Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware.Trace and Trojan.Vundo


  • This topic is locked This topic is locked
13 replies to this topic

#1 okartee

okartee

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 11 January 2009 - 10:16 PM

Apparently, I downloaded a harmful file, and my computer was loaded with malware and spyware, all that wonderful stuff. I removed it all with MBAM, but there are two that won't go away, Malware.Trace and Trojan.Vundo. I've tried Vundo Fix, but nothing will remove them, please help me.

DDS:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Palumbo at 22:11:16.28 on Sun 01/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1208 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\LVComsX.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Palumbo\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: {7fbe7ba7-b872-d83a-1084-43c020c036d4}: {4d630c02-0c34-4801-a38d-278b7ab7ebf7} - c:\windows\system32\uqvscm.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E30D39D-67B2-491D-9A31-C0095A8B2127} - No File
BHO: {A36380D1-5D11-46B6-ACE1-7DE9F1B9ADAC} - No File
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
AppInit_DLLs: djukxn.dll uqvscm.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\palumbo\applic~1\mozilla\firefox\profiles\ql64gg1w.default\
FF - plugin: c:\documents and settings\palumbo\application data\mozilla\firefox\profiles\ql64gg1w.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: XUL Cache: {F63DC2A6-529F-4615-9F39-2F2F841F8136} - c:\windows\system32\config\systemprofile\local settings\application data\{f63dc2a6-529f-4615-9f39-2f2f841f8136}\

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-13 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-13 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-13 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-13 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-13 40488]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [2008-12-30 346784]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-13 359248]
R4 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-12-13 144704]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-12-23 16194]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-13 33832]
S3 nenum13E;nenum13E;\??\c:\docume~1\palumbo\locals~1\temp\nenum13e.sys --> c:\docume~1\palumbo\locals~1\temp\nenum13E.sys [?]

=============== Created Last 30 ================

2009-01-11 21:41 <DIR> --d----- C:\VundoFix Backups
2009-01-11 08:56 123,392 a------- c:\windows\system32\uqvscm.dll
2009-01-11 08:56 123,392 a------- c:\windows\system32\drvlhrod.dll
2009-01-11 08:56 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-11 08:53 1,256,329 ---sh--- c:\windows\system32\eoviricv.ini
2009-01-10 23:00 <DIR> --d----- c:\docume~1\palumbo\applic~1\Unity
2009-01-10 22:37 <DIR> --d----- c:\program files\Unity
2009-01-07 13:23 <DIR> --d----- c:\program files\GameTap
2009-01-07 13:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameTap
2009-01-07 09:55 <DIR> --d----- c:\program files\CamStudio
2009-01-06 17:09 376 a------- c:\windows\ODBC.INI
2009-01-06 17:09 28,040 a------- c:\windows\system32\mdimon.dll
2009-01-06 17:08 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-06 17:08 <DIR> --d----- c:\windows\SHELLNEW
2009-01-04 15:37 <DIR> --d----- c:\windows\system32\Adobe
2009-01-01 15:18 <DIR> --d----- c:\program files\Battleships Forever
2008-12-30 23:34 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2008-12-30 23:34 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-30 23:34 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-30 23:34 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-30 09:10 346,784 a----r-- c:\windows\system32\drivers\wg311tn5.sys
2008-12-27 01:00 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-26 20:20 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2008-12-26 17:50 <DIR> --d----- c:\program files\Bethesda Softworks
2008-12-26 17:48 <DIR> --d----- c:\windows\system32\xlive
2008-12-26 17:47 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-26 12:05 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-26 12:05 208,744 a------- c:\windows\system32\muweb.dll
2008-12-26 12:05 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-25 11:11 507,400 a------- c:\windows\system32\XAudio2_1.dll
2008-12-25 11:11 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2008-12-25 11:11 238,088 a------- c:\windows\system32\xactengine3_1.dll
2008-12-25 11:11 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2008-12-25 11:11 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2008-12-25 11:11 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2008-12-25 11:11 467,984 a------- c:\windows\system32\d3dx10_38.dll
2008-12-25 11:11 479,752 a------- c:\windows\system32\XAudio2_0.dll
2008-12-25 11:11 238,088 a------- c:\windows\system32\xactengine3_0.dll
2008-12-25 11:11 25,608 a------- c:\windows\system32\X3DAudio1_3.dll
2008-12-25 11:09 <DIR> --d----- c:\windows\Logs
2008-12-25 11:09 139,280 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-25 11:09 22,328 a------- c:\docume~1\palumbo\applic~1\PnkBstrK.sys
2008-12-25 11:09 202,000 a------- c:\windows\system32\PnkBstrB.exe
2008-12-25 11:09 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-25 11:09 682,280 a------- c:\windows\system32\pbsvc.exe
2008-12-25 10:55 <DIR> --d----- c:\program files\Activision
2008-12-25 10:53 <DIR> --dsh--- c:\windows\ftpcache
2008-12-24 23:53 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-24 23:53 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-24 23:52 <DIR> --d----- c:\program files\iPod
2008-12-24 23:52 <DIR> --d----- c:\program files\iTunes
2008-12-24 23:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 23:52 <DIR> --d----- c:\program files\Bonjour
2008-12-24 23:51 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-12-23 21:05 <DIR> --d----- c:\windows\Downloaded Installations
2008-12-23 21:03 73,728 a------- c:\windows\system32\AW32n50.dll
2008-12-23 21:03 16,194 a------- c:\windows\system32\AWINDIS5.SYS
2008-12-23 13:52 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2008-12-23 13:52 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2008-12-23 13:52 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
2008-12-23 13:52 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2008-12-23 13:52 15,232 ac------ c:\windows\system32\dllcache\streamip.sys
2008-12-23 13:52 15,232 a------- c:\windows\system32\drivers\StreamIP.sys
2008-12-23 13:52 16,384 ac------ c:\windows\system32\dllcache\ipsink.ax
2008-12-23 13:52 16,384 a------- c:\windows\system32\ipsink.ax
2008-12-23 13:52 11,136 ac------ c:\windows\system32\dllcache\slip.sys
2008-12-23 13:52 11,136 a------- c:\windows\system32\drivers\SLIP.sys
2008-12-23 13:48 <DIR> --d----- c:\program files\common files\Logitech
2008-12-23 09:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\YoYoGames
2008-12-22 21:32 <DIR> --d----- c:\docume~1\palumbo\applic~1\Malwarebytes
