Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown malware


  • Please log in to reply
26 replies to this topic

#1 thenut68

thenut68

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 12 January 2009 - 08:49 PM

hi
the windows security alert balloon keeps popping up
it says i have the firewall off and the AU off and no virus protection
the firewall is on the AU is turned on and i have avast installed and running
i will paste the dds file below and attach the other

DDS (Ver_09-01-07.01) - NTFSx86
Run by Compaq_Owner at 19:37:46.87 on Mon 01/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.622 [GMT -6:00]

AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
AV: avast! antivirus 4.8.1296 [VPS 090112-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\SMC\SMC286~1.0AD\PRISMSVR.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [nwiz] nwiz.exe /install
mRun: [VirtualDrive] "c:\program files\farstone\virtualdrive\VDTask.exe" /AutoRestore
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe reader speed launch.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smc286~1.lnk - c:\program files\smc\smc2862w-g ez connect g 2.4ghz 802.11g wireless usb 2.0 adapter\SMCWGUTI.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-5-24 111184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-5-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-5-24 352920]
R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;c:\windows\system32\drivers\2862WICB.sys [2007-7-4 357632]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-24 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-5-24 155160]
S1 StarPort;StarPort Storage Controller;c:\windows\system32\drivers\StarPort.sys [2007-7-22 113664]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\compaq~1\locals~1\temp\cusbohcn.sys --> c:\docume~1\compaq~1\locals~1\temp\cusbohcn.sys [?]

=============== Created Last 30 ================

2009-01-12 17:35 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-01-12 17:35 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-12 17:35 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 17:35 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-31 12:31 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-31 12:30 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2008-12-31 12:30 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-31 12:30 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-31 12:30 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-31 12:30 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2008-12-31 12:30 575,488 -------- c:\windows\system32\xpsshhdr.dll
2008-12-31 12:30 117,760 -------- c:\windows\system32\prntvpt.dll
2008-12-31 12:30 <DIR> --d----- C:\802090eb6718fcaa06
2008-12-31 12:22 <DIR> --d-hr-- C:\AHCache
2008-12-25 16:20 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Shareaza
2008-12-25 10:43 85,376 a------- C:\2008-12-25-104345-05.jpg
2008-12-25 10:43 82,048 a------- C:\2008-12-25-104345-04.jpg
2008-12-25 10:43 79,488 a------- C:\2008-12-25-104345-00.jpg
2008-12-25 10:43 78,720 a------- C:\2008-12-25-104345-03.jpg
2008-12-25 10:43 74,624 a------- C:\2008-12-25-104345-01.jpg
2008-12-25 10:43 69,120 a------- C:\2008-12-25-104345-02.jpg
2008-12-25 10:36 85,376 a------- C:\2008-12-25-103654-05.jpg
2008-12-25 10:36 82,048 a------- C:\2008-12-25-103654-04.jpg
2008-12-25 10:36 79,488 a------- C:\2008-12-25-103654-00.jpg
2008-12-25 10:36 78,720 a------- C:\2008-12-25-103654-03.jpg
2008-12-25 10:36 74,624 a------- C:\2008-12-25-103654-01.jpg
2008-12-25 10:36 69,120 a------- C:\2008-12-25-103654-02.jpg
2008-12-25 10:36 85,376 a------- C:\2008-12-25-103621-05.jpg
2008-12-25 10:36 82,048 a------- C:\2008-12-25-103621-04.jpg
2008-12-25 10:36 79,488 a------- C:\2008-12-25-103621-00.jpg
2008-12-25 10:36 78,720 a------- C:\2008-12-25-103621-03.jpg
2008-12-25 10:36 74,624 a------- C:\2008-12-25-103621-01.jpg
2008-12-25 10:36 69,120 a------- C:\2008-12-25-103621-02.jpg
2008-12-25 10:35 85,376 a------- C:\2008-12-25-103542-05.jpg
2008-12-25 10:35 82,048 a------- C:\2008-12-25-103542-04.jpg
2008-12-25 10:35 78,720 a------- C:\2008-12-25-103542-03.jpg
2008-12-25 10:35 69,120 a------- C:\2008-12-25-103542-02.jpg
2008-12-25 10:35 79,488 a------- C:\2008-12-25-103542-00.jpg
2008-12-25 10:35 74,624 a------- C:\2008-12-25-103542-01.jpg
2008-12-25 10:35 85,376 a------- C:\2008-12-25-103537-05.jpg
2008-12-25 10:35 82,048 a------- C:\2008-12-25-103537-04.jpg
2008-12-25 10:35 79,488 a------- C:\2008-12-25-103537-00.jpg
2008-12-25 10:35 78,720 a------- C:\2008-12-25-103537-03.jpg
2008-12-25 10:35 74,624 a------- C:\2008-12-25-103537-01.jpg
2008-12-25 10:35 69,120 a------- C:\2008-12-25-103537-02.jpg
2008-12-25 10:28 85,376 a------- C:\2008-12-25-102838-05.jpg
2008-12-25 10:28 82,048 a------- C:\2008-12-25-102838-04.jpg
2008-12-25 10:28 79,488 a------- C:\2008-12-25-102838-00.jpg
2008-12-25 10:28 78,720 a------- C:\2008-12-25-102838-03.jpg
2008-12-25 10:28 74,624 a------- C:\2008-12-25-102838-01.jpg
2008-12-25 10:28 69,120 a------- C:\2008-12-25-102838-02.jpg
2008-12-24 14:24 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2008-12-24 14:24 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2008-12-24 14:24 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
2008-12-24 14:24 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2008-12-24 14:23 <DIR> --d----- c:\program files\DB CIF Cam
2008-12-24 14:22 <DIR> --d----- c:\program files\Disney Pix Downloader
2008-12-24 14:21 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-24 14:20 <DIR> --d----- c:\program files\Disney Pix 2.2
2008-12-24 13:39 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-24 13:39 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-24 13:39 <DIR> --d----- c:\program files\iPod
2008-12-24 13:39 <DIR> --d----- c:\program files\iTunes
2008-12-24 13:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 13:37 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-12-22 14:03 <DIR> --d----- c:\program files\Yahoo!

