC
2008-11-21 14:09 --------- d-----w c:\program files\uTorrent
2008-11-08 18:40 --------- d-----w c:\documents and settings\mike\Application Data\LimeWire
2008-11-06 20:57 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-06 20:04 --------- d-----w c:\program files\Apple Software Update
2008-11-06 20:02 --------- d-----w c:\program files\Ahead
2008-11-06 20:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 20:01 --------- d-----w c:\program files\CyberLink
2008-11-06 19:30 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-06 19:21 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-06 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-06 17:35 --------- d-----w c:\program files\Google
2008-11-06 17:32 --------- d-----w c:\program files\MySpace
2008-11-06 17:32 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-06 17:26 --------- d-----w c:\program files\Common Files\Apple
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-02 15:25 --------- d-----w c:\documents and settings\mike\Application Data\vlc
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 19:21 --------- d-----w c:\program files\VideoLAN
2008-09-29 18:32 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-07-09 17:11 13,195 ----a-w c:\documents and settings\mike\zguicfgw.dat
2006-03-20 19:37 5,689,344 ----a-w c:\documents and settings\Guest\mplayerc.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-28_16.13.26.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-28 19:38:19 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-29 14:18:19 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-28 19:38:19 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-29 14:18:19 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VTPreset"="VTPreset.exe" [2004-02-24 c:\windows\system32\VTPreset.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi8"= ProdMidi.dll
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56854:TCP"= 56854:TCP:uTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-11-06 9216]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [2008-11-06 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [2008-11-06 39424]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-11-06 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-11-06 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-11-06 566296]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [2008-11-06 114688]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-11-06 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-11-06 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-11-06 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-11-06 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-11-06 566296]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 10:30:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-29 10:33:07
ComboFix-quarantined-files.txt 2008-11-29 15:31:49
ComboFix2.txt 2008-11-28 21:14:28

Pre-Run: 29,748,961,280 bytes free
Post-Run: 29,718,597,632 bytes free

182 --- E O F --- 2008-11-12 08:08:59

#10 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:04 AM

Posted 30 November 2008 - 09:09 AM

Hi.

We will try to have online scan again. Do the the following below.
  • Go to Posted Image> ALL Programs > Accessories > System Tools > Internet Explorer(No Add-ons)

  • Run ESET Online Scan

    Paste this one in the address bar
    http://www.eset.com/onlinescan
    Then ENTER.
  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
Let me know if it worked. Post the result in your next reply.

Mark

#11 mxm

mxm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 30 November 2008 - 01:01 PM

succesfully ran, but not in no add on mode, i had to use regular ie.....but heres the log from the nod32 online scanner...and it didnt find nada...yay....i hope this means we are close to being done....


thank you for all your help so far mark....you dont know how much i appreciate it


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3651 (20081129)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=95800f17f4413c4f91c114bbadefb7ae
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-11-30 05:54:15
# local_time=2008-11-30 12:54:15 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=181199
# found=0
# scan_time=3559

Edited by mxm, 30 November 2008 - 01:25 PM.


#12 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:04 AM

Posted 30 November 2008 - 08:27 PM

hi.

succesfully ran, but not in no add on mode, i had to use regular ie.....but heres the log from the nod32 online scanner...and it didnt find nada...yay....i hope this means we are close to being done....

Not yet. We are almost there.. :thumbsup:
  • Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

    How to see hidden files in Windows

    Please click this link-->Jotti

    When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

    C:\WINDOWS\system32\fdccffbffbd.dll

    Please post back the results of the scan in your next post.

    If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
  • How's your computer?

In your reply, please post the result of

Jotti/Virustotal
Kaspersky online scan
Answer to my question


#13 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:04 AM

Posted 05 December 2008 - 11:57 AM

hi.


Do you still need help?

Mark

#14 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:04 AM

Posted 06 December 2008 - 08:40 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#15 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:05:04 AM

Posted 10 December 2008 - 05:46 PM

hi mxm.


Could you post the result in my last instructions?

Mark




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users