2008-12-22 21:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 21:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 21:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 21:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-22 18:38 <DIR> --d----- c:\program files\Lavasoft
2008-12-22 18:33 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-22 18:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-20 15:12 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-20 15:11 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-20 15:11 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-20 15:11 117,760 -------- c:\windows\system32\prntvpt.dll
2008-12-20 15:11 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2008-12-20 15:11 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-20 15:11 <DIR> --d----- C:\b81e2ba3f3a298ee08
2008-12-20 15:11 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2008-12-20 15:11 575,488 -------- c:\windows\system32\xpsshhdr.dll
2008-12-20 15:01 <DIR> --d----- C:\82e3aac19b75d18365afee
2008-12-20 15:00 116,736 a------- c:\windows\system32\CNMLM64.DLL
2008-12-20 15:00 7,680 a------- c:\windows\system32\CNMVS64.DLL
2008-12-20 15:00 86,016 a------- c:\windows\system32\CNMCP64.exe
2008-12-20 15:00 <DIR> --d-h--- C:\BJPrinter
2008-12-20 14:53 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2008-12-20 14:53 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2008-12-19 16:55 <DIR> --d----- c:\windows\system32\scripting
2008-12-19 16:55 <DIR> --d----- c:\windows\l2schemas
2008-12-19 16:55 <DIR> --d----- c:\windows\system32\en
2008-12-19 16:55 <DIR> --d----- c:\windows\system32\bits
2008-12-19 16:53 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-19 06:35 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-18 23:01 647,872 a------- c:\windows\system32\mscomct2.ocx
2008-12-18 23:01 140,488 a------- c:\windows\system32\comdlg32.ocx
2008-12-18 23:01 61,440 a------- c:\windows\system32\digitbox.ocx
2008-12-18 23:01 <DIR> --d----- c:\program files\Alarm
2008-12-17 15:49 <DIR> --d----- c:\program files\Curse
2008-12-14 22:16 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-14 20:40 4,096 a------- c:\windows\d3dx.dat
2008-12-14 20:32 <DIR> --d----- c:\program files\Microsoft Games
2008-12-14 19:28 <DIR> --d----- c:\program files\GameSpy Arcade
2008-12-14 19:27 <DIR> --d----- c:\docume~1\palumbo\applic~1\Xfire
2008-12-14 19:27 <DIR> --ds---- c:\program files\Xfire
2008-12-14 17:51 <DIR> --d----- c:\program files\DreamCatcher
2008-12-14 17:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2008-12-14 17:10 <DIR> --d----- c:\program files\Red Storm Entertainment
2008-12-14 17:10 306,688 a------- c:\windows\IsUninst.exe
2008-12-14 17:10 <DIR> --d----- c:\documents and settings\palumbo\WINDOWS
2008-12-14 17:05 <DIR> --d----- c:\program files\Lionhead Studios Ltd
2008-12-14 16:33 <DIR> --d----- C:\Logs
2008-12-14 10:05 <DIR> --d----- c:\program files\Reality Pump
2008-12-14 10:05 <DIR> --d----- c:\windows\system32\AGEIA
2008-12-14 10:04 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-13 14:15 <DIR> --d----- c:\program files\LucasArts
2008-12-13 12:56 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2008-12-13 12:48 <DIR> --d----- c:\program files\World of Warcraft
2008-12-13 11:30 <DIR> --d----- c:\program files\Steam
2008-12-13 11:13 2,387,968 a------- c:\windows\system32\nvwssr.dll
2008-12-13 11:12 3,284,992 a------- c:\windows\system32\nvgames.dll
2008-12-13 11:12 5,439,488 a------- c:\windows\system32\nvdispsr.dll
2008-12-13 11:12 6,221,824 a------- c:\windows\system32\nvdisps.dll
2008-12-13 11:12 8,429,568 a------- c:\windows\system32\nvcpl.dll
2008-12-13 11:12 352,256 a------- c:\windows\system32\nvapi.dll
2008-12-13 11:12 37,888 a------- c:\windows\system32\nvcodins.dll
2008-12-13 11:12 37,888 a------- c:\windows\system32\nvcod.dll
2008-12-13 11:12 6,738,432 ac------ c:\windows\system32\dllcache\nv4_mini.sys
2008-12-13 11:12 6,738,432 a------- c:\windows\system32\drivers\nv4_mini.sys
2008-12-13 11:12 5,421,312 ac------ c:\windows\system32\dllcache\nv4_disp.dll
2008-12-13 11:12 5,421,312 a------- c:\windows\system32\nv4_disp.dll
2008-12-13 11:12 <DIR> --d----- c:\windows\system32\EVGA
2008-12-13 11:08 18,707 a------- c:\windows\system32\Config.MPF
2008-12-13 11:07 143,360 a------- c:\windows\system32\dunzip32.dll
2008-12-13 11:05 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2008-12-13 11:05 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2008-12-13 11:05 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2008-12-13 11:05 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2008-12-13 11:05 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2008-12-13 11:05 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2008-12-13 11:05 <DIR> --d----- c:\program files\McAfee.com
2008-12-13 11:05 <DIR> --d----- c:\program files\common files\McAfee
2008-12-13 11:05 <DIR> --d----- c:\program files\McAfee
2008-12-13 10:35 13,646 a------- c:\windows\system32\wpa.bak
2008-12-13 08:47 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-12-13 08:47 272,128 -------- c:\windows\system32\drivers\bthport.sys
2008-12-13 08:47 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-12-13 08:46 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-12-13 08:46 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-13 08:46 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-13 08:46 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-13 08:46 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-13 08:46 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2008-12-13 08:46 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-12-13 08:46 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-12-13 08:44 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-12-13 08:44 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2008-12-13 08:40 <DIR> --d----- c:\windows\system32\PreInstall
2008-12-13 08:35 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-12-13 08:35 6,272 a------- c:\windows\system32\drivers\splitter.sys
2008-12-13 08:35 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2008-12-13 08:35 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2008-12-13 08:35 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2008-12-13 08:35 142,592 a------- c:\windows\system32\drivers\aec.sys
2008-12-13 08:34 <DIR> --d----- c:\program files\SigmaTel
2008-12-13 08:33 1,904 -------- c:\windows\system32\SetupBD.din
2008-12-13 08:32 43,880 a----r-- c:\windows\system32\e100bmsg.dll
2008-12-13 08:32 165,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2008-12-13 08:32 165,760 a----r-- c:\windows\system32\drivers\e100b325.sys
2008-12-13 08:32 154,496 a----r-- c:\windows\system32\Prounstl.exe
2008-12-13 08:32 35,704 a----r-- c:\windows\system32\NicInst.dll
2008-12-13 08:32 28,536 a----r-- c:\windows\system32\NicCo.dll
2008-12-13 08:32 5,456 a----r-- c:\windows\system32\e100b325.din
2008-12-13 08:30 <DIR> --d----- c:\windows\system32\ReinstallBackups
2008-12-13 08:29 <DIR> --d----- c:\program files\MSXML 4.0
2008-12-13 08:29 <DIR> --d----- C:\TempEI4

