Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected? No None Viruses


  • This topic is locked This topic is locked
16 replies to this topic

#1 yungvilleprod

yungvilleprod

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 15 April 2009 - 12:31 AM

when i would i would do a yahoo search and click on the links provided i would always get redirected to another site initailly it changed my dns settings so i couldnt get on the internet but i fixed that please help me. It also slowed down my loading time tremendously. I have an audition on saturday and i need to do some mastering. Thanks for the help in advance!!!! Here is the log

BTW i also did not have a anti virus at the time

P.S. Sorry about the bad post

DDS (Ver_09-03-16.01) - NTFSx86
Run by da studio at 1:19:13.48 on Wed 04/15/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1712 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\System32\MAFWDITray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\da studio\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {4db9878b-c7b0-4719-ae56-2cdb0c2cde6f} - c:\windows\system32\cdfvie.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
mRun: [M-Audio Taskbar Icon] c:\windows\system32\MAFWDITray.exe
mRun: [MAFWDITaskbarApp] c:\windows\system32\MAFWdiTray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.209,85.255.112.191
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dastud~1\applic~1\mozilla\firefox\profiles\ornax8zl.default\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-3-11 16384]
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
R0 mewwmjkz;mewwmjkz;c:\windows\system32\drivers\mewwmjkz.sys [2004-8-4 23424]
R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-4-12 227344]
R2 WUSB54GSSVC;WUSB54GSSVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2009-4-5 41025]
R3 klfltdev;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 MAFWDICE;Service for M-Audio ProFire Driver (WDM);c:\windows\system32\drivers\mafwdi.sys [2009-3-11 203016]
S2 avp;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 206088]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-4-13 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-4-13 29208]
S4 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-5-1 143360]

=============== Created Last 30 ================

2009-04-14 20:10 <DIR> --d----- c:\program files\Trend Micro
2009-04-13 21:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-04-13 21:55 <DIR> --d----- c:\program files\Security Task Manager
2009-04-13 20:13 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-04-13 20:11 <DIR> --d----- c:\windows\ERUNT
2009-04-13 20:09 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-04-13 20:09 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-04-13 19:45 664 a------- c:\windows\system32\d3d9caps.dat
2009-04-12 15:53 96,976 a------- c:\windows\system32\drivers\klin.dat
2009-04-12 15:53 87,855 a------- c:\windows\system32\drivers\klick.dat
2009-04-12 15:52 <DIR> --d----- c:\program files\Kaspersky Lab
2009-04-12 15:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-04-12 15:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-04-12 15:06 155 a------- c:\windows\system32\SelfDel.bat
2009-04-12 15:06 84,045 a------- c:\windows\system32\ftp_non_crp.exe
2009-04-12 14:51 109,010 a------- c:\windows\system32\drivers\7a20c4e2.sys
2009-04-11 00:16 <DIR> --d----- c:\program files\Vstplugins
2009-04-11 00:14 97,792 a------- c:\windows\system32\cdfvie.dll
2009-04-11 00:00 <DIR> --d----- c:\program files\iPrep 101
2009-04-10 17:04 <DIR> --d----- c:\program files\X-Projects
2009-04-10 16:43 <DIR> --d----- c:\docume~1\dastud~1\applic~1\Xbins
2009-04-08 04:33 <DIR> --d----- c:\docume~1\dastud~1\applic~1\Red Kawa
2009-04-07 14:24 <DIR> --d----- c:\program files\Innovative Solutions
2009-04-07 14:24 <DIR> --d----- c:\program files\Intel Desktop Board
2009-04-07 13:52 361,600 ac------ c:\windows\system32\dllcache\tcpip.sys.ORIGINAL
2009-04-07 13:52 361,600 a------- c:\windows\system32\drivers\tcpip.sys.ORIGINAL
2009-04-07 10:54 <DIR> --d----- c:\program files\YouTube Downloader
2009-04-07 10:49 <DIR> --d----- c:\docume~1\dastud~1\applic~1\FrostWire
2009-04-07 10:49 <DIR> --d----- c:\program files\FrostWire
2009-04-06 08:12 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-06 08:12 666,112 -c------ c:\windows\system32\dllcache\wininet.dll
2009-04-06 08:12 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-04-06 08:12 619,520 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-04-06 08:12 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-06 08:12 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-06 08:12 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-06 08:12 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-06 08:11 3,067,904 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-04-06 08:11 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-06 08:10 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-06 08:10 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-06 08:10 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-04-06 08:09 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-06 08:09 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-06 08:08 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-04-06 08:08 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-06 08:08 <DIR> --d-h--- c:\windows\$hf_mig$
2009-04-06 00:52 144,896 -c------ c:\windows\system32\dllcache\schannel.dll
2009-04-06 00:45 <DIR> --d----- c:\program files\Regensoft
2009-04-06 00:45 <DIR> --d----- c:\program files\AviSynth 2.5
2009-04-06 00:45 <DIR> --d----- c:\program files\Red Kawa
2009-04-06 00:21 <DIR> --d----- c:\program files\common files\Sony Shared
2009-04-06 00:20 <DIR> --d----- c:\program files\Sony
2009-04-06 00:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Corporation
2009-04-06 00:20 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-06 00:19 <DIR> --d----- C:\aa107926ac6f7163820e90
2009-04-06 00:19 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-05 21:21 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-04-05 19:49 <DIR> --d----- c:\docume~1\dastud~1\applic~1\WinBatch
2009-04-05 19:11 <DIR> --d----- c:\program files\Sony Setup
2009-04-05 18:56 <DIR> --d----- C:\Downloads
2009-04-05 18:56 <DIR> --d----- c:\program files\BitComet
2009-04-05 18:38 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-05 18:38 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-05 16:15 15,781 a------- c:\windows\system32\drivers\mdc8021x.sys
2009-04-05 16:15 479,232 a------- c:\windows\system32\AegisE5.dll
2009-04-05 16:15 94,208 a------- c:\windows\system32\GTW32N50.dll
2009-04-05 16:15 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2009-04-05 16:15 17,992 a------- c:\windows\system32\bcm42rly.sys
2009-04-05 16:15 15,872 a------- c:\windows\system32\GTNDIS5.sys
2009-04-05 16:15 7,419 a------- c:\windows\system32\WUSB54GS.cat
2009-04-05 16:15 651,264 a------- c:\windows\system32\libeay32.dll
2009-04-05 16:15 147,456 a------- c:\windows\system32\ssleay32.dll
2009-04-05 16:15 <DIR> --d----- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-04-05 16:15 1,381 a------- c:\windows\system32\WLAN.INI
2009-04-05 16:15 <DIR> --d----- C:\Linksys Driver
2009-04-04 01:44 <DIR> --d----- c:\windows\system32\NtmsData
2009-03-24 23:49 <DIR> --d----- c:\program files\Cakewalk
2009-03-22 00:52 905,290 a------- c:\windows\system32\libmmd.dll
2009-03-22 00:52 <DIR> --d----- c:\program files\PSP VintageWarmer
2009-03-21 00:06 <DIR> --d----- c:\program files\ASIO4ALL v2
2009-03-21 00:06 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-03-21 00:05 <DIR> --d----- c:\program files\Outsim
2009-03-21 00:04 <DIR> --d----- c:\program files\Image-Line
2009-03-18 02:22 116 a------- c:\windows\NeroDigital.ini
2009-03-18 02:16 <DIR> --d----- c:\program files\Nero