==================== Find3M ====================

2008-11-23 02:14 164 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2008-11-20 14:44 42,320 a------- c:\windows\system32\xfcodec.dll
2008-11-17 17:11 98,304 a------- c:\windows\DUMP4e10.tmp
2008-11-17 07:49 98,304 a------- c:\windows\DUMP54c7.tmp
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-28 16:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-28 16:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-28 16:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-28 16:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-28 16:35 684,032 a------- c:\windows\system32\DivX.dll
2008-10-26 15:46 182,928 a------- c:\windows\system32\PnkBstrB.exe
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-07-11 19:41 22,328 a------- c:\docume~1\compaq~1\applic~1\PnkBstrK.sys
2008-05-16 17:43 0 a--sh--- c:\docume~1\compaq~1\applic~1\0000000000t.dat
2008-01-20 10:36 1 a------- c:\documents and settings\compaq_owner\SI.bin
2001-09-25 15:02 1,486,890 a------- c:\documents and settings\compaq_owner\mc.exe
2001-09-25 09:04 41,464 a------- c:\documents and settings\compaq_owner\RegSetup.exe
2001-05-03 08:55 1,772,544 a------- c:\documents and settings\compaq_owner\dsetup32.dll
2001-05-03 08:55 44,544 a------- c:\documents and settings\compaq_owner\dsetup.dll
2008-08-10 08:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081020080811\index.dat

============= FINISH: 19:38:06.93 ===============
ty vm for your help....[attachment=11560:Attach.txt]

BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 21 January 2009 - 04:10 PM

thenut68

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#3 thenut68

thenut68
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 21 January 2009 - 05:20 PM

thank you here is the combo fix log


ComboFix 09-01-21.02 - Compaq_Owner 2009-01-21 16:13:11.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.609 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090112-0] *On-access scanning disabled* (Updated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-12 17:35 . 2009-01-12 17:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 17:35 . 2009-01-12 17:35 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-01-12 17:35 . 2009-01-12 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-12 17:35 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 17:35 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-31 12:31 . 2008-12-31 12:31 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-31 12:31 . 2008-12-31 12:31 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-31 12:31 . 2008-12-31 12:31 <DIR> d-------- c:\program files\MSBuild
2008-12-31 12:30 . 2008-12-31 12:31 <DIR> d-------- C:\802090eb6718fcaa06
2008-12-31 12:30 . 2008-07-06 06:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-12-31 12:30 . 2008-07-06 06:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-31 12:30 . 2008-07-06 04:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-31 12:30 . 2008-07-06 06:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-12-31 12:30 . 2008-07-06 06:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-31 12:30 . 2008-07-06 06:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-12-31 12:30 . 2008-07-06 06:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-31 12:22 . 2008-12-31 12:22 <DIR> dr-h----- C:\AHCache
2008-12-25 16:20 . 2008-12-25 16:20 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Shareaza
2008-12-25 10:43 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-104345-05.jpg
2008-12-25 10:43 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-104345-04.jpg
2008-12-25 10:43 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-104345-00.jpg
2008-12-25 10:43 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-104345-03.jpg
2008-12-25 10:43 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-104345-01.jpg
2008-12-25 10:43 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-104345-02.jpg
2008-12-25 10:36 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103654-05.jpg
2008-12-25 10:36 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103621-05.jpg
2008-12-25 10:36 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103654-04.jpg
2008-12-25 10:36 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103621-04.jpg
2008-12-25 10:36 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103654-00.jpg
2008-12-25 10:36 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103621-00.jpg
2008-12-25 10:36 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103654-03.jpg
2008-12-25 10:36 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103621-03.jpg
2008-12-25 10:36 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103654-01.jpg
2008-12-25 10:36 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103621-01.jpg
2008-12-25 10:36 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103654-02.jpg
2008-12-25 10:36 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103621-02.jpg
2008-12-25 10:35 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103542-05.jpg
2008-12-25 10:35 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103537-05.jpg
2008-12-25 10:35 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103542-04.jpg
2008-12-25 10:35 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103537-04.jpg
2008-12-25 10:35 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103542-00.jpg
2008-12-25 10:35 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103537-00.jpg
2008-12-25 10:35 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103542-03.jpg
2008-12-25 10:35 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103537-03.jpg
2008-12-25 10:35 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103542-01.jpg
2008-12-25 10:35 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103537-01.jpg
2008-12-25 10:35 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103542-02.jpg
2008-12-25 10:35 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103537-02.jpg
2008-12-25 10:28 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-102838-05.jpg
2008-12-25 10:28 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-102838-04.jpg
2008-12-25 10:28 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-102838-00.jpg
2008-12-25 10:28 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-102838-03.jpg
2008-12-25 10:28 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-102838-01.jpg
2008-12-25 10:28 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-102838-02.jpg
2008-12-24 14:24 . 2008-04-13 13:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-12-24 14:24 . 2008-04-13 13:46 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-12-24 14:24 . 2008-04-13 13:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-24 14:24 . 2008-04-13 13:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-12-24 14:23 . 2008-12-24 14:23 <DIR> d-------- c:\program files\DB CIF Cam
2008-12-24 14:22 . 2008-12-24 14:22 <DIR> d-------- c:\program files\Disney Pix Downloader
2008-12-24 14:21 . 2008-12-24 14:21 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-24 14:20 . 2008-12-24 14:20 <DIR> d-------- c:\program files\Disney Pix 2.2
2008-12-24 13:39 . 2008-12-24 13:39 <DIR> d-------- c:\program files\iTunes
2008-12-24 13:39 . 2008-12-24 13:39 <DIR> d-------- c:\program files\iPod
2008-12-24 13:39 . 2008-12-24 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 13:39 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-24 13:39 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-24 13:37 . 2008-12-24 13:39 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-24 13:37 . 2008-12-24 13:37 <DIR> d-------- c:\program files\Apple Software Update
2008-12-24 13:37 . 2008-12-24 13:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-24 13:37 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-22 14:04 . 2008-12-22 14:04 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Yahoo!
2008-12-22 14:03 . 2008-12-22 14:04 <DIR> d-------- c:\program files\Yahoo!
2008-12-22 14:03 . 2008-12-22 14:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 18:22 --------- d-----w c:\program files\Yahoo! Games
2009-01-11 13:13 --------- d-----w c:\program files\World of Warcraft
2009-01-04 21:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-04 21:53 --------- d-----w c:\program files\Oberon Media
2009-01-04 21:53 --------- d-----w c:\program files\MSN Games
2008-12-31 22:32 --------- d-----w c:\program files\Shareaza
2008-12-31 20:35 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2008-12-27 15:25 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2008-12-24 20:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-24 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-24 19:38 --------- d-----w c:\program files\QuickTime
2008-12-24 01:08 --------- d-----w c:\program files\Absolute Poker
2008-12-22 20:09 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-22 18:44 --------- d-----w c:\program files\Miuchiz 2.0
2008-12-07 01:56 --------- d-----w c:\program files\Diablo II
2008-12-04 03:51 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-03 14:16 --------- d-----w c:\program files\Java
2008-12-02 13:22 --------- d-----w c:\program files\Xfire
2008-12-02 01:11 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Xfire
2008-12-02 00:44 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\IObit
2008-12-02 00:20 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\AdobeUM
2008-11-30 05:06 --------- d-----w c:\documents and settings\NetworkService\Application Data\DivX
2008-11-29 21:06 --------- d-----w c:\documents and settings\LocalService\Application Data\DivX
2008-11-29 18:40 --------- d-----w c:\program files\TVersity Codec Pack
2008-11-29 18:30 --------- d-----w c:\program files\TVersity
2008-11-29 07:00 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Media Player Classic
2008-11-29 01:10 --------- d-----w c:\program files\Combined Community Codec Pack
2008-11-29 00:52 --------- d-----w c:\program files\DivX
2008-11-26 19:28 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2008-11-25 14:48 --------- d-----w c:\program files\Microsoft Games
2008-11-23 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-11-23 08:14 164 ----a-w c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2008-11-22 01:35 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2008-11-20 20:44 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-11-17 23:11 98,304 ----a-w c:\windows\DUMP4e10.tmp
2008-11-17 13:49 98,304 ----a-w c:\windows\DUMP54c7.tmp
2008-11-10 11:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-26 21:46 182,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-07-12 01:41 22,328 ----a-w c:\documents and settings\Compaq_Owner\Application Data\PnkBstrK.sys
2008-05-16 23:43 0 --sha-w c:\documents and settings\Compaq_Owner\Application Data\0000000000t.dat
2008-01-20 16:36 1 ----a-w c:\documents and settings\Compaq_Owner\SI.bin
2001-09-25 21:02 1,486,890 ----a-w c:\documents and settings\Compaq_Owner\mc.exe
2001-09-25 15:04 41,464 ----a-w c:\documents and settings\Compaq_Owner\RegSetup.exe
2001-05-03 14:55 44,544 ----a-w c:\documents and settings\Compaq_Owner\dsetup.dll
2001-05-03 14:55 1,772,544 ----a-w c:\documents and settings\Compaq_Owner\dsetup32.dll
2008-08-10 14:35 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081020080811\index.dat
.