==================== Find3M ====================

2008-12-19 16:56 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-12 17:59 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 22:11:48.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 12 January 2009 - 06:09 AM

Hi, and Welcome to BleepingComputer :thumbsup:

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through the instructions before starting to follow them to amek sure you understand everything you have to do.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Please download GooredFix and save it to your Desktop. Double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.


Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

**Save it to your desktop**

We need to disable one or more of your security programs so that they do not interfere with ComboFix.

You need to disable TeaTimer, so that it doesn't interfere with our fix.

This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, click once on Resident Protection, then right-click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For both versions :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go to the bottom of the vertical panel on the left, click Tools
  • Then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Disable McAfee Anti-Virus/Firewall
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • Right-click it -> open the Security Centre.
  • Please shutdown/disable these items:
    Virus Protection
    Firewall
Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
  • ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Thanks.

Edited by jpshortstuff, 12 January 2009 - 06:13 AM.

Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 okartee

okartee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 12 January 2009 - 10:15 AM

Hi jpshortstuff, thanks so much for replying to me :thumbsup:




First, the GooredLog:
GooredFix v1.81 by jpshortstuff
Log created at 09:48 on 12/01/2009 running Option #2 (Palumbo)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{F63DC2A6-529F-4615-9F39-2F2F841F8136}"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\"
->Backing up value... Done.
->Deleting value... Done.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Failed.
->Delete on reboot... Set.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