==================== Find3M ====================

2009-04-07 13:52 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2009-03-22 17:10 786 a------- c:\windows\fonts\Ambrosia.pfm
2009-03-11 23:34 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-11 23:21 368,640 a------- c:\windows\system32\ReWire.dll
2009-03-11 23:21 233,472 -------- c:\windows\system32\REX Shared Library.dll
2009-03-11 22:56 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-18 14:44 13,680,640 a------- c:\windows\system32\nvcpl.dll
2009-02-17 00:17 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys

============= FINISH: 1:19:36.10 ===============

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:10 AM

Posted 15 April 2009 - 12:43 AM

Hello yungvilleprod,

Posted Image

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 yungvilleprod

yungvilleprod
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 15 April 2009 - 01:01 AM

hey thanks for the help but the malwarebytes would not launch and here is the log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:15 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {4DB9878B-C7B0-4719-AE56-2CDB0C2CDE6F} - C:\WINDOWS\system32\cdfvie.dll
O2 - BHO: IEVkbdBHO - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\MAFWDITray.exe
O4 - HKLM\..\Run: [MAFWDITaskbarApp] C:\WINDOWS\system32\MAFWdiTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O9 - Extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 4768 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:10 AM

Posted 15 April 2009 - 01:06 AM

Hello,

I need the log made in normal mode, please. Don't boot into safe mode unless I ask you to. :thumbup2:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.


If ComboFix will not run the first time, then rename ComboFix.exe to yungville.exe and try it again. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 yungvilleprod

yungvilleprod
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 15 April 2009 - 01:29 AM

