Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Pressing F7 in the Command Prompt Lists Previously Entered Commands

Featured Deal: Get 99% off The The 2019 Ethical Hacker Master Class Bundle

Photo

Spyware/malware??

Started by assassain , Jun 02 2009 01:03 AM

  • This topic is locked This topic is locked
3 replies to this topic

#1 assassain

assassain

  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:06:43 PM

Posted 02 June 2009 - 01:03 AM

Hey everyone,
I was hoping that someone out there could help me. Something has recently happened to my computer whether it be spyware or watever.

What happens is randomly my clock and the oicons around it disappear, sometimes the start bar replicates at the top of the page (but doesnt function) when a window is minimised the icon doesnt show for the minimised window.

Sometimes The top bar disappears (where the window description - exit - minimise etc appear)

Here is a screen shot of some of the things that happen. Hopefully someone out there can help me.

Posted Image


:thumbsup: cheers :flowers:

BC AdBot (Login to Remove)

 

#2 Supreme Edgeboy Max

Supreme Edgeboy Max

  • Members
  • 52 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Krym, Ukraine
  • Local time:02:43 PM

Posted 02 June 2009 - 03:33 AM

Hold on. You downloaded MBAM off a torrent?!
Torrents, especially ones that include patches and keygens and such, are full of malware. Keygens themselves are sometimes Trojans.
If you won't buy the software, settle for the official free-version available from the MBAM website.


+ First, get rid of this MBAM that you've downloaded.
+ Next, download the real thing from - http://www.malwarebytes.org/mbam.php
+ Install, update and run a Quick Scan.

Post the log in your next post~

Also, do you have any anti-virus programs?

Posted Image

#3 assassain

assassain
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:06:43 PM

Posted 02 June 2009 - 04:49 AM

the trojan was already on there before i downloaded malware bytes ... since then i have scanned and this is the log - also i have run combo fix i will include its log as well :thumbsup:
I have CA anti virus + spyware -- a few times a day i scan and it picks up Bifrost and i quarantine and remove it but it still keeps appearing...

MALWAREBYTES (nothing detected):
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 196764
Time elapsed: 2 hour(s), 20 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

COMBO FIX:

ComboFix 09-05-25.A2 - Owner 02/06/2009 19:05.6 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\Computer Maintainence\ComboFix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\ShellIcon32.dll
c:\windows\system32\bclfyavs.dll
c:\windows\system32\bpvdhmcg.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hewjbyhd.dll
c:\windows\system32\hvjsrogx.dll
c:\windows\system32\iwpvchvn.dll
c:\windows\system32\kfpllluh.dll
c:\windows\system32\kjpojufq.dll
c:\windows\system32\licbgnem.dll
c:\windows\system32\mjqjtmub.dll
c:\windows\system32\nqjjjkhg.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qervqhde.dll
c:\windows\system32\qsxhtyvj.dll
c:\windows\system32\rhugvopi.dll
c:\windows\system32\tkvdulhw.dll
c:\windows\system32\umafaolx.dll
c:\windows\system32\vnpyfglx.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\xcoisfeq.dll
c:\windows\system32\xiewlqcg.dll
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-01 21:57 . 2009-03-26 06:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-06-01 21:57 . 2009-03-26 06:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-01 21:57 . 2009-06-01 21:57 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-28 10:35 . 2009-05-28 12:39 -------- d-----w c:\documents and settings\Owner\Application Data\HLSW
2009-05-28 10:35 . 2009-05-28 10:35 -------- d-s---w c:\program files\HLSW
2009-05-26 08:58 . 2009-05-26 08:58 -------- d-----w c:\program files\Sony Setup
2009-05-25 07:25 . 2009-05-25 07:25 -------- d-----w c:\program files\Common Files\xing shared
2009-05-25 07:24 . 2009-05-25 07:25 -------- d-----w c:\program files\Common Files\Real
2009-05-25 07:24 . 2009-05-25 07:24 -------- d-----w c:\program files\Real
2009-05-25 06:25 . 2009-05-25 06:25 -------- d-----w c:\documents and settings\Owner\DoctorWeb
2009-05-24 10:57 . 2009-05-26 10:36 -------- d-----w c:\program files\MyProduct
2009-05-22 22:15 . 2009-05-22 22:15 -------- d-----w c:\windows\sthsys
2009-05-22 22:15 . 2009-05-22 22:15 -------- d-----w c:\program files\PrivateEncryptor
2009-05-22 11:32 . 2009-05-22 11:33 -------- d-----w c:\program files\Sib Icon Extractor
2009-05-22 11:01 . 2009-05-22 11:01 -------- d-----w c:\program files\Install Creator Pro
2009-05-22 10:36 . 2009-03-19 00:42 217088 ----a-w c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dzwg2qi2.default\extensions\NPDyyno@dyyno.com\Plugins\npDyyno.dll
2009-05-22 05:07 . 2009-05-24 12:02 -------- d-----w c:\documents and settings\Owner\.zenmap
2009-05-22 05:05 . 2009-05-24 11:41 -------- d-----w c:\program files\Nmap
2009-05-22 03:09 . 2009-05-22 03:09 -------- d-----w c:\program files\Xeus Technologies
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-05-18 02:31 . 2009-05-24 11:42 -------- d-----w c:\program files\Wolfenstein - Enemy Territory
2009-05-17 13:58 . 2009-05-18 00:59 -------- d-----w C:\Fraps
2009-05-17 13:48 . 2009-05-17 13:48 -------- d-----w c:\documents and settings\NetworkService\Application Data\GameTracker
2009-05-17 13:48 . 2009-05-17 13:48 -------- d-----w c:\program files\GameTracker
2009-05-17 13:46 . 2009-05-24 04:35 -------- d-----w c:\documents and settings\Owner\Application Data\GameTracker
2009-05-17 12:26 . 2009-05-22 03:09 -------- d-----w c:\program files\SFX Compiler
2009-05-13 11:54 . 2009-05-13 11:54 -------- d-----w c:\program files\Advanced Port Scanner
2009-05-13 11:53 . 2009-05-13 11:53 -------- d-----w c:\program files\Advanced IP Scanner
2009-05-13 11:36 . 2009-05-13 11:36 -------- d-----w c:\program files\Free RM to MP3 Converter
2009-05-13 08:14 . 2009-05-13 08:14 1 ----a-w c:\windows\system32\Pssetwinsyspios57.dat
2009-05-13 08:12 . 2005-08-22 02:15 53248 ----a-w c:\windows\system32\lttmb14N.dll
2009-05-13 08:12 . 2005-08-22 02:15 180224 ----a-w c:\windows\system32\LTFIL14n.DLL
2009-05-13 08:12 . 2005-08-22 01:04 73728 ----a-w c:\windows\system32\ltlst14N.dll
2009-05-13 08:12 . 2005-08-22 01:04 274432 ----a-w c:\windows\system32\LTEFX14n.DLL
2009-05-13 08:12 . 2005-08-22 02:15 57344 ----a-w c:\windows\system32\lfbmp14N.dll
2009-05-13 08:12 . 2005-08-22 01:03 303104 ----a-w c:\windows\system32\LTDIS14n.DLL
2009-05-13 08:12 . 2005-08-22 01:03 487424 ----a-w c:\windows\system32\LTKRN14n.DLL
2009-05-13 08:12 . 2005-08-21 23:56 1126400 ----a-w c:\windows\system32\LTIMG14n.DLL
2009-05-13 08:12 . 2002-03-13 06:46 53248 --sh--w c:\windows\system32\zlib.dll
2009-05-13 08:12 . 2009-05-13 08:12 -------- d-----w c:\program files\IconCool Software
2009-05-12 05:38 . 2009-05-12 05:38 -------- d-----w c:\documents and settings\Owner\Application Data\Desktopicon
2009-05-10 22:33 . 2009-05-10 22:33 81920 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-05-10 22:33 . 2009-05-10 22:33 98304 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-05-10 22:33 . 2009-05-10 22:33 258352 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-05-10 22:33 . 2009-05-10 22:33 520192 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-05-10 22:33 . 2009-05-10 22:33 335872 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-05-10 22:33 . 2009-05-24 12:02 -------- d-----w c:\documents and settings\All Users\Application Data\NexonUS
2009-05-10 22:33 . 2009-05-10 22:33 167936 ----a-w c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-05-06 10:37 . 2004-10-08 01:16 35840 ----a-w c:\windows\system32\drivers\AFS2K.SYS