((((((((((((((((((((((((((((( snapshot_2009-01-12_17.20.40.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 21:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-13 21:44:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_234.dat
+ 2009-01-13 21:44:41 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_68c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2007-07-17 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SiSPower"="SiSPower.dll" [2004-09-24 c:\windows\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk - c:\program files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2005-10-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\games\\RedFaction\\RedFaction.exe"=
"c:\\games\\RedFaction\\rf.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Black Isle\\BGII - SoA\\BGMain.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-24 111184]
R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;c:\windows\system32\drivers\2862WICB.sys [2007-07-04 357632]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-24 20560]
S1 StarPort;StarPort Storage Controller;c:\windows\system32\drivers\StarPort.sys [2007-07-22 113664]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\cusbohcn.sys --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\cusbohcn.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f54f186-f13f-11dc-a3ef-0013f753618a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654267061814368
.
Contents of the 'Scheduled Tasks' folder

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 16:16:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4276529055-3248274992-1477724678-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:37,1d,76,dd,11,76,dd,09,67,50,59,c6,46,61,61,d9,b9,c9,09,22,9d,6b,e0,
6e,28,eb,09,aa,09,d6,55,ee,a4,84,0e,0e,70,cb,9c,ea,30,ab,f9,1f,44,c5,94,d8,\
"??"=hex:d4,6b,20,89,e4,82,4b,f7,09,01,42,f2,b6,5f,31,49

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="140BB7BCA4F747875E6EABF46C4A7895FE01F8BEB63586DD142A4416D20DC0A6B06EAD9581D821BF1BD795A2F3699D9B08AB77EB5135852FF075CA31D38A7028F260FCE57312B9F1C65CF41C9E9C94893E9CB0BC08C426A158576098FB5EB497E367A74551B96839B22B5EC3DDAF96D65B496704040722A80DAB1A2E4FA0EA85ECE135BE977BC8E2914767F345041FAE7DF7658815B1756D351D1244F1FC2D37DF042F53E61A38F27D07ACF88F106D7025C57803AA90E2CDDA2DE420FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CC038D530D6EB34525D575E7D6A3B98080C3C7E7EAA66604A1DF2C8B58488E9F31E8C6D332166BC125DEA5579392D54C0E5C7B835C75411730D1676ACD92A25C309AE86E8722D848A9E53F547FBAFF1CE5A01F6C0CED61181D70C7F183D5B8B89A2927649BC294D229C3E75CD91C3C684785511389702C3E5C6163C0E911354458DEDB8828BD63D8572768E7CCD8A09D9F74421E5603F9307C98BCAD59C9DB768100F897D4E8800D35E5CC17469FAF4BDB1E40B4BC9C7ECBFF1D60CEB089E745C9552EBD158E444A04664D10E0160CA0F9FE0EF1BDA2EBFDB7476A401E3084B79AC2CA64D61E4BBF4B19745D195594D25E473B9BB7BD38120ABFB7D7AA12403110924417284579C4D4C91E7FE89584446C56E13C979F1A940158D44F0968FE36480D40DF542DB2319E502C80827247B322B396D948693B56853E66B2FFE3BBC2B106E1B427B6A8D3CF1ADB9149A57C297234AFBA0379927B42C54A537F86BDE91D33341727ACB1E0F896D547D73E1EC9C5C30372406B501B888396EBC863820B4117B19DAE71E9BDC682DF1D12785D25B2E0E5B8A4F71CB78F78A80A98D90D9A82CB1027FD5D2CFE5ECEC32D48CD9CFDE0F15E8F355A895EFAB555F185A33697433D51D1B35B00B5F9BC0787CE1C743291E1224343D0AEE0DF8354F5A19B53113D1F9D11A5F4F9FEF1E51EBF2471110AF1BDF1452109A6BAFD9DDD8F55C0095F25D47481E0F9E63B33E5BF617BFC5205A6A7286893CB1A4B06D1549219BD002F7CBF6F07DE35FB03C6DAE49FB344EDB07164C89CA91F9B759F4B53249B13763F838D9FC4160A7E78BBD3056E7F1643606CA8873B7C6F343E5D4AD690F5B982B4061526226ECE0699AE856D455A817211DD8D25A2A75F3EC8A99FD8647BCAD4F0D2AD75A1E54C99E564AAFC072EC491405B5EE1CAA19A1DDEB6FBEE7F9D9834893997665CFC5F2EF1D61DA582238B20BEB7AAF58FA95F8432528992F6320F99579D9CC43935543CB43510D1FF9E4DC86F0E27FF28D2F484C43BACC3F745CC737DA3B8D7CF7F973A611E38D5BC5342609A9D0DB930B0E34AEC8402BC252BFF234462F8159BC"
.
Completion time: 2009-01-21 16:17:50
ComboFix-quarantined-files.txt 2009-01-21 22:17:46
ComboFix2.txt 2009-01-12 23:21:29