this is the combo log

ComboFix 09-04-15.08 - da studio 04/15/2009 2:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1847 [GMT -4:00]
Running from: c:\documents and settings\da studio\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxckbqvdlvmpjotepavbipyvtqpxwqtympq.sys
c:\windows\system32\drivers\ovfsthmhtkbibukjbrtnioicxotykaebrvldys.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcjwsoiofrsncyoddndmuurnppycyprskt.dll
c:\windows\system32\ovfsthckymtdsxsdvmsqxmuguiydmaljluoxkm.dll
c:\windows\system32\ovfsthmnwxaxpwwhsxfxtskisixwpdgkyurvou.dat
c:\windows\system32\ovfsthvbdabxorlpowgmtypkiuigchtafiqkac.dll
c:\windows\system32\ovfsthwgjdvleihgqyvtpljcyfbipftdrdyepy.dll
c:\windows\system32\ovfsthxfvsuvanejrmubwtsqkvlgyaxjbprlol.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthnqeixdxrlagppruwxmeykvmfmeqspwuf
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-15 06:19 . 2009-04-15 06:23 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-15 06:19 . 2009-04-15 06:23 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-15 06:19 . 2009-04-15 06:23 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-15 06:19 . 2009-04-15 06:23 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-15 05:45 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 05:45 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 05:45 . 2009-04-15 05:45 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-14 02:10 . 2009-04-14 02:10 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Help
2009-04-14 01:55 . 2009-04-14 02:08 -------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
2009-04-14 00:13 . 2009-04-14 00:13 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-14 00:11 . 2009-04-14 00:12 -------- d-----w c:\windows\ERUNT
2009-04-14 00:10 . 2009-04-14 00:10 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-14 00:09 . 2009-04-14 00:09 50968 ----a-w c:\windows\system32\avgfwdx.dll
2009-04-14 00:09 . 2009-04-14 00:09 29208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2009-04-13 23:46 . 2009-04-13 23:46 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-04-13 23:45 . 2009-04-13 23:46 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-12 19:53 . 2009-04-12 19:53 96976 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-12 19:53 . 2009-04-12 19:53 87855 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-12 19:52 . 2009-04-12 19:52 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-12 19:51 . 2009-04-12 19:51 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-12 19:06 . 2009-04-12 19:06 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-12 19:06 . 2009-04-12 19:06 84045 ----a-w c:\windows\system32\ftp_non_crp.exe
2009-04-12 18:51 . 2009-04-15 06:25 109010 ----a-w c:\windows\system32\drivers\7a20c4e2.sys
2009-04-11 04:14 . 2008-04-14 10:41 97792 ----a-w c:\windows\system32\cdfvie.dll
2009-04-11 04:14 . 2009-04-11 04:14 125440 ----a-w c:\documents and settings\da studio\Local Settings\Application Data\CheckForUpdates.exe
2009-04-11 04:14 . 2009-04-11 04:14 108346 ----a-w c:\documents and settings\da studio\Local Settings\Application Data\Codec_Setup_1240.exe
2009-04-11 04:14 . 2009-04-11 04:14 24576 ----a-w c:\documents and settings\da studio\Local Settings\Application Data\codecsetup8815.exe
2009-04-10 20:43 . 2009-04-10 20:43 -------- d-----w c:\documents and settings\da studio\Application Data\Xbins
2009-04-08 08:33 . 2009-04-08 08:33 -------- d-----w c:\documents and settings\da studio\Application Data\Red Kawa
2009-04-07 18:24 . 2009-04-07 18:24 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Innovative Solutions
2009-04-07 17:52 . 2008-06-20 11:51 361600 -c--a-w c:\windows\system32\dllcache\tcpip.sys.ORIGINAL
2009-04-07 17:52 . 2008-06-20 11:51 361600 ----a-w c:\windows\system32\drivers\tcpip.sys.ORIGINAL
2009-04-07 14:49 . 2009-04-10 06:26 -------- d-----w c:\documents and settings\da studio\Application Data\FrostWire
2009-04-06 12:12 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-06 12:12 . 2008-10-16 01:00 666112 -c----w c:\windows\system32\dllcache\wininet.dll
2009-04-06 12:12 . 2008-10-16 01:00 619520 -c----w c:\windows\system32\dllcache\urlmon.dll
2009-04-06 12:12 . 2008-10-16 01:00 1499136 -c----w c:\windows\system32\dllcache\shdocvw.dll
2009-04-06 12:12 . 2008-08-14 10:09 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-06 12:12 . 2008-08-14 10:11 2189184 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-06 12:12 . 2008-08-14 09:33 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-06 12:12 . 2008-08-14 09:33 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-06 12:11 . 2008-12-12 17:01 3067904 -c----w c:\windows\system32\dllcache\mshtml.dll
2009-04-06 12:11 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-06 12:10 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-06 12:10 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-06 12:10 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-04-06 12:09 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-06 12:09 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-06 12:08 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-04-06 12:08 . 2009-04-07 14:50 -------- d--h--w c:\windows\$hf_mig$
2009-04-06 04:56 . 2009-04-10 01:35 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-06 04:52 . 2008-12-05 06:54 144896 -c----w c:\windows\system32\dllcache\schannel.dll
2009-04-06 04:22 . 2009-04-06 04:22 -------- d-----w c:\documents and settings\da studio\Application Data\Sony
2009-04-06 04:22 . 2009-04-06 04:22 -------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-04-06 04:22 . 2009-04-11 04:18 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Sony
2009-04-06 04:21 . 2009-04-06 04:21 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Apple
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Apple Computer
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Downloaded Installations
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-04-06 04:20 . 2008-04-14 10:42 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-06 04:19 . 2009-04-06 04:20 -------- d-----w C:\aa107926ac6f7163820e90
2009-04-06 04:19 . 2009-04-06 04:20 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-06 04:19 . 2009-04-06 04:19 -------- d-----w c:\windows\system32\LogFiles
2009-04-05 23:49 . 2009-04-05 23:49 -------- d-----w c:\documents and settings\da studio\Application Data\WinBatch
2009-04-05 23:11 . 2009-04-06 04:08 -------- d-----w c:\documents and settings\da studio\Application Data\Sony Setup
2009-04-05 22:56 . 2009-04-10 20:53 -------- d-----w C:\Downloads
2009-04-05 22:38 . 2009-04-05 22:38 -------- d-----w c:\windows\Sun
2009-04-05 22:38 . 2009-04-05 22:38 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-05 22:38 . 2009-04-05 22:38 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-05 20:15 . 2004-05-26 18:54 15781 ----a-w c:\windows\system32\drivers\mdc8021x.sys
2009-04-05 20:15 . 2005-02-01 22:18 17992 ----a-w c:\windows\system32\bcm42rly.sys
2009-04-05 20:15 . 2004-10-04 16:20 7419 ----a-w c:\windows\system32\WUSB54GS.cat
2009-04-05 20:15 . 2003-11-21 02:03 479232 ----a-w c:\windows\system32\AegisE5.dll
2009-04-05 20:15 . 2003-10-13 19:30 94208 ----a-w c:\windows\system32\GTW32N50.dll
2009-04-05 20:15 . 2003-09-26 03:28 31930 ----a-w c:\windows\system32\GTNDIS3.VXD
2009-04-05 20:15 . 2003-09-26 02:15 15872 ----a-w c:\windows\system32\GTNDIS5.sys
2009-04-05 20:15 . 2003-11-21 02:03 651264 ----a-w c:\windows\system32\libeay32.dll
2009-04-05 20:15 . 2003-11-21 02:03 147456 ----a-w c:\windows\system32\ssleay32.dll
2009-04-05 20:15 . 2009-04-05 20:15 1381 ----a-w c:\windows\system32\WLAN.INI
2009-04-05 20:15 . 2009-04-05 20:15 -------- d-----w C:\Linksys Driver
2009-04-05 19:45 . 2009-04-05 19:45 0 ----a-w c:\windows\nsreg.dat