=====Reboot=====

Now for the ComboFix log:
ComboFix 09-01-11.04 - Palumbo 2009-01-12 10:00:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1682 [GMT -5:00]
Running from: c:\documents and settings\Palumbo\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Palumbo\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaqgnefdlm.sys
c:\windows\system32\drvlhrod.dll
c:\windows\system32\eoviricv.ini
c:\windows\system32\senekajnrusdot.dll
c:\windows\system32\senekataxicund.dll
c:\windows\system32\uqvscm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-11 21:41 . 2009-01-11 21:41 <DIR> d-------- C:\VundoFix Backups
2009-01-11 08:56 . 2009-01-11 08:56 73,216 --a------ c:\windows\system32\ffkuz.dll
2009-01-10 23:00 . 2009-01-10 23:00 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Unity
2009-01-10 22:37 . 2009-01-10 22:37 <DIR> d-------- c:\program files\Unity
2009-01-07 13:23 . 2009-01-07 13:23 <DIR> d-------- c:\program files\GameTap
2009-01-07 13:23 . 2009-01-07 13:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\GameTap
2009-01-07 09:55 . 2009-01-07 10:03 <DIR> d-------- c:\program files\CamStudio
2009-01-06 17:09 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll
2009-01-06 17:09 . 2009-01-06 17:09 376 --a------ c:\windows\ODBC.INI
2009-01-06 17:08 . 2009-01-06 17:08 <DIR> d-------- c:\windows\SHELLNEW
2009-01-06 17:08 . 2009-01-06 17:08 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-01-06 17:06 . 2009-01-06 17:06 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-06 17:05 . 2009-01-06 17:05 <DIR> dr-h----- C:\MSOCache
2009-01-04 15:37 . 2009-01-04 15:38 <DIR> d-------- c:\windows\system32\Adobe
2009-01-01 15:18 . 2009-01-11 16:43 <DIR> d-------- c:\program files\Battleships Forever
2008-12-30 23:34 . 2008-04-13 19:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-30 23:34 . 2008-04-13 13:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-30 23:34 . 2008-04-13 13:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-30 23:34 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-30 09:10 . 2004-03-08 18:12 346,784 -ra------ c:\windows\system32\drivers\wg311tn5.sys
2008-12-27 01:00 . 2008-12-27 01:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-26 20:20 . 2008-12-26 20:20 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-26 17:50 . 2008-12-26 17:50 <DIR> d-------- c:\program files\Bethesda Softworks
2008-12-26 17:50 . 2008-12-26 17:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-12-26 17:48 . 2008-12-26 17:48 <DIR> d-------- c:\windows\system32\xlive
2008-12-26 17:47 . 2009-01-11 18:29 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-26 12:05 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-26 12:05 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-26 12:05 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-25 17:02 . 2008-12-25 17:02 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-25 11:11 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-12-25 11:11 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-12-25 11:11 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-25 11:11 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-12-25 11:11 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-12-25 11:11 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-25 11:11 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2008-12-25 11:11 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-25 11:11 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-25 11:11 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2008-12-25 11:09 . 2008-12-25 11:09 <DIR> d-------- c:\windows\Logs
2008-12-25 11:09 . 2008-12-25 11:09 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-12-25 11:09 . 2009-01-10 17:48 202,000 --a------ c:\windows\system32\PnkBstrB.exe
2008-12-25 11:09 . 2009-01-10 17:48 139,280 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-12-25 11:09 . 2008-12-25 11:09 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-12-25 11:09 . 2008-12-25 11:09 22,328 --a------ c:\documents and settings\Palumbo\Application Data\PnkBstrK.sys
2008-12-25 10:55 . 2008-12-25 10:55 <DIR> d-------- c:\program files\Activision
2008-12-25 10:53 . 2008-12-25 10:53 <DIR> d--hs---- c:\windows\ftpcache
2008-12-24 23:53 . 2008-12-25 16:46 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Apple Computer
2008-12-24 23:53 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-24 23:53 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\program files\QuickTime
2008-12-24 23:52 . 2008-12-24 23:53 <DIR> d-------- c:\program files\iTunes
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\program files\iPod
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\program files\Bonjour
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-24 23:52 . 2008-12-24 23:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 23:51 . 2008-12-24 23:52 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-24 23:51 . 2008-12-24 23:51 <DIR> d-------- c:\program files\Apple Software Update
2008-12-24 23:51 . 2008-12-24 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-24 23:51 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-23 21:05 . 2008-12-23 21:05 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-23 21:03 . 2002-04-12 10:06 73,728 --a------ c:\windows\system32\AW32n50.dll
2008-12-23 21:03 . 2002-04-11 17:43 16,194 --a------ c:\windows\system32\AWINDIS5.SYS
2008-12-23 20:54 . 2008-12-23 20:54 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\AdobeUM
2008-12-23 13:52 . 2008-04-13 19:12 16,384 --a------ c:\windows\system32\ipsink.ax
2008-12-23 13:52 . 2008-04-13 19:12 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2008-12-23 13:52 . 2008-04-13 13:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys
2008-12-23 13:52 . 2008-04-13 13:46 15,232 --a--c--- c:\windows\system32\dllcache\streamip.sys
2008-12-23 13:52 . 2008-04-13 13:46 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2008-12-23 13:52 . 2008-04-13 13:46 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2008-12-23 13:52 . 2008-04-13 13:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-12-23 13:52 . 2008-04-13 13:46 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-12-23 13:52 . 2008-04-13 13:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-23 13:52 . 2008-04-13 13:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-12-23 13:48 . 2008-12-23 13:48 <DIR> d-------- c:\program files\Logitech
2008-12-23 13:48 . 2008-12-23 13:48 <DIR> d-------- c:\program files\Common Files\Logitech
2008-12-23 09:28 . 2008-12-23 09:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\YoYoGames
2008-12-22 21:32 . 2008-12-22 21:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 21:32 . 2008-12-22 21:32 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Malwarebytes
2008-12-22 21:32 . 2008-12-22 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 21:32 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 21:32 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 18:38 . 2008-12-22 18:38 <DIR> d-------- c:\program files\Lavasoft
2008-12-22 18:38 . 2008-12-23 09:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-22 18:33 . 2008-12-22 18:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-22 18:33 . 2008-12-22 21:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 15:12 . 2008-12-20 15:12 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-20 15:12 . 2008-12-20 15:12 <DIR> d-------- c:\program files\MSBuild
2008-12-20 15:11 . 2008-12-20 15:11 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-20 15:11 . 2008-12-20 15:11 <DIR> d-------- C:\b81e2ba3f3a298ee08
2008-12-20 15:11 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-12-20 15:11 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-20 15:11 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-20 15:11 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-12-20 15:11 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-20 15:11 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-12-20 15:11 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-20 15:01 . 2008-12-20 15:04 <DIR> d-------- C:\82e3aac19b75d18365afee
2008-12-20 15:00 . 2008-12-20 15:00 <DIR> d--h----- C:\BJPrinter
2008-12-20 15:00 . 2004-04-23 14:00 116,736 --a------ c:\windows\system32\CNMLM64.DLL
2008-12-20 15:00 . 2004-03-12 01:06 86,016 --a------ c:\windows\system32\CNMCP64.exe
2008-12-20 15:00 . 2004-04-23 14:00 7,680 --a------ c:\windows\system32\CNMVS64.DLL
2008-12-20 14:53 . 2008-04-13 13:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-20 14:53 . 2008-04-13 13:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\system32\scripting
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\system32\en
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\system32\bits
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\l2schemas
2008-12-19 16:53 . 2008-12-19 16:53 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-19 06:35 . 2004-08-03 22:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-18 23:01 . 2008-12-18 23:01 <DIR> d-------- c:\program files\Alarm
2008-12-18 23:01 . 2000-05-21 23:00 647,872 --a------ c:\windows\system32\mscomct2.ocx
2008-12-18 23:01 . 2000-05-21 23:00 140,488 --a------ c:\windows\system32\comdlg32.ocx
2008-12-18 23:01 . 2007-04-29 23:24 61,440 --a------ c:\windows\system32\digitbox.ocx
2008-12-17 15:49 . 2008-12-17 15:49 <DIR> d-------- c:\program files\Curse
2008-12-15 22:11 . 2008-12-15 22:11 0 --a------ c:\windows\nsreg.dat
2008-12-14 22:16 . 2008-12-25 11:09 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-14 20:40 . 2008-12-14 20:40 4,096 --a------ c:\windows\d3dx.dat
2008-12-14 20:32 . 2008-12-14 20:32 <DIR> d-------- c:\program files\Microsoft Games
2008-12-14 19:28 . 2008-12-19 19:51 <DIR> d-------- c:\program files\GameSpy Arcade
2008-12-14 19:27 . 2008-12-14 19:27 <DIR> d---s---- c:\program files\Xfire
2008-12-14 19:27 . 2008-12-14 19:27 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Xfire
2008-12-14 17:51 . 2008-12-14 17:51 <DIR> d-------- c:\program files\DreamCatcher
2008-12-14 17:44 . 2008-12-14 17:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 23:02 --------- d-----w c:\program files\microsoft frontpage
2008-10-28 22:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 22:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2009-01-05 1410296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-18 c:\windows\sttray.exe]
"nwiz"="nwiz.exe" [2007-05-11 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=djukxn.dll uqvscm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [2008-12-30 346784]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-12-23 16194]
S3 nenum13E;nenum13E;\??\c:\docume~1\Palumbo\LOCALS~1\Temp\nenum13E.sys --> c:\docume~1\Palumbo\LOCALS~1\Temp\nenum13E.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-12 c:\windows\Tasks\bnvwrfee.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4d630c02-0c34-4801-a38d-278b7ab7ebf7} - c:\windows\system32\uqvscm.dll
BHO-{7E30D39D-67B2-491D-9A31-C0095A8B2127} - (no file)
BHO-{A36380D1-5D11-46B6-ACE1-7DE9F1B9ADAC} - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Palumbo\Application Data\Mozilla\Firefox\Profiles\ql64gg1w.default\
FF - plugin: c:\documents and settings\Palumbo\Application Data\Mozilla\Firefox\Profiles\ql64gg1w.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 10:02:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-12 10:03:18
ComboFix-quarantined-files.txt 2009-01-12 15:03:16

Pre-Run: 398,269,575,168 bytes free
Post-Run: 398,691,618,816 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

259 --- E O F --- 2009-01-08 20:47:46

And finally the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:46 AM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {4d630c02-0c34-4801-a38d-278b7ab7ebf7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E30D39D-67B2-491D-9A31-C0095A8B2127} - (no file)
O2 - BHO: (no name) - {A36380D1-5D11-46B6-ACE1-7DE9F1B9ADAC} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: djukxn.dll uqvscm.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 5852 bytes

Edited by okartee, 12 January 2009 - 10:17 AM.