Pre-Run: 30,263,435,264 bytes free
Post-Run: 30,249,541,632 bytes free

260 --- E O F --- 2008-12-21 19:42:24



looking forward to your next reply ....... ty

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 21 January 2009 - 05:47 PM

thenut68

You are very welcome.

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

Driver::
cusbohcn


Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Posted Image
Microsoft MVP - Windows Security

#5 thenut68

thenut68
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 21 January 2009 - 06:30 PM

ok i did as u asked and here is the cf log.....

ComboFix 09-01-21.02 - Compaq_Owner 2009-01-21 17:15:36.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.614 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090112-0] *On-access scanning disabled* (Outdated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CUSBOHCN
-------\Service_cusbohcn


((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-12 17:35 . 2009-01-12 17:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 17:35 . 2009-01-12 17:35 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-01-12 17:35 . 2009-01-12 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-12 17:35 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 17:35 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-31 12:31 . 2008-12-31 12:31 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-31 12:31 . 2008-12-31 12:31 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-31 12:31 . 2008-12-31 12:31 <DIR> d-------- c:\program files\MSBuild
2008-12-31 12:30 . 2008-12-31 12:31 <DIR> d-------- C:\802090eb6718fcaa06
2008-12-31 12:30 . 2008-07-06 06:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-12-31 12:30 . 2008-07-06 06:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-31 12:30 . 2008-07-06 04:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-31 12:30 . 2008-07-06 06:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-12-31 12:30 . 2008-07-06 06:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-31 12:30 . 2008-07-06 06:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-12-31 12:30 . 2008-07-06 06:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-31 12:22 . 2008-12-31 12:22 <DIR> dr-h----- C:\AHCache
2008-12-25 16:20 . 2008-12-25 16:20 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Shareaza
2008-12-25 10:43 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-104345-05.jpg
2008-12-25 10:43 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-104345-04.jpg
2008-12-25 10:43 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-104345-00.jpg
2008-12-25 10:43 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-104345-03.jpg
2008-12-25 10:43 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-104345-01.jpg
2008-12-25 10:43 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-104345-02.jpg
2008-12-25 10:36 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103654-05.jpg
2008-12-25 10:36 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103621-05.jpg
2008-12-25 10:36 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103654-04.jpg
2008-12-25 10:36 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103621-04.jpg
2008-12-25 10:36 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103654-00.jpg
2008-12-25 10:36 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103621-00.jpg
2008-12-25 10:36 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103654-03.jpg
2008-12-25 10:36 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103621-03.jpg
2008-12-25 10:36 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103654-01.jpg
2008-12-25 10:36 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103621-01.jpg
2008-12-25 10:36 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103654-02.jpg
2008-12-25 10:36 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103621-02.jpg
2008-12-25 10:35 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103542-05.jpg
2008-12-25 10:35 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103537-05.jpg
2008-12-25 10:35 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103542-04.jpg
2008-12-25 10:35 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103537-04.jpg
2008-12-25 10:35 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103542-00.jpg
2008-12-25 10:35 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103537-00.jpg
2008-12-25 10:35 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103542-03.jpg
2008-12-25 10:35 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103537-03.jpg
2008-12-25 10:35 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103542-01.jpg
2008-12-25 10:35 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103537-01.jpg
2008-12-25 10:35 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103542-02.jpg
2008-12-25 10:35 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103537-02.jpg
2008-12-25 10:28 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-102838-05.jpg
2008-12-25 10:28 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-102838-04.jpg
2008-12-25 10:28 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-102838-00.jpg
2008-12-25 10:28 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-102838-03.jpg
2008-12-25 10:28 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-102838-01.jpg
2008-12-25 10:28 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-102838-02.jpg
2008-12-24 14:24 . 2008-04-13 13:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-12-24 14:24 . 2008-04-13 13:46 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-12-24 14:24 . 2008-04-13 13:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-24 14:24 . 2008-04-13 13:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-12-24 14:23 . 2008-12-24 14:23 <DIR> d-------- c:\program files\DB CIF Cam
2008-12-24 14:22 . 2008-12-24 14:22 <DIR> d-------- c:\program files\Disney Pix Downloader
2008-12-24 14:21 . 2008-12-24 14:21 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-24 14:20 . 2008-12-24 14:20 <DIR> d-------- c:\program files\Disney Pix 2.2
2008-12-24 13:39 . 2008-12-24 13:39 <DIR> d-------- c:\program files\iTunes
2008-12-24 13:39 . 2008-12-24 13:39 <DIR> d-------- c:\program files\iPod
2008-12-24 13:39 . 2008-12-24 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 13:39 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-24 13:39 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-24 13:37 . 2008-12-24 13:39 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-24 13:37 . 2008-12-24 13:37 <DIR> d-------- c:\program files\Apple Software Update
2008-12-24 13:37 . 2008-12-24 13:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-24 13:37 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-22 14:04 . 2008-12-22 14:04 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Yahoo!
2008-12-22 14:03 . 2008-12-22 14:04 <DIR> d-------- c:\program files\Yahoo!
2008-12-22 14:03 . 2008-12-22 14:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 18:22 --------- d-----w c:\program files\Yahoo! Games
2009-01-11 13:13 --------- d-----w c:\program files\World of Warcraft
2009-01-04 21:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-04 21:53 --------- d-----w c:\program files\Oberon Media
2009-01-04 21:53 --------- d-----w c:\program files\MSN Games
2008-12-31 22:32 --------- d-----w c:\program files\Shareaza
2008-12-31 20:35 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2008-12-27 15:25 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2008-12-24 20:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-24 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-24 19:38 --------- d-----w c:\program files\QuickTime
2008-12-24 01:08 --------- d-----w c:\program files\Absolute Poker
2008-12-22 20:09 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-22 18:44 --------- d-----w c:\program files\Miuchiz 2.0
2008-12-07 01:56 --------- d-----w c:\program files\Diablo II
2008-12-04 03:51 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-03 14:16 --------- d-----w c:\program files\Java
2008-12-02 13:22 --------- d-----w c:\program files\Xfire
2008-12-02 01:11 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Xfire
2008-12-02 00:44 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\IObit
2008-12-02 00:20 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\AdobeUM
2008-11-30 05:06 --------- d-----w c:\documents and settings\NetworkService\Application Data\DivX
2008-11-29 21:06 --------- d-----w c:\documents and settings\LocalService\Application Data\DivX
2008-11-29 18:40 --------- d-----w c:\program files\TVersity Codec Pack
2008-11-29 18:30 --------- d-----w c:\program files\TVersity
2008-11-29 07:00 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Media Player Classic
2008-11-29 01:10 --------- d-----w c:\program files\Combined Community Codec Pack
2008-11-29 00:52 --------- d-----w c:\program files\DivX
2008-11-26 19:28 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2008-11-25 14:48 --------- d-----w c:\program files\Microsoft Games
2008-11-23 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-11-23 08:14 164 ----a-w c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2008-11-22 01:35 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2008-11-17 23:11 98,304 ----a-w c:\windows\DUMP4e10.tmp
2008-11-17 13:49 98,304 ----a-w c:\windows\DUMP54c7.tmp
2008-07-12 01:41 22,328 ----a-w c:\documents and settings\Compaq_Owner\Application Data\PnkBstrK.sys
2008-05-16 23:43 0 --sha-w c:\documents and settings\Compaq_Owner\Application Data\0000000000t.dat
2008-01-20 16:36 1 ----a-w c:\documents and settings\Compaq_Owner\SI.bin
2001-09-25 21:02 1,486,890 ----a-w c:\documents and settings\Compaq_Owner\mc.exe
2001-09-25 15:04 41,464 ----a-w c:\documents and settings\Compaq_Owner\RegSetup.exe
2001-05-03 14:55 44,544 ----a-w c:\documents and settings\Compaq_Owner\dsetup.dll
2001-05-03 14:55 1,772,544 ----a-w c:\documents and settings\Compaq_Owner\dsetup32.dll
2008-08-10 14:35 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081020080811\index.dat
.