2009-05-05 10:56 . 2009-05-05 22:11 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\http___www.bf1942demo.com
2009-05-05 06:01 . 2009-05-21 13:36 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Corel
2009-05-04 22:39 . 2009-05-18 00:46 2828 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-05-04 22:39 . 2009-05-04 22:39 8 --sh--r c:\documents and settings\All Users\Application Data\314A3077F2.sys
2009-05-04 22:38 . 2009-05-04 22:39 -------- d-----w c:\documents and settings\Owner\Application Data\Corel
2009-05-04 22:26 . 2009-05-04 22:26 -------- d-----w c:\program files\Common Files\Protexis
2009-05-04 22:26 . 2009-05-18 00:47 -------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-05-04 22:26 . 2009-05-04 22:30 -------- d-----w c:\program files\Common Files\Corel
2009-05-04 22:12 . 2009-05-04 22:26 -------- d-----w c:\program files\Corel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 21:50 . 2009-01-03 23:45 -------- d-----w c:\program files\Xfire
2009-06-01 14:03 . 2008-12-08 10:23 -------- d-----w c:\program files\LogMeIn
2009-06-01 11:20 . 2009-02-23 08:30 -------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-05-28 12:38 . 2009-04-15 08:25 -------- d-----w c:\documents and settings\Owner\Application Data\Xfire
2009-05-24 11:26 . 2009-04-23 14:16 95744 ----a-w c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-05-22 11:38 . 2008-12-27 08:19 -------- d-----w c:\documents and settings\Owner\Application Data\gtk-2.0
2009-05-21 10:59 . 2009-02-23 11:10 -------- d-----w c:\program files\VDOWNLOADER
2009-05-14 05:35 . 2009-02-24 09:56 -------- d-----w c:\program files\EA GAMES
2009-05-13 21:38 . 2008-11-02 04:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-10 12:06 . 2009-03-22 06:41 -------- d-----w c:\documents and settings\All Users\Application Data\PMB Files
2009-05-03 02:27 . 2009-02-24 10:13 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-03 01:46 . 2009-05-03 01:36 -------- d-----w c:\program files\DAEMON Tools Pro
2009-05-03 01:36 . 2009-05-03 01:36 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-05-03 01:19 . 2009-01-02 05:17 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-02 00:55 . 2009-05-02 00:54 -------- d-----w c:\program files\iTunes
2009-05-02 00:55 . 2009-05-02 00:54 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-02 00:55 . 2006-11-11 23:02 -------- d-----w c:\program files\iPod
2009-05-02 00:54 . 2008-11-02 04:31 -------- d-----w c:\program files\Common Files\Apple
2009-05-02 00:46 . 2009-05-02 00:46 -------- d-----w c:\program files\Bonjour
2009-05-02 00:31 . 2009-05-02 00:31 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-01 11:46 . 2006-11-04 07:02 1139 -c--a-w c:\windows\eReg.dat
2009-04-30 12:43 . 2008-11-16 03:04 87824 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 12:43 . 2009-04-30 12:34 -------- d-----w c:\program files\Gadget Extractor
2009-04-30 12:41 . 2009-04-30 12:35 -------- d-----w c:\program files\Windows Sidebar
2009-04-30 12:37 . 2009-04-30 12:37 -------- d-----w c:\program files\Alky for Applications
2009-04-30 12:25 . 2009-04-30 12:25 -------- d-----w c:\program files\Sidebar
2009-04-28 21:27 . 2009-04-28 14:05 -------- d-----w c:\documents and settings\Owner\Application Data\vlc
2009-04-27 08:50 . 2009-04-27 08:50 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-27 08:49 . 2007-09-15 09:22 -------- d-----w c:\program files\Java
2009-04-27 08:48 . 2009-04-27 08:48 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-23 14:17 . 2009-04-23 14:17 -------- d-----w c:\program files\Combined Community Codec Pack
2009-04-07 11:16 . 2009-01-03 02:56 83456 ----a-w c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-04-05 02:47 . 2008-11-29 00:06 -------- d-----w c:\documents and settings\Owner\Application Data\Ventrilo
2009-04-03 12:27 . 2009-04-03 09:13 -------- d-----w c:\documents and settings\Owner\Application Data\GetRightToGo
2009-03-19 06:32 . 2009-03-19 06:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 06:32 . 2006-09-19 04:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 09:46 . 2009-02-20 13:54 737280 ----a-w c:\windows\iun6002.exe
2009-03-06 14:44 . 2006-10-26 16:40 283648 ----a-w c:\windows\system32\pdh.dll
2003-08-27 08:41 . 2006-10-26 17:30 0 -csha-w c:\windows\SMINST\HPCD.SYS
2002-03-13 06:46 . 2009-05-13 08:12 53248 --sh--w c:\windows\system32\zlib.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-11-30 02:41 66912 ----a-w c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-12-24 67128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-27 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-2-18 499712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 09:35 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe"
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
"Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\CNAB5RPK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"16147:TCP"= 16147:TCP:BitComet 16147 TCP
"16147:UDP"= 16147:UDP:BitComet 16147 UDP
"58673:TCP"= 58673:TCP:Pando Media Booster
"58673:UDP"= 58673:UDP:Pando Media Booster
"56837:TCP"= 56837:TCP:Pando Media Booster
"56837:UDP"= 56837:UDP:Pando Media Booster