#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 12 January 2009 - 07:17 PM

Hi :thumbsup:

I take it GooredFix asked you to reboot. Is there by any chance there is a log on your Desktop called "GooredRebootLog.txt" or similar? If so, please post it. If not, don't worry.

Please disable your security programs as before.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\ffkuz.dll
c:\docume~1\Palumbo\LOCALS~1\Temp\nenum13E.sys

DirLook::
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

Driver::
nenum13E

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d630c02-0c34-4801-a38d-278b7ab7ebf7}]
[-HKEY_CLASSES_ROOT\CLSID\{4d630c02-0c34-4801-a38d-278b7ab7ebf7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E30D39D-67B2-491D-9A31-C0095A8B2127}]
[-HKEY_CLASSES_ROOT\CLSID\{7E30D39D-67B2-491D-9A31-C0095A8B2127}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A36380D1-5D11-46B6-ACE1-7DE9F1B9ADAC}]
[-HKEY_CLASSES_ROOT\CLSID\{A36380D1-5D11-46B6-ACE1-7DE9F1B9ADAC}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=djukxn.dll uqvscm.dll

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new DDS log (the "post" one only please).
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
How's the computer running now?

Thanks.

Edited by jpshortstuff, 12 January 2009 - 07:18 PM.

Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 okartee

okartee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 12 January 2009 - 08:31 PM

Alright, so I didn't have the "GooredRebootLog.txt" anywhere, sorry. But I did do all you told me to, so here are the logs:

ComboFix log:
ComboFix 09-01-11.04 - Palumbo 2009-01-12 19:30:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1612 [GMT -5:00]
Running from: c:\documents and settings\Palumbo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Palumbo\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\docume~1\Palumbo\LOCALS~1\Temp\nenum13E.sys
c:\windows\system32\ffkuz.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NENUM13E
-------\Service_nenum13E


((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-12 10:14 . 2009-01-12 10:14 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 21:41 . 2009-01-11 21:41 <DIR> d-------- C:\VundoFix Backups
2009-01-10 23:00 . 2009-01-10 23:00 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Unity
2009-01-10 22:37 . 2009-01-10 22:37 <DIR> d-------- c:\program files\Unity
2009-01-07 13:23 . 2009-01-07 13:23 <DIR> d-------- c:\program files\GameTap
2009-01-07 13:23 . 2009-01-07 13:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\GameTap
2009-01-07 09:55 . 2009-01-07 10:03 <DIR> d-------- c:\program files\CamStudio
2009-01-06 17:09 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll
2009-01-06 17:09 . 2009-01-06 17:09 376 --a------ c:\windows\ODBC.INI
2009-01-06 17:08 . 2009-01-06 17:08 <DIR> d-------- c:\windows\SHELLNEW
2009-01-06 17:08 . 2009-01-06 17:08 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-01-06 17:06 . 2009-01-06 17:06 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-06 17:05 . 2009-01-06 17:05 <DIR> dr-h----- C:\MSOCache
2009-01-04 15:37 . 2009-01-04 15:38 <DIR> d-------- c:\windows\system32\Adobe
2009-01-01 15:18 . 2009-01-11 16:43 <DIR> d-------- c:\program files\Battleships Forever
2008-12-30 23:34 . 2008-04-13 19:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-30 23:34 . 2008-04-13 13:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-30 23:34 . 2008-04-13 13:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-30 23:34 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-30 09:10 . 2004-03-08 18:12 346,784 -ra------ c:\windows\system32\drivers\wg311tn5.sys
2008-12-27 01:00 . 2008-12-27 01:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-26 20:20 . 2008-12-26 20:20 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-26 17:50 . 2008-12-26 17:50 <DIR> d-------- c:\program files\Bethesda Softworks
2008-12-26 17:50 . 2008-12-26 17:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-12-26 17:48 . 2008-12-26 17:48 <DIR> d-------- c:\windows\system32\xlive
2008-12-26 17:47 . 2009-01-11 18:29 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-26 12:05 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-26 12:05 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-26 12:05 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-25 17:02 . 2008-12-25 17:02 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-25 11:11 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-12-25 11:11 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-12-25 11:11 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-25 11:11 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-12-25 11:11 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-12-25 11:11 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-25 11:11 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2008-12-25 11:11 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-25 11:11 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-25 11:11 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2008-12-25 11:09 . 2008-12-25 11:09 <DIR> d-------- c:\windows\Logs
2008-12-25 11:09 . 2008-12-25 11:09 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-12-25 11:09 . 2009-01-10 17:48 202,000 --a------ c:\windows\system32\PnkBstrB.exe
2008-12-25 11:09 . 2009-01-10 17:48 139,280 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-12-25 11:09 . 2008-12-25 11:09 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-12-25 11:09 . 2008-12-25 11:09 22,328 --a------ c:\documents and settings\Palumbo\Application Data\PnkBstrK.sys
2008-12-25 10:55 . 2008-12-25 10:55 <DIR> d-------- c:\program files\Activision
2008-12-25 10:53 . 2008-12-25 10:53 <DIR> d--hs---- c:\windows\ftpcache
2008-12-24 23:53 . 2008-12-25 16:46 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Apple Computer
2008-12-24 23:53 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-24 23:53 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\program files\QuickTime
2008-12-24 23:52 . 2008-12-24 23:53 <DIR> d-------- c:\program files\iTunes
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\program files\iPod
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\program files\Bonjour
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-24 23:52 . 2008-12-24 23:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 23:51 . 2008-12-24 23:52 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-24 23:51 . 2008-12-24 23:51 <DIR> d-------- c:\program files\Apple Software Update
2008-12-24 23:51 . 2008-12-24 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-24 23:51 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-23 21:05 . 2008-12-23 21:05 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-23 21:03 . 2002-04-12 10:06 73,728 --a------ c:\windows\system32\AW32n50.dll
2008-12-23 21:03 . 2002-04-11 17:43 16,194 --a------ c:\windows\system32\AWINDIS5.SYS
2008-12-23 20:54 . 2008-12-23 20:54 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\AdobeUM
2008-12-23 13:52 . 2008-04-13 19:12 16,384 --a------ c:\windows\system32\ipsink.ax
2008-12-23 13:52 . 2008-04-13 19:12 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2008-12-23 13:52 . 2008-04-13 13:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys
2008-12-23 13:52 . 2008-04-13 13:46 15,232 --a--c--- c:\windows\system32\dllcache\streamip.sys
2008-12-23 13:52 . 2008-04-13 13:46 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2008-12-23 13:52 . 2008-04-13 13:46 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2008-12-23 13:52 . 2008-04-13 13:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-12-23 13:52 . 2008-04-13 13:46 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-12-23 13:52 . 2008-04-13 13:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-23 13:52 . 2008-04-13 13:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-12-23 13:48 . 2008-12-23 13:48 <DIR> d-------- c:\program files\Logitech
2008-12-23 13:48 . 2008-12-23 13:48 <DIR> d-------- c:\program files\Common Files\Logitech
2008-12-23 09:28 . 2008-12-23 09:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\YoYoGames
2008-12-22 21:32 . 2008-12-22 21:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 21:32 . 2008-12-22 21:32 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Malwarebytes
2008-12-22 21:32 . 2008-12-22 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 21:32 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 21:32 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 18:38 . 2008-12-22 18:38 <DIR> d-------- c:\program files\Lavasoft
2008-12-22 18:38 . 2008-12-23 09:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-22 18:33 . 2008-12-22 18:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-22 18:33 . 2008-12-22 21:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 15:12 . 2008-12-20 15:12 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-20 15:12 . 2008-12-20 15:12 <DIR> d-------- c:\program files\MSBuild
2008-12-20 15:11 . 2008-12-20 15:11 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-20 15:11 . 2008-12-20 15:11 <DIR> d-------- C:\b81e2ba3f3a298ee08
2008-12-20 15:11 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-12-20 15:11 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-20 15:11 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-20 15:11 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-12-20 15:11 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-20 15:11 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-12-20 15:11 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-20 15:01 . 2008-12-20 15:04 <DIR> d-------- C:\82e3aac19b75d18365afee
2008-12-20 15:00 . 2008-12-20 15:00 <DIR> d--h----- C:\BJPrinter
2008-12-20 15:00 . 2004-04-23 14:00 116,736 --a------ c:\windows\system32\CNMLM64.DLL
2008-12-20 15:00 . 2004-03-12 01:06 86,016 --a------ c:\windows\system32\CNMCP64.exe
2008-12-20 15:00 . 2004-04-23 14:00 7,680 --a------ c:\windows\system32\CNMVS64.DLL
2008-12-20 14:53 . 2008-04-13 13:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-20 14:53 . 2008-04-13 13:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\system32\scripting
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\system32\en
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\system32\bits
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\l2schemas
2008-12-19 16:53 . 2008-12-19 16:53 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-19 06:35 . 2004-08-03 22:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-18 23:01 . 2008-12-18 23:01 <DIR> d-------- c:\program files\Alarm
2008-12-18 23:01 . 2000-05-21 23:00 647,872 --a------ c:\windows\system32\mscomct2.ocx
2008-12-18 23:01 . 2000-05-21 23:00 140,488 --a------ c:\windows\system32\comdlg32.ocx
2008-12-18 23:01 . 2007-04-29 23:24 61,440 --a------ c:\windows\system32\digitbox.ocx
2008-12-17 15:49 . 2008-12-17 15:49 <DIR> d-------- c:\program files\Curse
2008-12-15 22:11 . 2008-12-15 22:11 0 --a------ c:\windows\nsreg.dat
2008-12-14 22:16 . 2008-12-25 11:09 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-14 20:40 . 2008-12-14 20:40 4,096 --a------ c:\windows\d3dx.dat
2008-12-14 20:32 . 2008-12-14 20:32 <DIR> d-------- c:\program files\Microsoft Games
2008-12-14 19:28 . 2008-12-19 19:51 <DIR> d-------- c:\program files\GameSpy Arcade
2008-12-14 19:27 . 2008-12-14 19:27 <DIR> d---s---- c:\program files\Xfire
2008-12-14 19:27 . 2008-12-14 19:27 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Xfire
2008-12-14 17:51 . 2008-12-14 17:51 <DIR> d-------- c:\program files\DreamCatcher
2008-12-14 17:44 . 2008-12-14 17:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 23:02 --------- d-----w c:\program files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\system32\config\systemprofile\Local Settings\Application Data ----