((((((((((((((((((((((((((((( snapshot_2009-01-12_17.20.40.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 21:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-21 23:21:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_284.dat
+ 2009-01-21 23:21:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_790.dat
+ 2009-01-21 23:23:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2007-07-17 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SiSPower"="SiSPower.dll" [2004-09-24 c:\windows\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk - c:\program files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2005-10-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\games\\RedFaction\\RedFaction.exe"=
"c:\\games\\RedFaction\\rf.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Black Isle\\BGII - SoA\\BGMain.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-24 111184]
R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;c:\windows\system32\drivers\2862WICB.sys [2007-07-04 357632]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-24 20560]
S1 StarPort;StarPort Storage Controller;c:\windows\system32\drivers\StarPort.sys [2007-07-22 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{248fc6cc-388d-11dc-a22e-0013f753618a}]
\Shell\AutoRun\command - O:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f54f186-f13f-11dc-a3ef-0013f753618a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654267061814368
.
Contents of the 'Scheduled Tasks' folder

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 17:23:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4276529055-3248274992-1477724678-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:37,1d,76,dd,11,76,dd,09,67,50,59,c6,46,61,61,d9,b9,c9,09,22,9d,6b,e0,
6e,28,eb,09,aa,09,d6,55,ee,a4,84,0e,0e,70,cb,9c,ea,30,ab,f9,1f,44,c5,94,d8,\
"??"=hex:d4,6b,20,89,e4,82,4b,f7,09,01,42,f2,b6,5f,31,49