2009-04-05 19:45 . 2009-04-05 19:45 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Mozilla
2009-04-04 05:44 . 2009-04-14 23:54 -------- d-----w c:\windows\system32\NtmsData
2009-03-22 04:52 . 2002-03-21 03:22 905290 ----a-w c:\windows\system32\libmmd.dll
2009-03-21 04:06 . 2002-07-07 22:14 1294336 ----a-w c:\windows\system32\vorbis.acm
2009-03-18 07:00 . 2009-03-18 07:02 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\WMTools Downloaded Files
2009-03-18 06:22 . 2009-04-11 21:43 116 ----a-w c:\windows\NeroDigital.ini
2009-03-18 06:19 . 2009-03-18 06:20 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Ahead
2009-03-18 06:16 . 2009-03-18 06:20 -------- d-----w c:\documents and settings\da studio\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 05:54 . 2009-04-15 05:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 00:10 . 2009-04-15 00:10 -------- d-----w c:\program files\Trend Micro
2009-04-14 23:43 . 2009-03-13 07:33 -------- d-----w c:\documents and settings\da studio\Application Data\Digidesign
2009-04-14 02:10 . 2009-04-14 01:55 -------- d-----w c:\program files\Security Task Manager
2009-04-14 02:00 . 2009-04-05 22:56 -------- d-----w c:\program files\BitComet
2009-04-12 19:52 . 2009-04-12 19:52 -------- d-----w c:\program files\Kaspersky Lab
2009-04-11 04:16 . 2009-04-11 04:16 -------- d-----w c:\program files\Vstplugins
2009-04-11 04:16 . 2009-04-06 04:20 -------- d-----w c:\program files\Sony
2009-04-11 04:14 . 2009-04-05 23:11 -------- d-----w c:\program files\Sony Setup
2009-04-11 04:00 . 2009-04-11 04:00 -------- d-----w c:\program files\iPrep 101
2009-04-10 21:04 . 2009-04-10 21:04 -------- d-----w c:\program files\X-Projects
2009-04-10 01:35 . 2009-04-06 04:56 -------- d-----w c:\program files\NOS
2009-04-10 01:32 . 2009-03-12 03:49 -------- d-----w c:\documents and settings\da studio\Application Data\PACE Anti-Piracy
2009-04-10 01:32 . 2009-03-12 03:49 -------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-04-07 19:52 . 2009-04-07 19:52 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-07 19:51 . 2009-03-13 06:49 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 18:24 . 2009-04-07 18:24 -------- d-----w c:\program files\Innovative Solutions
2009-04-07 18:24 . 2009-04-07 18:24 -------- d-----w c:\program files\Intel Desktop Board
2009-04-07 17:52 . 2004-08-04 12:00 361600 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-07 14:54 . 2009-04-07 14:54 -------- d-----w c:\program files\YouTube Downloader
2009-04-07 14:50 . 2009-04-07 14:49 -------- d-----w c:\program files\FrostWire
2009-04-06 04:45 . 2009-04-06 04:45 -------- d-----w c:\program files\Regensoft
2009-04-06 04:45 . 2009-04-06 04:45 -------- d-----w c:\program files\AviSynth 2.5
2009-04-06 04:45 . 2009-04-06 04:45 -------- d-----w c:\program files\Red Kawa
2009-04-06 04:21 . 2009-04-06 04:21 -------- d-----w c:\program files\Common Files\Sony Shared
2009-04-06 04:21 . 2009-04-06 04:21 -------- d-----w c:\program files\QuickTime
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\program files\Apple Software Update
2009-04-05 22:37 . 2009-04-05 22:37 -------- d-----w c:\program files\Java
2009-04-05 20:15 . 2009-04-05 20:15 -------- d-----w c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-04-05 20:15 . 2009-03-12 03:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 20:15 . 2009-04-05 20:15 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-30 19:06 . 2009-03-12 03:38 15608 ----a-w c:\documents and settings\da studio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-25 03:52 . 2009-03-25 03:49 -------- d-----w c:\program files\Cakewalk
2009-03-22 20:51 . 2009-03-16 02:49 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-22 04:52 . 2009-03-22 04:52 -------- d-----w c:\program files\PSP VintageWarmer
2009-03-21 04:06 . 2009-03-21 04:06 -------- d-----w c:\program files\ASIO4ALL v2
2009-03-21 04:06 . 2009-03-21 04:04 -------- d-----w c:\program files\Image-Line
2009-03-21 04:05 . 2009-03-21 04:05 -------- d-----w c:\program files\Outsim
2009-03-18 06:16 . 2009-03-18 06:16 -------- d-----w c:\program files\Common Files\Ahead
2009-03-18 06:16 . 2009-03-18 06:16 -------- d-----w c:\program files\Nero
2009-03-16 02:47 . 2009-03-16 02:47 -------- d-----w c:\program files\Bonjour
2009-03-16 02:41 . 2009-03-16 02:41 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-15 22:48 . 2009-03-15 22:48 -------- d-----w c:\program files\Antares Audio Technologies
2009-03-13 22:25 . 2009-03-13 21:56 -------- d-----w c:\program files\Waves
2009-03-13 22:09 . 2009-03-13 22:09 -------- d-----w c:\program files\FXpansion
2009-03-13 21:56 . 2009-03-13 21:56 -------- d-----w c:\documents and settings\da studio\Application Data\Waves Audio
2009-03-13 21:56 . 2009-03-13 21:55 -------- d-----w c:\program files\TC Native Bundle
2009-03-13 21:55 . 2009-03-13 21:55 -------- d-----w c:\program files\Steinberg
2009-03-13 06:50 . 2009-03-13 06:50 -------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-03-13 06:45 . 2009-03-12 03:18 -------- d-----w c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-03-13 06:45 . 2009-03-12 03:18 -------- d-----w c:\documents and settings\da studio\Application Data\Propellerhead Software
2009-03-13 06:45 . 2009-03-13 06:44 -------- d-----w c:\program files\Recycle
2009-03-12 22:17 . 2009-03-12 22:12 -------- d-----w c:\program files\KORG
2009-03-12 04:43 . 2009-03-12 04:43 -------- d-----w c:\program files\R-Studio
2009-03-12 04:00 . 2009-03-12 04:00 -------- d-----w c:\program files\Common Files\Mediafour
2009-03-12 04:00 . 2009-03-12 04:00 -------- d-----w c:\documents and settings\All Users\Application Data\Mediafour
2009-03-12 04:00 . 2009-03-12 04:00 -------- d-----w c:\program files\Mediafour
2009-03-12 03:52 . 2009-03-12 03:52 -------- d-----w c:\program files\Common Files\Trillium Lane
2009-03-12 03:52 . 2009-03-12 03:45 -------- d-----w c:\program files\Digidesign
2009-03-12 03:49 . 2009-03-12 03:49 -------- d-----w c:\program files\Common Files\PACE Anti-Piracy
2009-03-12 03:45 . 2009-03-12 03:45 -------- d-----w c:\program files\InterLok
2009-03-12 03:45 . 2009-03-12 03:45 -------- d-----w c:\program files\Common Files\Digidesign
2009-03-12 03:34 . 2009-03-12 02:58 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-12 03:30 . 2004-08-04 12:00 250048 --sha-r C:\ntldr
2009-03-12 03:21 . 2009-03-12 03:21 368640 ----a-w c:\windows\system32\ReWire.dll
2009-03-12 03:21 . 2009-03-12 03:21 233472 ------w c:\windows\system32\REX Shared Library.dll
2009-03-12 03:18 . 2009-03-12 03:18 -------- d-----w c:\program files\Propellerhead
2009-03-12 03:16 . 2009-03-12 03:16 -------- d-----w c:\program files\PowerISO
2009-03-12 03:11 . 2009-03-12 03:11 -------- d-----w c:\program files\M-Audio
2009-03-12 03:11 . 2009-03-12 03:11 -------- d-----w c:\documents and settings\da studio\Application Data\InstallShield
2009-03-12 02:59 . 2009-03-12 02:59 -------- d-----w c:\program files\microsoft frontpage
2009-03-12 02:56 . 2009-03-12 02:56 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-17 04:17 . 2009-03-12 03:15 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-14 05:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 05:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[-] 2009-04-07 17:52 361600 3CF3A7B11E4A1DF6CD13B41A76E8B53E c:\windows\system32\dllcache\tcpip.sys
[-] 2009-04-07 17:52 361600 3CF3A7B11E4A1DF6CD13B41A76E8B53E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DB9878B-C7B0-4719-AE56-2CDB0C2CDE6F}]
2008-04-14 10:41 97792 ----a-w c:\windows\system32\cdfvie.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\System32\MAFWDITray.exe" [2008-04-01 317960]
"MAFWDITaskbarApp"="c:\windows\system32\MAFWdiTray.exe" [2008-04-01 317960]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-05 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]