2009-01-11 08:56 9229 --a------ c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\chrome\content\overlay.xul
2009-01-11 08:56 770 --a------ c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\install.rdf
2009-01-11 08:56 3323 --a------ c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\chrome\content\c.js
2009-01-11 08:56 2117 --a------ c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\chrome\content\_cfg.js
2009-01-11 08:56 120 --a------ c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\chrome.manifest
2008-12-12 18:10 720896 --a------ c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
2008-12-12 18:10 12787 --a------ c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
2008-12-12 18:01 498 --a------ c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD


((((((((((((((((((((((((((((( snapshot@2009-01-12_10.02.35.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-01-12 14:55:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-12 20:44:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-12 14:55:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-12 20:44:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2009-01-05 1410296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-18 c:\windows\sttray.exe]
"nwiz"="nwiz.exe" [2007-05-11 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=djukxn.dll uqvscm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Program Files\\Steam\\SteamApps\\thefezziwig\\team fortress 2\\hl2.exe"=

R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [2008-12-30 346784]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-12-23 16194]
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-13 c:\windows\Tasks\bnvwrfee.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Palumbo\Application Data\Mozilla\Firefox\Profiles\ql64gg1w.default\
FF - plugin: c:\documents and settings\Palumbo\Application Data\Mozilla\Firefox\Profiles\ql64gg1w.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 19:33:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LVCOMSX.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\stacsv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-01-12 19:35:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-13 00:35:47
ComboFix2.txt 2009-01-12 15:03:18

Pre-Run: 400,323,334,144 bytes free
Post-Run: 400,224,026,624 bytes free

274 --- E O F --- 2009-01-08 20:47:46

New DDS log:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Palumbo at 20:26:15.89 on Mon 01/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1486 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Palumbo\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
AppInit_DLLs: djukxn.dll uqvscm.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\palumbo\applic~1\mozilla\firefox\profiles\ql64gg1w.default\
FF - plugin: c:\documents and settings\palumbo\application data\mozilla\firefox\profiles\ql64gg1w.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-13 201320]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-13 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-13 35240]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [2008-12-30 346784]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-13 359248]
R4 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-12-13 144704]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-12-23 16194]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-13 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-13 40488]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-13 695624]

=============== Created Last 30 ================

2009-01-12 19:38 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-12 10:14 <DIR> --d----- c:\program files\Trend Micro
2009-01-12 09:55 <DIR> a-dshr-- C:\cmdcons
2009-01-12 09:55 161,792 a------- c:\windows\SWREG.exe
2009-01-12 09:55 98,816 a------- c:\windows\sed.exe
2009-01-11 21:41 <DIR> --d----- C:\VundoFix Backups
2009-01-10 23:00 <DIR> --d----- c:\docume~1\palumbo\applic~1\Unity
2009-01-10 22:37 <DIR> --d----- c:\program files\Unity
2009-01-07 13:23 <DIR> --d----- c:\program files\GameTap
2009-01-07 13:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameTap
2009-01-07 09:55 <DIR> --d----- c:\program files\CamStudio
2009-01-06 17:09 376 a------- c:\windows\ODBC.INI
2009-01-06 17:09 28,040 a------- c:\windows\system32\mdimon.dll
2009-01-06 17:08 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-06 17:08 <DIR> --d----- c:\windows\SHELLNEW
2009-01-04 15:37 <DIR> --d----- c:\windows\system32\Adobe
2009-01-01 15:18 <DIR> --d----- c:\program files\Battleships Forever
2008-12-30 23:34 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2008-12-30 23:34 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-30 23:34 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-30 23:34 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-30 09:10 346,784 a----r-- c:\windows\system32\drivers\wg311tn5.sys
2008-12-27 01:00 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-26 20:20 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2008-12-26 17:50 <DIR> --d----- c:\program files\Bethesda Softworks
2008-12-26 17:48 <DIR> --d----- c:\windows\system32\xlive
2008-12-26 17:47 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-26 12:05 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-26 12:05 208,744 a------- c:\windows\system32\muweb.dll
2008-12-26 12:05 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-25 11:11 507,400 a------- c:\windows\system32\XAudio2_1.dll
2008-12-25 11:11 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2008-12-25 11:11 238,088 a------- c:\windows\system32\xactengine3_1.dll
2008-12-25 11:11 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2008-12-25 11:11 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2008-12-25 11:11 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2008-12-25 11:11 467,984 a------- c:\windows\system32\d3dx10_38.dll
2008-12-25 11:11 479,752 a------- c:\windows\system32\XAudio2_0.dll
2008-12-25 11:11 238,088 a------- c:\windows\system32\xactengine3_0.dll
2008-12-25 11:11 25,608 a------- c:\windows\system32\X3DAudio1_3.dll
2008-12-25 11:09 <DIR> --d----- c:\windows\Logs
2008-12-25 11:09 139,280 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-25 11:09 22,328 a------- c:\docume~1\palumbo\applic~1\PnkBstrK.sys
2008-12-25 11:09 202,000 a------- c:\windows\system32\PnkBstrB.exe
2008-12-25 11:09 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-25 11:09 682,280 a------- c:\windows\system32\pbsvc.exe
2008-12-25 10:55 <DIR> --d----- c:\program files\Activision
2008-12-25 10:53 <DIR> --dsh--- c:\windows\ftpcache
2008-12-24 23:53 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-24 23:53 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-24 23:52 <DIR> --d----- c:\program files\iPod
2008-12-24 23:52 <DIR> --d----- c:\program files\iTunes
2008-12-24 23:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 23:52 <DIR> --d----- c:\program files\Bonjour
2008-12-24 23:51 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-12-23 21:05 <DIR> --d----- c:\windows\Downloaded Installations
2008-12-23 21:03 73,728 a------- c:\windows\system32\AW32n50.dll
2008-12-23 21:03 16,194 a------- c:\windows\system32\AWINDIS5.SYS
2008-12-23 13:52 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2008-12-23 13:52 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2008-12-23 13:52 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
2008-12-23 13:52 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2008-12-23 13:52 15,232 ac------ c:\windows\system32\dllcache\streamip.sys
2008-12-23 13:52 15,232 a------- c:\windows\system32\drivers\StreamIP.sys
2008-12-23 13:52 16,384 ac------ c:\windows\system32\dllcache\ipsink.ax
2008-12-23 13:52 16,384 a------- c:\windows\system32\ipsink.ax
2008-12-23 13:52 11,136 ac------ c:\windows\system32\dllcache\slip.sys
2008-12-23 13:52 11,136 a------- c:\windows\system32\drivers\SLIP.sys
2008-12-23 13:48 <DIR> --d----- c:\program files\common files\Logitech
2008-12-23 09:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\YoYoGames
2008-12-22 21:32 <DIR> --d----- c:\docume~1\palumbo\applic~1\Malwarebytes
2008-12-22 21:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 21:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 21:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 21:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-22 18:38 <DIR> --d----- c:\program files\Lavasoft
2008-12-22 18:33 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-22 18:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-20 15:12 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-20 15:11 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-20 15:11 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-20 15:11 117,760 -------- c:\windows\system32\prntvpt.dll
2008-12-20 15:11 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2008-12-20 15:11 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-20 15:11 <DIR> --d----- C:\b81e2ba3f3a298ee08
2008-12-20 15:11 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2008-12-20 15:11 575,488 -------- c:\windows\system32\xpsshhdr.dll
2008-12-20 15:01 <DIR> --d----- C:\82e3aac19b75d18365afee
2008-12-20 15:00 116,736 a------- c:\windows\system32\CNMLM64.DLL
2008-12-20 15:00 7,680 a------- c:\windows\system32\CNMVS64.DLL
2008-12-20 15:00 86,016 a------- c:\windows\system32\CNMCP64.exe
2008-12-20 15:00 <DIR> --d-h--- C:\BJPrinter
2008-12-20 14:53 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2008-12-20 14:53 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2008-12-19 16:55 <DIR> --d----- c:\windows\system32\scripting
2008-12-19 16:55 <DIR> --d----- c:\windows\l2schemas
2008-12-19 16:55 <DIR> --d----- c:\windows\system32\en
2008-12-19 16:55 <DIR> --d----- c:\windows\system32\bits
2008-12-19 16:53 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-19 06:35 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-18 23:01 647,872 a------- c:\windows\system32\mscomct2.ocx
2008-12-18 23:01 140,488 a------- c:\windows\system32\comdlg32.ocx
2008-12-18 23:01 61,440 a------- c:\windows\system32\digitbox.ocx
2008-12-18 23:01 <DIR> --d----- c:\program files\Alarm
2008-12-17 15:49 <DIR> --d----- c:\program files\Curse
2008-12-14 22:16 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-14 20:40 4,096 a------- c:\windows\d3dx.dat
2008-12-14 20:32 <DIR> --d----- c:\program files\Microsoft Games
2008-12-14 19:28 <DIR> --d----- c:\program files\GameSpy Arcade
2008-12-14 19:27 <DIR> --d----- c:\docume~1\palumbo\applic~1\Xfire
2008-12-14 19:27 <DIR> --ds---- c:\program files\Xfire
2008-12-14 17:51 <DIR> --d----- c:\program files\DreamCatcher
2008-12-14 17:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2008-12-14 17:10 <DIR> --d----- c:\program files\Red Storm Entertainment
2008-12-14 17:10 306,688 a------- c:\windows\IsUninst.exe
2008-12-14 17:10 <DIR> --d----- c:\documents and settings\palumbo\WINDOWS
2008-12-14 17:05 <DIR> --d----- c:\program files\Lionhead Studios Ltd
2008-12-14 16:33 <DIR> --d----- C:\Logs
2008-12-14 10:05 <DIR> --d----- c:\program files\Reality Pump
2008-12-14 10:05 <DIR> --d----- c:\windows\system32\AGEIA
2008-12-14 10:04 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2008-12-19 16:56 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-12 17:59 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 20:26:33.29 ===============