R2 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe [15/06/2008 12:24 PM 104960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [27/03/2009 8:06 PM 55152]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [17/05/2009 11:48 PM 1586528]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 5:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [8/12/2008 8:24 PM 47640]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [24/07/2008 5:45 PM 12192]
S0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\system32\Drivers\OCDE.sys --> c:\windows\system32\Drivers\OCDE.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [18/02/2009 2:28 PM 20608]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 5:08 PM 533360]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [16/11/2008 1:04 PM 185584]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [30/11/2008 7:04 PM 194304]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
"c:\program files\Windows Sidebar\sidebar.exe" /RegServer
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 01:34]

2009-05-15 c:\windows\Tasks\CAAntiSpywareScan_Daily as Owner at 2 05 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2008-11-16 03:15]

2008-12-27 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2008-12-06 06:08]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = hxxp://au8.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?d9d40c8ee07b403f8d4ad49d6ff7ea42
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?d9d40c8ee07b403f8d4ad49d6ff7ea42
LSP: c:\windows\system32\VetRedir.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dzwg2qi2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dzwg2qi2.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 19:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F6A4ECEB-C003-0C4F-984D-6F45294D1425}*]
"haokfbgagefibfol"=hex:66,61,6b,6f,6a,6a,70,61,65,66,64,67,00,00
"iabgbcioobpcdanplf"=hex:6a,61,6d,6f,6b,6a,6a,67,66,61,69,6a,69,6d,6b,6d,6b,66,
6a,63,00,fd
"halmdnbcnimcjcbe"=hex:6a,61,6d,6f,6b,6a,6a,67,66,61,69,6a,69,6d,6b,6d,6b,66,
6a,63,00,00

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FE01FDD0-191B-718C-2BB8-B3DCB71C8724}*]
"kaonhjhcheffhhebbbcgio"=hex:67,61,65,6f,63,6c,65,67,6e,65,6d,69,65,6a,00,00
"kaonhjhcheffhhebbbcgfo"=hex:66,61,65,66,65,61,66,67,66,67,61,6f,00,6a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\LMIinit.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL

- - - - - - - > 'lsass.exe'(1384)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2776)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-06-02 19:32
ComboFix-quarantined-files.txt 2009-06-02 09:32
ComboFix2.txt 2009-03-07 00:06

Pre-Run: 6,806,773,760 bytes free
Post-Run: 6,792,302,592 bytes free

314 --- E O F --- 2009-06-01 17:01

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:43 AM

Posted 02 June 2009 - 10:33 AM

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I Infected forum.
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·