[HKLM\~\startupfolder\C:^Documents and Settings^da studio^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\da studio\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}]
2005-10-28 21:25 94208 ----a-w c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2009-03-19 18:38 5395288 ----a-w c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mdgetstarted.exe]
2007-06-13 18:23 139264 ----a-w c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
2001-07-09 15:50 155648 ----a-w c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon]
2009-02-18 18:44 13680640 ----a-w c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter]
2009-02-18 19:44 86016 ----a-w c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B179023B-6238-4499-8F26-CD73E9D90E0A}]
2007-07-12 15:57 179288 ----a-w c:\program files\Mediafour\MacDrive 7\MacDrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"MacDriveService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"BITS"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Documents and Settings\\da studio\\Desktop\\xbins.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17126:TCP"= 17126:TCP:BitComet 17126 TCP
"17126:UDP"= 17126:UDP:BitComet 17126 UDP

R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-04-14 29208]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-04-14 29208]
R4 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2006-12-09 16384]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MDPMGRNT; [x]
S0 mewwmjkz;mewwmjkz;c:\windows\system32\drivers\mewwmjkz.sys [2004-08-04 23424]
S2 WUSB54GSSVC;WUSB54GSSVC; [x]
S3 klfltdev;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 MAFWDICE;Service for M-Audio ProFire Driver (WDM);c:\windows\system32\DRIVERS\mafwdi.sys [2008-04-01 203016]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\da studio\Application Data\Mozilla\Firefox\Profiles\ornax8zl.default\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 02:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\7a20c4e2]
"ImagePath"="\SystemRoot\System32\drivers\7a20c4e2.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2176)
c:\program files\Mediafour\MacDrive 7\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 7\MACDRAPI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-15 2:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-15 06:27

Pre-Run: 208,484,986,880 bytes free
Post-Run: 208,977,256,448 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

333 --- E O F --- 2009-04-07 14:51




this is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:37 AM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\MAFWDITray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {4DB9878B-C7B0-4719-AE56-2CDB0C2CDE6F} - C:\WINDOWS\system32\cdfvie.dll
O2 - BHO: IEVkbdBHO - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\MAFWDITray.exe
O4 - HKLM\..\Run: [MAFWDITaskbarApp] C:\WINDOWS\system32\MAFWdiTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 4597 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:10 AM

Posted 15 April 2009 - 01:34 AM

Hello,

Durned rootkits....that's why MBAM would not run. :thumbup2: See if it will run now and post the report for me, please. You may have to get a fresh copy first. How is it running now? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 yungvilleprod

yungvilleprod
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 15 April 2009 - 01:45 AM

running a whole lot better and heres the log
p.s. can i install kaspersky now?



Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3

4/15/2009 2:41:20 AM
mbam-log-2009-04-15 (02-41-20).txt

Scan type: Quick Scan
Objects scanned: 67820
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4db9878b-c7b0-4719-ae56-2cdb0c2cde6f} (Trojan.Downloader) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4db9878b-c7b0-4719-ae56-2cdb0c2cde6f} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4db9878b-c7b0-4719-ae56-2cdb0c2cde6f} (Trojan.Downloader) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\cdfvie.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\ftp_non_crp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\da studio\Local Settings\Temp\pblvpsex.dat (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\da studio\Local Settings\Application Data\CheckForUpdates.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\Documents and Settings\da studio\Local Settings\Application Data\codecsetup8815.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\da studio\Local Settings\Application Data\Codec_Setup_1240.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Edited by yungvilleprod, 15 April 2009 - 01:50 AM.


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:10 AM

Posted 15 April 2009 - 02:00 AM

Hello,

Good to know it's better, and yes install it. Run a full system scan with it and let it clean all it finds. In your reply, post the report and another HijackThis log. Hopefully we're almost done here. :thumbup2:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 yungvilleprod

yungvilleprod
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 15 April 2009 - 10:04 AM

kasperskey will install but it wont enable the protection mechanism please help me

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:10 AM

Posted 15 April 2009 - 10:11 AM

Is this a fresh download of it? Have another run with ComboFix before you try again.......that's some nasty stuff you had on there. Post the report, please. :thumbup2:

Thanka,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 yungvilleprod

yungvilleprod
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 15 April 2009 - 11:46 PM

yes it was



Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3

4/16/2009 12:38:31 AM
mbam-log-2009-04-16 (00-38-31).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 171789
Time elapsed: 56 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4db9878b-c7b0-4719-ae56-2cdb0c2cde6f} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4db9878b-c7b0-4719-ae56-2cdb0c2cde6f} (Trojan.BHO.H) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\cdfvie.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Documents and Settings\da studio\Local Settings\Temp\pblvpsex.dat (Rootkit.Agent) -> Delete on reboot.