Finally, the Online Scanner log:
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3760 (20090112)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=ede1a2ff39eaee4ca60d1c47f465c4b3
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-13 01:17:56
# local_time=2009-01-12 08:17:56 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=246550
# found=1
# scan_time=1629
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamwr1.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000


Overall, my comp is running fine now, no pop-ups or anything, could you just verify through the logs that everything is gone? Thanks jpshortstuff, once again for helping me!

#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 13 January 2009 - 05:45 AM

Hi :thumbsup:

Can I ask, when you ran GooredFix did you get any popups from SpyBot asking about changes to your registry or startup entries being added?

We just need to run ComboFix one last time and then I think we are there.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
Let me know if things are still ok, and then we will clean up.

Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 okartee

okartee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 13 January 2009 - 02:47 PM

To answer your questions, yes, some things from Spybot did pop up, mostly having to do with registries and such, them being deleted. After the brand new ComboFix log, another popped up, under the category Disable Command, and the change was Value Deleted.The Entry was also DisableCMD. I chose allow change, as I suppose it was a part of ComboFix doing it's job. Did I do anything wrong?

And here's the new ComboFix log:
ComboFix 09-01-13.03 - Palumbo 2009-01-13 14:34:38.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1591 [GMT -5:00]
Running from: c:\documents and settings\Palumbo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Palumbo\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\chrome.manifest
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\chrome\content\_cfg.js
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\chrome\content\c.js
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\chrome\content\overlay.xul
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{F63DC2A6-529F-4615-9F39-2F2F841F8136}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-12 19:38 . 2009-01-12 20:17 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-12 10:14 . 2009-01-12 10:14 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 21:41 . 2009-01-11 21:41 <DIR> d-------- C:\VundoFix Backups
2009-01-10 23:00 . 2009-01-10 23:00 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Unity
2009-01-10 22:37 . 2009-01-10 22:37 <DIR> d-------- c:\program files\Unity
2009-01-07 13:23 . 2009-01-07 13:23 <DIR> d-------- c:\program files\GameTap
2009-01-07 13:23 . 2009-01-07 13:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\GameTap
2009-01-07 09:55 . 2009-01-07 10:03 <DIR> d-------- c:\program files\CamStudio
2009-01-06 17:09 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll
2009-01-06 17:09 . 2009-01-06 17:09 376 --a------ c:\windows\ODBC.INI
2009-01-06 17:08 . 2009-01-06 17:08 <DIR> d-------- c:\windows\SHELLNEW
2009-01-06 17:08 . 2009-01-06 17:08 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-01-06 17:06 . 2009-01-06 17:06 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-06 17:05 . 2009-01-06 17:05 <DIR> dr-h----- C:\MSOCache
2009-01-04 15:37 . 2009-01-04 15:38 <DIR> d-------- c:\windows\system32\Adobe
2009-01-01 15:18 . 2009-01-12 20:58 <DIR> d-------- c:\program files\Battleships Forever
2008-12-30 23:34 . 2008-04-13 19:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-30 23:34 . 2008-04-13 13:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-30 23:34 . 2008-04-13 13:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-30 23:34 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-30 09:10 . 2004-03-08 18:12 346,784 -ra------ c:\windows\system32\drivers\wg311tn5.sys
2008-12-27 01:00 . 2008-12-27 01:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-26 20:20 . 2008-12-26 20:20 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-26 17:50 . 2008-12-26 17:50 <DIR> d-------- c:\program files\Bethesda Softworks
2008-12-26 17:50 . 2008-12-26 17:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-12-26 17:48 . 2008-12-26 17:48 <DIR> d-------- c:\windows\system32\xlive
2008-12-26 17:47 . 2009-01-11 18:29 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-26 12:05 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-26 12:05 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-26 12:05 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-25 17:02 . 2008-12-25 17:02 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-25 11:11 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-12-25 11:11 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-12-25 11:11 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-25 11:11 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-12-25 11:11 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-12-25 11:11 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-25 11:11 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2008-12-25 11:11 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-25 11:11 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-25 11:11 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2008-12-25 11:09 . 2008-12-25 11:09 <DIR> d-------- c:\windows\Logs
2008-12-25 11:09 . 2008-12-25 11:09 682,280 --a------ c:\windows\system32\pbsvc.exe
2008-12-25 11:09 . 2009-01-10 17:48 202,000 --a------ c:\windows\system32\PnkBstrB.exe
2008-12-25 11:09 . 2009-01-10 17:48 139,280 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-12-25 11:09 . 2008-12-25 11:09 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-12-25 11:09 . 2008-12-25 11:09 22,328 --a------ c:\documents and settings\Palumbo\Application Data\PnkBstrK.sys
2008-12-25 10:55 . 2008-12-25 10:55 <DIR> d-------- c:\program files\Activision
2008-12-25 10:53 . 2008-12-25 10:53 <DIR> d--hs---- c:\windows\ftpcache
2008-12-24 23:53 . 2008-12-25 16:46 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Apple Computer
2008-12-24 23:53 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-24 23:53 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\program files\QuickTime
2008-12-24 23:52 . 2008-12-24 23:53 <DIR> d-------- c:\program files\iTunes
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\program files\iPod
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\program files\Bonjour
2008-12-24 23:52 . 2008-12-24 23:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-24 23:52 . 2008-12-24 23:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 23:51 . 2008-12-24 23:52 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-24 23:51 . 2008-12-24 23:51 <DIR> d-------- c:\program files\Apple Software Update
2008-12-24 23:51 . 2008-12-24 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-24 23:51 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-23 21:05 . 2008-12-23 21:05 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-23 21:03 . 2002-04-12 10:06 73,728 --a------ c:\windows\system32\AW32n50.dll
2008-12-23 21:03 . 2002-04-11 17:43 16,194 --a------ c:\windows\system32\AWINDIS5.SYS
2008-12-23 20:54 . 2008-12-23 20:54 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\AdobeUM
2008-12-23 13:52 . 2008-04-13 19:12 16,384 --a------ c:\windows\system32\ipsink.ax
2008-12-23 13:52 . 2008-04-13 19:12 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2008-12-23 13:52 . 2008-04-13 13:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys
2008-12-23 13:52 . 2008-04-13 13:46 15,232 --a--c--- c:\windows\system32\dllcache\streamip.sys
2008-12-23 13:52 . 2008-04-13 13:46 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2008-12-23 13:52 . 2008-04-13 13:46 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2008-12-23 13:52 . 2008-04-13 13:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-12-23 13:52 . 2008-04-13 13:46 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-12-23 13:52 . 2008-04-13 13:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-23 13:52 . 2008-04-13 13:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-12-23 13:48 . 2008-12-23 13:48 <DIR> d-------- c:\program files\Logitech
2008-12-23 13:48 . 2008-12-23 13:48 <DIR> d-------- c:\program files\Common Files\Logitech
2008-12-23 09:28 . 2008-12-23 09:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\YoYoGames
2008-12-22 21:32 . 2008-12-22 21:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 21:32 . 2008-12-22 21:32 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Malwarebytes
2008-12-22 21:32 . 2008-12-22 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 21:32 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 21:32 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 18:38 . 2008-12-22 18:38 <DIR> d-------- c:\program files\Lavasoft
2008-12-22 18:38 . 2008-12-23 09:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-22 18:33 . 2008-12-22 18:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-22 18:33 . 2008-12-22 21:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 15:12 . 2008-12-20 15:12 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-20 15:12 . 2008-12-20 15:12 <DIR> d-------- c:\program files\MSBuild
2008-12-20 15:11 . 2008-12-20 15:11 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-20 15:11 . 2008-12-20 15:11 <DIR> d-------- C:\b81e2ba3f3a298ee08
2008-12-20 15:11 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-12-20 15:11 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-20 15:11 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-20 15:11 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-12-20 15:11 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-20 15:11 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-12-20 15:11 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-20 15:01 . 2008-12-20 15:04 <DIR> d-------- C:\82e3aac19b75d18365afee
2008-12-20 15:00 . 2008-12-20 15:00 <DIR> d--h----- C:\BJPrinter
2008-12-20 15:00 . 2004-04-23 14:00 116,736 --a------ c:\windows\system32\CNMLM64.DLL
2008-12-20 15:00 . 2004-03-12 01:06 86,016 --a------ c:\windows\system32\CNMCP64.exe
2008-12-20 15:00 . 2004-04-23 14:00 7,680 --a------ c:\windows\system32\CNMVS64.DLL
2008-12-20 14:53 . 2008-04-13 13:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-20 14:53 . 2008-04-13 13:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\system32\scripting
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\system32\en
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\system32\bits
2008-12-19 16:55 . 2008-12-19 16:55 <DIR> d-------- c:\windows\l2schemas
2008-12-19 16:53 . 2008-12-19 16:53 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-19 06:35 . 2004-08-03 22:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-18 23:01 . 2008-12-18 23:01 <DIR> d-------- c:\program files\Alarm
2008-12-18 23:01 . 2000-05-21 23:00 647,872 --a------ c:\windows\system32\mscomct2.ocx
2008-12-18 23:01 . 2000-05-21 23:00 140,488 --a------ c:\windows\system32\comdlg32.ocx
2008-12-18 23:01 . 2007-04-29 23:24 61,440 --a------ c:\windows\system32\digitbox.ocx
2008-12-17 15:49 . 2008-12-17 15:49 <DIR> d-------- c:\program files\Curse
2008-12-15 22:11 . 2008-12-15 22:11 0 --a------ c:\windows\nsreg.dat
2008-12-14 22:16 . 2008-12-25 11:09 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-14 20:40 . 2008-12-14 20:40 4,096 --a------ c:\windows\d3dx.dat
2008-12-14 20:32 . 2008-12-14 20:32 <DIR> d-------- c:\program files\Microsoft Games
2008-12-14 19:28 . 2008-12-19 19:51 <DIR> d-------- c:\program files\GameSpy Arcade
2008-12-14 19:27 . 2008-12-14 19:27 <DIR> d---s---- c:\program files\Xfire
2008-12-14 19:27 . 2008-12-14 19:27 <DIR> d-------- c:\documents and settings\Palumbo\Application Data\Xfire
2008-12-14 17:51 . 2008-12-14 17:51 <DIR> d-------- c:\program files\DreamCatcher

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 23:02 --------- d-----w c:\program files\microsoft frontpage
2008-10-28 22:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 22:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-12_10.02.35.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-01-12 14:55:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-13 19:26:56 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-12 14:55:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-13 19:26:56 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-07-27 20:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 20:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-06 01:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 18:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
+ 2007-08-02 23:11:28 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2007-08-02 23:11:14 241,664 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2007-08-06 18:17:40 19,456 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2007-06-13 16:10:34 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
+ 2004-12-07 16:11:34 258,352 ----a-w c:\windows\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2009-01-05 1410296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-18 c:\windows\sttray.exe]
"nwiz"="nwiz.exe" [2007-05-11 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Program Files\\Steam\\SteamApps\\thefezziwig\\team fortress 2\\hl2.exe"=

R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [2008-12-30 346784]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-12-23 16194]
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-13 c:\windows\Tasks\bnvwrfee.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Palumbo\Application Data\Mozilla\Firefox\Profiles\ql64gg1w.default\
FF - plugin: c:\documents and settings\Palumbo\Application Data\Mozilla\Firefox\Profiles\ql64gg1w.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 14:36:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-13 14:37:18
ComboFix-quarantined-files.txt 2009-01-13 19:37:16
ComboFix2.txt 2009-01-13 00:35:51
ComboFix3.txt 2009-01-12 15:03:18

Pre-Run: 400,185,434,112 bytes free
Post-Run: 400,174,804,992 bytes free

263 --- E O F --- 2009-01-08 20:47:46

#8 okartee

okartee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 13 January 2009 - 07:56 PM

Oh nooooooooooo! I left my computer running today, and I came back to it after dinner to find that McAfee had blocked a "Potentially Unwanted Program", or PUP, and I deleted it using McAfee. Could this mean my machine is still infected? God, now I'm stressed, and I hate being stressed :thumbsup:

#9 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 14 January 2009 - 03:08 AM

Hi :thumbsup:

Did I do anything wrong?

Not at all, I was just trying to get narrow down a possible problem with GooredFix.


Can you remember the name or anything about the PUP? When you say "blocked", what was it blocked from doing?

Let's just get another opinion on your computer. Please run MalwareBytes' AntiMalware again, update it and run a Full Scan.

Please also run DDS again and post the first log it gives.

Is your computer running alright?

Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#10 okartee

okartee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 14 January 2009 - 07:07 PM

Alright I have some semi-good, semi-bad news, the warning popped up again, but this time I got a screenshot of it, so here it is, in the corner of the screen:

Is this bad?
Posted Image

Malwarebytes detected nothing, even after an update and a full scan, but the pop up message proceeded to pop up at least 3 times after, and I deleted it each time.
I will attempt to do a scan with DDS, but I'm afraid about turning off my virus protection. I'll do it anyway.