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="140BB7BCA4F747875E6EABF46C4A7895FE01F8BEB63586DD142A4416D20DC0A6B06EAD9581D821BF1BD795A2F3699D9B08AB77EB5135852FF075CA31D38A7028F260FCE57312B9F1C65CF41C9E9C94893E9CB0BC08C426A158576098FB5EB497E367A74551B96839B22B5EC3DDAF96D65B496704040722A80DAB1A2E4FA0EA85ECE135BE977BC8E2914767F345041FAE7DF7658815B1756D351D1244F1FC2D37DF042F53E61A38F27D07ACF88F106D7025C57803AA90E2CDDA2DE420FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CC038D530D6EB34525D575E7D6A3B98080C3C7E7EAA66604A1DF2C8B58488E9F31E8C6D332166BC125DEA5579392D54C0E5C7B835C75411730D1676ACD92A25C309AE86E8722D848A9E53F547FBAFF1CE5A01F6C0CED61181D70C7F183D5B8B89A2927649BC294D229C3E75CD91C3C684785511389702C3E5C6163C0E911354458DEDB8828BD63D8572768E7CCD8A09D9F74421E5603F9307C98BCAD59C9DB768100F897D4E8800D35E5CC17469FAF4BDB1E40B4BC9C7ECBFF1D60CEB089E745C9552EBD158E444A04664D10E0160CA0F9FE0EF1BDA2EBFDB7476A401E3084B79AC2CA64D61E4BBF4B19745D195594D25E473B9BB7BD38120ABFB7D7AA12403110924417284579C4D4C91E7FE89584446C56E13C979F1A940158D44F0968FE36480D40DF542DB2319E502C80827247B322B396D948693B56853E66B2FFE3BBC2B106E1B427B6A8D3CF1ADB9149A57C297234AFBA0379927B42C54A537F86BDE91D33341727ACB1E0F896D547D73E1EC9C5C30372406B501B888396EBC863820B4117B19DAE71E9BDC682DF1D12785D25B2E0E5B8A4F71CB78F78A80A98D90D9A82CB1027FD5D2CFE5ECEC32D48CD9CFDE0F15E8F355A895EFAB555F185A33697433D51D1B35B00B5F9BC0787CE1C743291E1224343D0AEE0DF8354F5A19B53113D1F9D11A5F4F9FEF1E51EBF2471110AF1BDF1452109A6BAFD9DDD8F55C0095F25D47481E0F9E63B33E5BF617BFC5205A6A7286893CB1A4B06D1549219BD002F7CBF6F07DE35FB03C6DAE49FB344EDB07164C89CA91F9B759F4B53249B13763F838D9FC4160A7E78BBD3056E7F1643606CA8873B7C6F343E5D4AD690F5B982B4061526226ECE0699AE856D455A817211DD8D25A2A75F3EC8A99FD8647BCAD4F0D2AD75A1E54C99E564AAFC072EC491405B5EE1CAA19A1DDEB6FBEE7F9D9834893997665CFC5F2EF1D61DA582238B20BEB7AAF58FA95F8432528992F6320F99579D9CC43935543CB43510D1FF9E4DC86F0E27FF28D2F484C43BACC3F745CC737DA3B8D7CF7F973A611E38D5BC5342609A9D0DB930B0E34AEC8402BC252BFF234462F8159BC"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-21 17:26:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-21 23:26:31
ComboFix2.txt 2009-01-21 22:17:52
ComboFix3.txt 2009-01-12 23:21:29

Pre-Run: 30,241,398,784 bytes free
Post-Run: 30,226,124,800 bytes free

282 --- E O F --- 2008-12-21 19:42:24

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 21 January 2009 - 08:13 PM

thenut68

Good work.

Give me an update on how your PC is running at this point.

And do you have a USB flash drive (storage device) that you attach to this PC on a regular basis?
Posted Image
Microsoft MVP - Windows Security

#7 thenut68

thenut68
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 21 January 2009 - 08:33 PM

ok the red sheild with the white x is still popping up telling me ive got the auto update off and the virus protect off and they are all turned on
it does start up faster aside from that
i do have a 2 gig flash drive that i use for transfering files between pc's

hope this helps...

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 22 January 2009 - 09:57 AM

thenut68

ok the red sheild with the white x is still popping up telling me ive got the auto update off and the virus protect off and they are all turned on

The Combofix log shows they are turned off

AV: avast! antivirus 4.8.1296 [VPS 090112-0] *On-access scanning disabled* (Outdated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)

Which one are you using?
And have you gone into the program itself to make sure the active scan is on?
Posted Image
Microsoft MVP - Windows Security

#9 thenut68

thenut68
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 22 January 2009 - 04:30 PM

i am using the avast antivir
the norton was uninstalled from my pc a long time ago
i used the norton remove tool so there are no norton files anywhere on my pc
the avast on access scanner is running 5 of 7 providers
i did notice the combo fix turned off the Avast then it comes back on when the pc reboots
then the fake windows security alert came back on too
iwill try to attach a screen shot here if i can

#10 thenut68

thenut68
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 22 January 2009 - 04:40 PM

[attachment=12318:unknown_malware.JPG]

theres the screenshot it shows the fake security alert
and the avast is running there too...
do you think i should re install windows xp or not yet?

#11 thenut68

thenut68
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 22 January 2009 - 04:48 PM

[attachment=12320:avast_v_chest_ss.JPG]

heres a shot of the avast virus chest it shows the
virus was removed 12-31-08
but the fake windows security alert is still there....

#12 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 23 January 2009 - 10:05 AM

thenut68

The red sheild in the photo you posted is a legit warning from MS security

We may have a reg error. Do this Select Start->> Control Panel ->> With control panel in classic view Select Security Center and tell me what is displayed there.
Posted Image
Microsoft MVP - Windows Security

#13 thenut68

thenut68
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 23 January 2009 - 01:09 PM

[attachment=12383:AU_ss.JPG]


ok heres a shot of the security center

[attachment=12382:secure_center_ss.JPG]

its au is turned off......


then in au it says its on....
so now what?

#14 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 23 January 2009 - 04:48 PM

thenut68

Looks like we have some reg errors.

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000000

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus\DisableMonitoring]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\DisableMonitoring]

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
And see if that solves the problem
Posted Image
Microsoft MVP - Windows Security

#15 thenut68

thenut68
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 23 January 2009 - 05:37 PM

ok i did as u sed heres the log:

ComboFix 09-01-21.04 - Compaq_Owner 2009-01-23 16:30:11.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.583 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090123-0] *On-access scanning enabled* (Updated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-12 17:35 . 2009-01-12 17:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 17:35 . 2009-01-12 17:35 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-01-12 17:35 . 2009-01-12 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-12 17:35 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 17:35 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-31 12:31 . 2008-12-31 12:31 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-31 12:31 . 2008-12-31 12:31 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-31 12:31 . 2008-12-31 12:31 <DIR> d-------- c:\program files\MSBuild
2008-12-31 12:30 . 2008-12-31 12:31 <DIR> d-------- C:\802090eb6718fcaa06
2008-12-31 12:30 . 2008-07-06 06:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-12-31 12:30 . 2008-07-06 06:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-12-31 12:30 . 2008-07-06 04:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-12-31 12:30 . 2008-07-06 06:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-12-31 12:30 . 2008-07-06 06:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-12-31 12:30 . 2008-07-06 06:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-12-31 12:30 . 2008-07-06 06:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-12-31 12:22 . 2008-12-31 12:22 <DIR> dr-h----- C:\AHCache
2008-12-25 16:20 . 2008-12-25 16:20 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Shareaza
2008-12-25 10:43 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-104345-05.jpg
2008-12-25 10:43 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-104345-04.jpg
2008-12-25 10:43 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-104345-00.jpg
2008-12-25 10:43 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-104345-03.jpg
2008-12-25 10:43 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-104345-01.jpg
2008-12-25 10:43 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-104345-02.jpg
2008-12-25 10:36 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103654-05.jpg
2008-12-25 10:36 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103621-05.jpg
2008-12-25 10:36 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103654-04.jpg
2008-12-25 10:36 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103621-04.jpg
2008-12-25 10:36 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103654-00.jpg
2008-12-25 10:36 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103621-00.jpg
2008-12-25 10:36 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103654-03.jpg
2008-12-25 10:36 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103621-03.jpg
2008-12-25 10:36 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103654-01.jpg
2008-12-25 10:36 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103621-01.jpg
2008-12-25 10:36 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103654-02.jpg
2008-12-25 10:36 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103621-02.jpg
2008-12-25 10:35 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103542-05.jpg
2008-12-25 10:35 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-103537-05.jpg
2008-12-25 10:35 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103542-04.jpg
2008-12-25 10:35 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-103537-04.jpg
2008-12-25 10:35 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103542-00.jpg
2008-12-25 10:35 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-103537-00.jpg
2008-12-25 10:35 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103542-03.jpg
2008-12-25 10:35 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-103537-03.jpg
2008-12-25 10:35 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103542-01.jpg
2008-12-25 10:35 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-103537-01.jpg
2008-12-25 10:35 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103542-02.jpg
2008-12-25 10:35 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-103537-02.jpg
2008-12-25 10:28 . 2008-12-24 22:26 85,376 --a------ C:\2008-12-25-102838-05.jpg
2008-12-25 10:28 . 2008-12-24 04:31 82,048 --a------ C:\2008-12-25-102838-04.jpg
2008-12-25 10:28 . 2006-01-01 01:04 79,488 --a------ C:\2008-12-25-102838-00.jpg
2008-12-25 10:28 . 2008-12-24 03:48 78,720 --a------ C:\2008-12-25-102838-03.jpg
2008-12-25 10:28 . 2008-12-24 02:22 74,624 --a------ C:\2008-12-25-102838-01.jpg
2008-12-25 10:28 . 2008-12-24 03:48 69,120 --a------ C:\2008-12-25-102838-02.jpg
2008-12-24 14:24 . 2008-04-13 13:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-12-24 14:24 . 2008-04-13 13:46 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2008-12-24 14:24 . 2008-04-13 13:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-24 14:24 . 2008-04-13 13:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2008-12-24 14:23 . 2008-12-24 14:23 <DIR> d-------- c:\program files\DB CIF Cam
2008-12-24 14:22 . 2008-12-24 14:22 <DIR> d-------- c:\program files\Disney Pix Downloader
2008-12-24 14:21 . 2008-12-24 14:21 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-24 14:20 . 2008-12-24 14:20 <DIR> d-------- c:\program files\Disney Pix 2.2
2008-12-24 13:39 . 2008-12-24 13:39 <DIR> d-------- c:\program files\iTunes
2008-12-24 13:39 . 2008-12-24 13:39 <DIR> d-------- c:\program files\iPod
2008-12-24 13:39 . 2008-12-24 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 13:39 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-24 13:39 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-24 13:37 . 2008-12-24 13:39 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-24 13:37 . 2008-12-24 13:37 <DIR> d-------- c:\program files\Apple Software Update
2008-12-24 13:37 . 2008-12-24 13:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-24 13:37 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 18:22 --------- d-----w c:\program files\Yahoo! Games
2009-01-11 13:13 --------- d-----w c:\program files\World of Warcraft
2009-01-04 21:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-04 21:53 --------- d-----w c:\program files\Oberon Media
2009-01-04 21:53 --------- d-----w c:\program files\MSN Games
2008-12-31 22:32 --------- d-----w c:\program files\Shareaza
2008-12-31 20:35 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2008-12-27 15:25 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2008-12-24 20:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-24 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-24 19:38 --------- d-----w c:\program files\QuickTime
2008-12-24 01:08 --------- d-----w c:\program files\Absolute Poker
2008-12-22 20:09 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-22 20:05 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-22 20:04 --------- d-----w c:\program files\Yahoo!
2008-12-22 20:04 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Yahoo!
2008-12-22 18:44 --------- d-----w c:\program files\Miuchiz 2.0
2008-12-07 01:56 --------- d-----w c:\program files\Diablo II
2008-12-04 03:51 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-03 14:16 --------- d-----w c:\program files\Java
2008-12-02 13:22 --------- d-----w c:\program files\Xfire
2008-12-02 01:11 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Xfire
2008-12-02 00:44 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\IObit
2008-12-02 00:20 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\AdobeUM
2008-11-30 05:06 --------- d-----w c:\documents and settings\NetworkService\Application Data\DivX
2008-11-29 21:06 --------- d-----w c:\documents and settings\LocalService\Application Data\DivX
2008-11-29 18:40 --------- d-----w c:\program files\TVersity Codec Pack
2008-11-29 18:30 --------- d-----w c:\program files\TVersity
2008-11-29 07:00 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Media Player Classic
2008-11-29 01:10 --------- d-----w c:\program files\Combined Community Codec Pack
2008-11-29 00:52 --------- d-----w c:\program files\DivX
2008-11-26 19:28 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2008-11-25 14:48 --------- d-----w c:\program files\Microsoft Games
2008-11-23 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-11-23 08:14 164 ----a-w c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2008-11-20 20:44 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-11-17 23:11 98,304 ----a-w c:\windows\DUMP4e10.tmp
2008-11-17 13:49 98,304 ----a-w c:\windows\DUMP54c7.tmp
2008-11-10 11:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-26 21:46 182,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-07-12 01:41 22,328 ----a-w c:\documents and settings\Compaq_Owner\Application Data\PnkBstrK.sys
2008-05-16 23:43 0 --sha-w c:\documents and settings\Compaq_Owner\Application Data\0000000000t.dat
2008-01-20 16:36 1 ----a-w c:\documents and settings\Compaq_Owner\SI.bin
2001-09-25 21:02 1,486,890 ----a-w c:\documents and settings\Compaq_Owner\mc.exe
2001-09-25 15:04 41,464 ----a-w c:\documents and settings\Compaq_Owner\RegSetup.exe
2001-05-03 14:55 44,544 ----a-w c:\documents and settings\Compaq_Owner\dsetup.dll
2001-05-03 14:55 1,772,544 ----a-w c:\documents and settings\Compaq_Owner\dsetup32.dll
2008-08-10 14:35 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081020080811\index.dat
.