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:10 AM

Posted 15 April 2009 - 11:50 PM

Okay....but that's not ComboFix like I asked for. Could you please run ComboFix and post that report, please? :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 yungvilleprod

yungvilleprod
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 16 April 2009 - 01:16 AM

ComboFix 09-04-15.08 - da studio 04/16/2009 2:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1516 [GMT -4:00]
Running from: c:\documents and settings\da studio\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-16 06:09 . 2009-04-16 06:09 61440 ----a-w c:\windows\system32\drivers\jmjwp.sys
2009-04-15 12:34 . 2009-04-16 01:23 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-15 12:34 . 2009-04-16 01:23 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-15 12:33 . 2009-04-16 01:06 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-15 12:33 . 2009-04-16 01:05 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-15 12:33 . 2009-04-16 01:05 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-15 12:33 . 2009-04-16 01:05 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-15 12:33 . 2009-04-16 01:05 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-15 12:33 . 2009-04-15 12:34 -------- d-----w c:\windows\LastGood
2009-04-15 12:29 . 2009-04-15 12:29 -------- d-----w c:\windows\LastGood.Tmp
2009-04-15 06:36 . 2009-04-15 06:36 -------- d-----w c:\documents and settings\da studio\Application Data\Malwarebytes
2009-04-15 05:45 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 05:45 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 05:45 . 2009-04-15 05:45 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-14 02:10 . 2009-04-14 02:10 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Help
2009-04-14 01:55 . 2009-04-14 02:08 -------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
2009-04-14 00:13 . 2009-04-14 00:13 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-14 00:11 . 2009-04-14 00:12 -------- d-----w c:\windows\ERUNT
2009-04-14 00:10 . 2009-04-14 00:10 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-14 00:09 . 2009-04-14 00:09 50968 ----a-w c:\windows\system32\avgfwdx.dll
2009-04-14 00:09 . 2009-04-14 00:09 29208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2009-04-13 23:46 . 2009-04-13 23:46 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-04-13 23:45 . 2009-04-13 23:46 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-12 19:51 . 2009-04-12 19:51 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-12 19:06 . 2009-04-12 19:06 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-12 18:51 . 2009-04-16 06:14 109010 ----a-w c:\windows\system32\drivers\7a20c4e2.sys
2009-04-11 04:14 . 2008-04-14 10:41 97792 ----a-w c:\windows\system32\cdfvie.dll
2009-04-10 20:43 . 2009-04-10 20:43 -------- d-----w c:\documents and settings\da studio\Application Data\Xbins
2009-04-08 08:33 . 2009-04-08 08:33 -------- d-----w c:\documents and settings\da studio\Application Data\Red Kawa
2009-04-07 18:24 . 2009-04-07 18:24 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Innovative Solutions
2009-04-07 17:52 . 2008-06-20 11:51 361600 -c--a-w c:\windows\system32\dllcache\tcpip.sys.ORIGINAL
2009-04-07 17:52 . 2008-06-20 11:51 361600 ----a-w c:\windows\system32\drivers\tcpip.sys.ORIGINAL
2009-04-07 14:49 . 2009-04-10 06:26 -------- d-----w c:\documents and settings\da studio\Application Data\FrostWire
2009-04-06 12:12 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-06 12:12 . 2008-10-16 01:00 666112 -c----w c:\windows\system32\dllcache\wininet.dll
2009-04-06 12:12 . 2008-10-16 01:00 619520 -c----w c:\windows\system32\dllcache\urlmon.dll
2009-04-06 12:12 . 2008-10-16 01:00 1499136 -c----w c:\windows\system32\dllcache\shdocvw.dll
2009-04-06 12:12 . 2008-08-14 10:09 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-06 12:12 . 2008-08-14 10:11 2189184 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-06 12:12 . 2008-08-14 09:33 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-06 12:12 . 2008-08-14 09:33 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-06 12:11 . 2008-12-12 17:01 3067904 -c----w c:\windows\system32\dllcache\mshtml.dll
2009-04-06 12:11 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-06 12:10 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-06 12:10 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-06 12:10 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-04-06 12:09 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-06 12:09 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-06 12:08 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-04-06 12:08 . 2009-04-07 14:50 -------- d--h--w c:\windows\$hf_mig$
2009-04-06 04:56 . 2009-04-10 01:35 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-06 04:52 . 2008-12-05 06:54 144896 -c----w c:\windows\system32\dllcache\schannel.dll
2009-04-06 04:22 . 2009-04-06 04:22 -------- d-----w c:\documents and settings\da studio\Application Data\Sony
2009-04-06 04:22 . 2009-04-06 04:22 -------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-04-06 04:22 . 2009-04-11 04:18 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Sony
2009-04-06 04:21 . 2009-04-06 04:21 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Apple
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Apple Computer
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Downloaded Installations
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-04-06 04:20 . 2008-04-14 10:42 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-06 04:19 . 2009-04-06 04:20 -------- d-----w C:\aa107926ac6f7163820e90
2009-04-06 04:19 . 2009-04-06 04:20 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-06 04:19 . 2009-04-06 04:19 -------- d-----w c:\windows\system32\LogFiles
2009-04-05 23:49 . 2009-04-05 23:49 -------- d-----w c:\documents and settings\da studio\Application Data\WinBatch
2009-04-05 23:11 . 2009-04-06 04:08 -------- d-----w c:\documents and settings\da studio\Application Data\Sony Setup
2009-04-05 22:56 . 2009-04-10 20:53 -------- d-----w C:\Downloads
2009-04-05 22:38 . 2009-04-05 22:38 -------- d-----w c:\windows\Sun
2009-04-05 22:38 . 2009-04-05 22:38 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-05 22:38 . 2009-04-05 22:38 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-05 20:15 . 2004-05-26 18:54 15781 ----a-w c:\windows\system32\drivers\mdc8021x.sys
2009-04-05 20:15 . 2005-02-01 22:18 17992 ----a-w c:\windows\system32\bcm42rly.sys
2009-04-05 20:15 . 2004-10-04 16:20 7419 ----a-w c:\windows\system32\WUSB54GS.cat
2009-04-05 20:15 . 2003-11-21 02:03 479232 ----a-w c:\windows\system32\AegisE5.dll
2009-04-05 20:15 . 2003-10-13 19:30 94208 ----a-w c:\windows\system32\GTW32N50.dll
2009-04-05 20:15 . 2003-09-26 03:28 31930 ----a-w c:\windows\system32\GTNDIS3.VXD
2009-04-05 20:15 . 2003-09-26 02:15 15872 ----a-w c:\windows\system32\GTNDIS5.sys
2009-04-05 20:15 . 2003-11-21 02:03 651264 ----a-w c:\windows\system32\libeay32.dll
2009-04-05 20:15 . 2003-11-21 02:03 147456 ----a-w c:\windows\system32\ssleay32.dll
2009-04-05 20:15 . 2009-04-05 20:15 1381 ----a-w c:\windows\system32\WLAN.INI
2009-04-05 20:15 . 2009-04-05 20:15 -------- d-----w C:\Linksys Driver
2009-04-05 19:45 . 2009-04-05 19:45 0 ----a-w c:\windows\nsreg.dat
2009-04-05 19:45 . 2009-04-05 19:45 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Mozilla
2009-04-04 05:44 . 2009-04-14 23:54 -------- d-----w c:\windows\system32\NtmsData
2009-03-22 04:52 . 2002-03-21 03:22 905290 ----a-w c:\windows\system32\libmmd.dll
2009-03-21 04:06 . 2002-07-07 22:14 1294336 ----a-w c:\windows\system32\vorbis.acm
2009-03-18 07:00 . 2009-03-18 07:02 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\WMTools Downloaded Files
2009-03-18 06:22 . 2009-04-11 21:43 116 ----a-w c:\windows\NeroDigital.ini
2009-03-18 06:19 . 2009-03-18 06:20 -------- d-----w c:\documents and settings\da studio\Local Settings\Application Data\Ahead
2009-03-18 06:16 . 2009-03-18 06:20 -------- d-----w c:\documents and settings\da studio\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 06:09 . 2009-04-16 06:09 762 ----a-w c:\program files\zyjiacbf.txt