Here's the DDS log:


DDS (Ver_09-01-07.01) - NTFSx86
Run by Palumbo at 19:05:53.86 on Wed 01/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1253 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Palumbo\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\palumbo\applic~1\mozilla\firefox\profiles\ql64gg1w.default\
FF - plugin: c:\documents and settings\palumbo\application data\mozilla\firefox\profiles\ql64gg1w.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-13 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-13 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-13 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-13 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-13 40488]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [2008-12-30 346784]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-13 359248]
R4 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-12-13 144704]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2008-12-23 16194]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-13 33832]

=============== Created Last 30 ================

2009-01-13 14:34 <DIR> --d----- C:\ComboFix
2009-01-12 19:38 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-12 10:14 <DIR> --d----- c:\program files\Trend Micro
2009-01-12 09:55 <DIR> a-dshr-- C:\cmdcons
2009-01-12 09:55 161,792 a------- c:\windows\SWREG.exe
2009-01-12 09:55 98,816 a------- c:\windows\sed.exe
2009-01-11 21:41 <DIR> --d----- C:\VundoFix Backups
2009-01-10 23:00 <DIR> --d----- c:\docume~1\palumbo\applic~1\Unity
2009-01-10 22:37 <DIR> --d----- c:\program files\Unity
2009-01-07 13:23 <DIR> --d----- c:\program files\GameTap
2009-01-07 13:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameTap
2009-01-07 09:55 <DIR> --d----- c:\program files\CamStudio
2009-01-06 17:09 376 a------- c:\windows\ODBC.INI
2009-01-06 17:09 28,040 a------- c:\windows\system32\mdimon.dll
2009-01-06 17:08 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-06 17:08 <DIR> --d----- c:\windows\SHELLNEW
2009-01-04 15:37 <DIR> --d----- c:\windows\system32\Adobe
2009-01-01 15:18 <DIR> --d----- c:\program files\Battleships Forever
2008-12-30 23:34 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2008-12-30 23:34 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-30 23:34 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-30 23:34 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-30 09:10 346,784 a----r-- c:\windows\system32\drivers\wg311tn5.sys
2008-12-27 01:00 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-26 20:20 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2008-12-26 17:50 <DIR> --d----- c:\program files\Bethesda Softworks
2008-12-26 17:48 <DIR> --d----- c:\windows\system32\xlive
2008-12-26 17:47 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-26 12:05 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-26 12:05 208,744 a------- c:\windows\system32\muweb.dll
2008-12-26 12:05 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-25 11:11 507,400 a------- c:\windows\system32\XAudio2_1.dll
2008-12-25 11:11 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2008-12-25 11:11 238,088 a------- c:\windows\system32\xactengine3_1.dll
2008-12-25 11:11 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2008-12-25 11:11 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2008-12-25 11:11 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2008-12-25 11:11 467,984 a------- c:\windows\system32\d3dx10_38.dll
2008-12-25 11:11 479,752 a------- c:\windows\system32\XAudio2_0.dll
2008-12-25 11:11 238,088 a------- c:\windows\system32\xactengine3_0.dll
2008-12-25 11:11 25,608 a------- c:\windows\system32\X3DAudio1_3.dll
2008-12-25 11:09 <DIR> --d----- c:\windows\Logs
2008-12-25 11:09 139,280 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-25 11:09 22,328 a------- c:\docume~1\palumbo\applic~1\PnkBstrK.sys
2008-12-25 11:09 202,000 a------- c:\windows\system32\PnkBstrB.exe
2008-12-25 11:09 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-25 11:09 682,280 a------- c:\windows\system32\pbsvc.exe
2008-12-25 10:55 <DIR> --d----- c:\program files\Activision
2008-12-25 10:53 <DIR> --dsh--- c:\windows\ftpcache
2008-12-24 23:53 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-24 23:53 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-24 23:52 <DIR> --d----- c:\program files\iPod
2008-12-24 23:52 <DIR> --d----- c:\program files\iTunes
2008-12-24 23:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 23:52 <DIR> --d----- c:\program files\Bonjour
2008-12-24 23:51 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-12-23 21:05 <DIR> --d----- c:\windows\Downloaded Installations
2008-12-23 21:03 73,728 a------- c:\windows\system32\AW32n50.dll
2008-12-23 21:03 16,194 a------- c:\windows\system32\AWINDIS5.SYS
2008-12-23 13:52 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2008-12-23 13:52 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2008-12-23 13:52 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
2008-12-23 13:52 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2008-12-23 13:52 15,232 ac------ c:\windows\system32\dllcache\streamip.sys
2008-12-23 13:52 15,232 a------- c:\windows\system32\drivers\StreamIP.sys
2008-12-23 13:52 16,384 ac------ c:\windows\system32\dllcache\ipsink.ax
2008-12-23 13:52 16,384 a------- c:\windows\system32\ipsink.ax
2008-12-23 13:52 11,136 ac------ c:\windows\system32\dllcache\slip.sys
2008-12-23 13:52 11,136 a------- c:\windows\system32\drivers\SLIP.sys
2008-12-23 13:48 <DIR> --d----- c:\program files\common files\Logitech
2008-12-23 09:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\YoYoGames
2008-12-22 21:32 <DIR> --d----- c:\docume~1\palumbo\applic~1\Malwarebytes
2008-12-22 21:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 21:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 21:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 21:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-22 18:38 <DIR> --d----- c:\program files\Lavasoft
2008-12-22 18:33 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-22 18:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-20 15:12 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-20 15:11 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-20 15:11 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-20 15:11 117,760 -------- c:\windows\system32\prntvpt.dll
2008-12-20 15:11 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2008-12-20 15:11 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-20 15:11 <DIR> --d----- C:\b81e2ba3f3a298ee08
2008-12-20 15:11 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2008-12-20 15:11 575,488 -------- c:\windows\system32\xpsshhdr.dll
2008-12-20 15:01 <DIR> --d----- C:\82e3aac19b75d18365afee
2008-12-20 15:00 116,736 a------- c:\windows\system32\CNMLM64.DLL
2008-12-20 15:00 7,680 a------- c:\windows\system32\CNMVS64.DLL
2008-12-20 15:00 86,016 a------- c:\windows\system32\CNMCP64.exe
2008-12-20 15:00 <DIR> --d-h--- C:\BJPrinter
2008-12-20 14:53 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2008-12-20 14:53 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2008-12-19 16:55 <DIR> --d----- c:\windows\system32\scripting
2008-12-19 16:55 <DIR> --d----- c:\windows\l2schemas
2008-12-19 16:55 <DIR> --d----- c:\windows\system32\en
2008-12-19 16:55 <DIR> --d----- c:\windows\system32\bits
2008-12-19 16:53 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-19 06:35 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-18 23:01 647,872 a------- c:\windows\system32\mscomct2.ocx
2008-12-18 23:01 140,488 a------- c:\windows\system32\comdlg32.ocx
2008-12-18 23:01 61,440 a------- c:\windows\system32\digitbox.ocx
2008-12-18 23:01 <DIR> --d----- c:\program files\Alarm
2008-12-17 15:49 <DIR> --d----- c:\program files\Curse

==================== Find3M ====================

2008-12-19 16:56 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-14 20:40 4,096 a------- c:\windows\d3dx.dat
2008-12-12 17:59 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll

============= FINISH: 19:06:24.20 ===============

#11 okartee

okartee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 15 January 2009 - 02:12 PM

Wow, I freaked over nothing basically. Tool-NirCmd is something put on by ComboFix, my bad. So now, I'm pretty sure my computer is clean, so we can start clean-up.

#12 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 15 January 2009 - 02:58 PM

Ah yes, security programs occasionally flag some of the tools we use.

Log looks good :thumbsup:

Click Start >> Run, and then type "%userprofile%\Desktop\GooredFix.exe" /u and hit enter. (Allow any registry changes if prompted).
Click Start >> Run, and then type ComboFix /u and hit enter.
You can now delete any other tools I had you download and use, unless you wish to keep them.


Now that your system appears to be clean, theres just a few steps I'd like you to take to prevent any future infections.
  • Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.

  • Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.

  • Some more programs that it would be useful to have [OPTIONAL but RECOMMENDED]:

    SpywareBlaster is another real-time scanner that prevents most spyware from even being installed.
    Freely available: Download SpywareBlaster

    Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.
Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#13 okartee

okartee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 15 January 2009 - 08:28 PM

Yay! One thing, the GooredFix command only gives me three choices, Find Goored, Fix Goored, and Exit.

And If I ever need any computer help again, I'll definitley come to this site, this has been the best free service I've ever used. You guys are doing a great thing here! Keep up the good work! Thanks a lot!

#14 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:44 AM

Posted 16 January 2009 - 02:08 AM

My apologies, I typed the command wrong. I meant to give you this:
"%userprofile%\Desktop\GooredFix.exe" /uninstall

Glad I could help :thumbsup:

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users