((((((((((((((((((((((((((((( snapshot_2009-01-12_17.20.40.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 21:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2006-01-09 15:36:06 40,960 ----a-w c:\windows\system32\swsc.exe
+ 2009-01-23 17:42:40 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_690.dat
+ 2009-01-22 21:17:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2007-07-17 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SiSPower"="SiSPower.dll" [2004-09-24 c:\windows\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk - c:\program files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2005-10-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\games\\RedFaction\\RedFaction.exe"=
"c:\\games\\RedFaction\\rf.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Black Isle\\BGII - SoA\\BGMain.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-24 111184]
R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;c:\windows\system32\drivers\2862WICB.sys [2007-07-04 357632]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-05-24 20560]
S1 StarPort;StarPort Storage Controller;c:\windows\system32\drivers\StarPort.sys [2007-07-22 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f54f186-f13f-11dc-a3ef-0013f753618a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654267061814368
.
Contents of the 'Scheduled Tasks' folder

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 16:33:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4276529055-3248274992-1477724678-1009\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:37,1d,76,dd,11,76,dd,09,67,50,59,c6,46,61,61,d9,b9,c9,09,22,9d,6b,e0,
6e,28,eb,09,aa,09,d6,55,ee,a4,84,0e,0e,70,cb,9c,ea,30,ab,f9,1f,44,c5,94,d8,\
"??"=hex:d4,6b,20,89,e4,82,4b,f7,09,01,42,f2,b6,5f,31,49

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="140BB7BCA4F747875E6EABF46C4A7895FE01F8BEB63586DD142A4416D20DC0A6B06EAD9581D821BF1BD795A2F3699D9B08AB77EB5135852FF075CA31D38A7028F260FCE57312B9F1C65CF41C9E9C94893E9CB0BC08C426A158576098FB5EB497E367A74551B96839B22B5EC3DDAF96D65B496704040722A80DAB1A2E4FA0EA85ECE135BE977BC8E2914767F345041FAE7DF7658815B1756D351D1244F1FC2D37DF042F53E61A38F27D07ACF88F106D7025C57803AA90E2CDDA2DE420FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CC038D530D6EB34525D575E7D6A3B98080C3C7E7EAA66604A1DF2C8B58488E9F31E8C6D332166BC125DEA5579392D54C0E5C7B835C75411730D1676ACD92A25C309AE86E8722D848A9E53F547FBAFF1CE5A01F6C0CED61181D70C7F183D5B8B89A2927649BC294D229C3E75CD91C3C684785511389702C3E5C6163C0E911354458DEDB8828BD63D8572768E7CCD8A09D9F74421E5603F9307C98BCAD59C9DB768100F897D4E8800D35E5CC17469FAF4BDB1E40B4BC9C7ECBFF1D60CEB089E745C9552EBD158E444A04664D10E0160CA0F9FE0EF1BDA2EBFDB7476A401E3084B79AC2CA64D61E4BBF4B19745D195594D25E473B9BB7BD38120ABFB7D7AA12403110924417284579C4D4C91E7FE89584446C56E13C979F1A940158D44F0968FE36480D40DF542DB2319E502C80827247B322B396D948693B56853E66B2FFE3BBC2B106E1B427B6A8D3CF1ADB9149A57C297234AFBA0379927B42C54A537F86BDE91D33341727ACB1E0F896D547D73E1EC9C5C30372406B501B888396EBC863820B4117B19DAE71E9BDC682DF1D12785D25B2E0E5B8A4F71CB78F78A80A98D90D9A82CB1027FD5D2CFE5ECEC32D48CD9CFDE0F15E8F355A895EFAB555F185A33697433D51D1B35B00B5F9BC0787CE1C743291E1224343D0AEE0DF8354F5A19B53113D1F9D11A5F4F9FEF1E51EBF2471110AF1BDF1452109A6BAFD9DDD8F55C0095F25D47481E0F9E63B33E5BF617BFC5205A6A7286893CB1A4B06D1549219BD002F7CBF6F07DE35FB03C6DAE49FB344EDB07164C89CA91F9B759F4B53249B13763F838D9FC4160A7E78BBD3056E7F1643606CA8873B7C6F343E5D4AD690F5B982B4061526226ECE0699AE856D455A817211DD8D25A2A75F3EC8A99FD8647BCAD4F0D2AD75A1E54C99E564AAFC072EC491405B5EE1CAA19A1DDEB6FBEE7F9D9834893997665CFC5F2EF1D61DA582238B20BEB7AAF58FA95F8432528992F6320F99579D9CC43935543CB43510D1FF9E4DC86F0E27FF28D2F484C43BACC3F745CC737DA3B8D7CF7F973A611E38D5BC5342609A9D0DB930B0E34AEC8402BC252BFF234462F8159BC"
.
Completion time: 2009-01-23 16:34:59
ComboFix-quarantined-files.txt 2009-01-23 22:34:54
ComboFix2.txt 2009-01-21 23:26:36
ComboFix3.txt 2009-01-21 22:17:52
ComboFix4.txt 2009-01-12 23:21:29

Pre-Run: 30,386,708,480 bytes free
Post-Run: 30,372,667,392 bytes free

274 --- E O F --- 2008-12-21 19:42:24


ps
the security alert is still there.......




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users