2009-04-16 01:23 . 2008-01-29 21:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-15 12:33 . 2009-04-15 12:33 -------- d-----w c:\program files\Kaspersky Lab
2009-04-15 06:36 . 2009-04-15 05:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 00:10 . 2009-04-15 00:10 -------- d-----w c:\program files\Trend Micro
2009-04-14 23:43 . 2009-03-13 07:33 -------- d-----w c:\documents and settings\da studio\Application Data\Digidesign
2009-04-14 02:10 . 2009-04-14 01:55 -------- d-----w c:\program files\Security Task Manager
2009-04-14 02:00 . 2009-04-05 22:56 -------- d-----w c:\program files\BitComet
2009-04-11 04:16 . 2009-04-11 04:16 -------- d-----w c:\program files\Vstplugins
2009-04-11 04:16 . 2009-04-06 04:20 -------- d-----w c:\program files\Sony
2009-04-11 04:14 . 2009-04-05 23:11 -------- d-----w c:\program files\Sony Setup
2009-04-11 04:00 . 2009-04-11 04:00 -------- d-----w c:\program files\iPrep 101
2009-04-10 21:04 . 2009-04-10 21:04 -------- d-----w c:\program files\X-Projects
2009-04-10 01:35 . 2009-04-06 04:56 -------- d-----w c:\program files\NOS
2009-04-10 01:32 . 2009-03-12 03:49 -------- d-----w c:\documents and settings\da studio\Application Data\PACE Anti-Piracy
2009-04-10 01:32 . 2009-03-12 03:49 -------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-04-07 19:52 . 2009-04-07 19:52 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-07 19:51 . 2009-03-13 06:49 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 18:24 . 2009-04-07 18:24 -------- d-----w c:\program files\Innovative Solutions
2009-04-07 18:24 . 2009-04-07 18:24 -------- d-----w c:\program files\Intel Desktop Board
2009-04-07 17:52 . 2004-08-04 12:00 361600 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-07 14:54 . 2009-04-07 14:54 -------- d-----w c:\program files\YouTube Downloader
2009-04-07 14:50 . 2009-04-07 14:49 -------- d-----w c:\program files\FrostWire
2009-04-06 04:45 . 2009-04-06 04:45 -------- d-----w c:\program files\Regensoft
2009-04-06 04:45 . 2009-04-06 04:45 -------- d-----w c:\program files\AviSynth 2.5
2009-04-06 04:45 . 2009-04-06 04:45 -------- d-----w c:\program files\Red Kawa
2009-04-06 04:21 . 2009-04-06 04:21 -------- d-----w c:\program files\Common Files\Sony Shared
2009-04-06 04:21 . 2009-04-06 04:21 -------- d-----w c:\program files\QuickTime
2009-04-06 04:20 . 2009-04-06 04:20 -------- d-----w c:\program files\Apple Software Update
2009-04-05 22:37 . 2009-04-05 22:37 -------- d-----w c:\program files\Java
2009-04-05 20:15 . 2009-04-05 20:15 -------- d-----w c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-04-05 20:15 . 2009-03-12 03:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 20:15 . 2009-04-05 20:15 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-30 19:06 . 2009-03-12 03:38 15608 ----a-w c:\documents and settings\da studio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-25 03:52 . 2009-03-25 03:49 -------- d-----w c:\program files\Cakewalk
2009-03-22 20:51 . 2009-03-16 02:49 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-22 04:52 . 2009-03-22 04:52 -------- d-----w c:\program files\PSP VintageWarmer
2009-03-21 04:06 . 2009-03-21 04:06 -------- d-----w c:\program files\ASIO4ALL v2
2009-03-21 04:06 . 2009-03-21 04:04 -------- d-----w c:\program files\Image-Line
2009-03-21 04:05 . 2009-03-21 04:05 -------- d-----w c:\program files\Outsim
2009-03-18 06:16 . 2009-03-18 06:16 -------- d-----w c:\program files\Common Files\Ahead
2009-03-18 06:16 . 2009-03-18 06:16 -------- d-----w c:\program files\Nero
2009-03-16 02:47 . 2009-03-16 02:47 -------- d-----w c:\program files\Bonjour
2009-03-16 02:41 . 2009-03-16 02:41 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-15 22:48 . 2009-03-15 22:48 -------- d-----w c:\program files\Antares Audio Technologies
2009-03-13 22:25 . 2009-03-13 21:56 -------- d-----w c:\program files\Waves
2009-03-13 22:09 . 2009-03-13 22:09 -------- d-----w c:\program files\FXpansion
2009-03-13 21:56 . 2009-03-13 21:56 -------- d-----w c:\documents and settings\da studio\Application Data\Waves Audio
2009-03-13 21:56 . 2009-03-13 21:55 -------- d-----w c:\program files\TC Native Bundle
2009-03-13 21:55 . 2009-03-13 21:55 -------- d-----w c:\program files\Steinberg
2009-03-13 06:50 . 2009-03-13 06:50 -------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-03-13 06:45 . 2009-03-12 03:18 -------- d-----w c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-03-13 06:45 . 2009-03-12 03:18 -------- d-----w c:\documents and settings\da studio\Application Data\Propellerhead Software
2009-03-13 06:45 . 2009-03-13 06:44 -------- d-----w c:\program files\Recycle
2009-03-12 22:17 . 2009-03-12 22:12 -------- d-----w c:\program files\KORG
2009-03-12 04:43 . 2009-03-12 04:43 -------- d-----w c:\program files\R-Studio
2009-03-12 04:00 . 2009-03-12 04:00 -------- d-----w c:\program files\Common Files\Mediafour
2009-03-12 04:00 . 2009-03-12 04:00 -------- d-----w c:\documents and settings\All Users\Application Data\Mediafour
2009-03-12 04:00 . 2009-03-12 04:00 -------- d-----w c:\program files\Mediafour
2009-03-12 03:52 . 2009-03-12 03:52 -------- d-----w c:\program files\Common Files\Trillium Lane
2009-03-12 03:52 . 2009-03-12 03:45 -------- d-----w c:\program files\Digidesign
2009-03-12 03:49 . 2009-03-12 03:49 -------- d-----w c:\program files\Common Files\PACE Anti-Piracy
2009-03-12 03:45 . 2009-03-12 03:45 -------- d-----w c:\program files\InterLok
2009-03-12 03:45 . 2009-03-12 03:45 -------- d-----w c:\program files\Common Files\Digidesign
2009-03-12 03:34 . 2009-03-12 02:58 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-12 03:30 . 2004-08-04 12:00 250048 --sha-r C:\ntldr
2009-03-12 03:21 . 2009-03-12 03:21 368640 ----a-w c:\windows\system32\ReWire.dll
2009-03-12 03:21 . 2009-03-12 03:21 233472 ------w c:\windows\system32\REX Shared Library.dll
2009-03-12 03:18 . 2009-03-12 03:18 -------- d-----w c:\program files\Propellerhead
2009-03-12 03:16 . 2009-03-12 03:16 -------- d-----w c:\program files\PowerISO
2009-03-12 03:11 . 2009-03-12 03:11 -------- d-----w c:\program files\M-Audio
2009-03-12 03:11 . 2009-03-12 03:11 -------- d-----w c:\documents and settings\da studio\Application Data\InstallShield
2009-03-12 02:59 . 2009-03-12 02:59 -------- d-----w c:\program files\microsoft frontpage
2009-03-12 02:56 . 2009-03-12 02:56 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-17 04:17 . 2009-03-12 03:15 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-14 05:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 05:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[-] 2009-04-07 17:52 361600 3CF3A7B11E4A1DF6CD13B41A76E8B53E c:\windows\system32\dllcache\tcpip.sys
[-] 2009-04-07 17:52 361600 3CF3A7B11E4A1DF6CD13B41A76E8B53E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-15_06.25.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 12:34 . 2009-04-16 01:23 89601 c:\windows\system32\drivers\klick.dat
+ 2008-01-29 21:29 . 2009-04-16 01:23 33808 c:\windows\system32\drivers\klbg.sys
+ 2009-04-16 06:09 . 2009-04-16 06:09 61440 c:\windows\system32\drivers\jmjwp.sys
+ 2009-04-15 12:34 . 2009-04-16 01:23 101287 c:\windows\system32\drivers\klin.dat
+ 2009-04-15 12:33 . 2009-04-16 01:23 226832 c:\windows\system32\drivers\klif.sys
- 2009-04-12 18:51 . 2009-04-15 06:25 109010 c:\windows\system32\drivers\7a20c4e2.sys
+ 2009-04-12 18:51 . 2009-04-16 06:14 109010 c:\windows\system32\drivers\7a20c4e2.sys
+ 2009-04-16 01:04 . 2005-10-21 00:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-04-15 06:23 . 2005-10-21 00:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DB9878B-C7B0-4719-AE56-2CDB0C2CDE6F}]
2008-04-14 10:41 97792 ----a-w c:\windows\system32\cdfvie.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\System32\MAFWDITray.exe" [2008-04-01 317960]
"MAFWDITaskbarApp"="c:\windows\system32\MAFWdiTray.exe" [2008-04-01 317960]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-05 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-16 206088]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]

[HKLM\~\startupfolder\C:^Documents and Settings^da studio^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\da studio\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}]
2005-10-28 21:25 94208 ----a-w c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2009-03-19 18:38 5395288 ----a-w c:\program files\Innovative Solutions\DriverMax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mdgetstarted.exe]
2007-06-13 18:23 139264 ----a-w c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
2001-07-09 15:50 155648 ----a-w c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon]
2009-02-18 18:44 13680640 ----a-w c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter]
2009-02-18 19:44 86016 ----a-w c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B179023B-6238-4499-8F26-CD73E9D90E0A}]
2007-07-12 15:57 179288 ----a-w c:\program files\Mediafour\MacDrive 7\MacDrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"MacDriveService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"BITS"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\kasperskyantivirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Documents and Settings\\da studio\\Desktop\\xbins.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17126:TCP"= 17126:TCP:BitComet 17126 TCP
"17126:UDP"= 17126:UDP:BitComet 17126 UDP

R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-04-14 29208]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-04-14 29208]
R4 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2006-12-09 16384]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-16 33808]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MDPMGRNT; [x]
S0 mewwmjkz;mewwmjkz;c:\windows\system32\drivers\mewwmjkz.sys [2004-08-04 23424]
S2 WUSB54GSSVC;WUSB54GSSVC; [x]
S3 klfltdev;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 MAFWDICE;Service for M-Audio ProFire Driver (WDM);c:\windows\system32\DRIVERS\mafwdi.sys [2008-04-01 203016]

.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\da studio\Application Data\Mozilla\Firefox\Profiles\ornax8zl.default\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 02:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\7a20c4e2]
"ImagePath"="\SystemRoot\System32\drivers\7a20c4e2.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2400)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-16 2:15
ComboFix-quarantined-files.txt 2009-04-16 06:15
ComboFix2.txt 2009-04-15 06:27

Pre-Run: 208,758,759,424 bytes free
Post-Run: 208,747,548,672 bytes free

313 --- E O F --- 2009-04-07 14:51

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:10 AM

Posted 16 April 2009 - 01:51 AM

Do you know what these are?

c:\windows\system32\drivers\jmjwp.sys

c:\program files\zyjiacbf.txt
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 yungvilleprod

yungvilleprod
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 16 April 2009 - 12:06 PM

yes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users