So i got a virus which has installed a antivirus that blocks all command prompts, i.e task manager etc...so i can do nothing except buy a registration key for the antivirus with my CC..(lol), i was able to get a log from combofix, all this happened after i ran combofix and started to use Malwarebyte and avast....im stuck now, any help would be greatly appreciated, here is the log
ComboFix 09-07-13.01 - Ben Noelle 07/14/2009 17:09.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1685 [GMT -4:00]
Running from: c:\documents and settings\Ben Noelle\Desktop\CBF.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\16940624
c:\documents and settings\All Users\Application Data\16940624\16940624
c:\documents and settings\All Users\Application Data\16940624\16940624.exe
C:\install.exe
c:\windows\Installer\260f7.msi
c:\windows\system32\BJlRqBeg.ini
c:\windows\system32\BJlRqBeg.ini2
c:\windows\system32\config\systemprofile\Desktop\System Security 2009.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security
c:\windows\system32\d3dx9_32.dll
c:\windows\system32\drivers\UACoyumasfhhmparyckq.sys
c:\windows\system32\UACcpejwqlmykahytjtf.dll
c:\windows\system32\UACenvoeemoejlcqrupv.dll
c:\windows\system32\UACgjuplrouapnxarlix.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjmuxgddotxeqkhcnj.dat
c:\windows\system32\UACmogdpqakobxihrwfl.db
c:\windows\system32\UACsutdwcvokryurqnab.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACxnlaqeuunfvvwvsac.dll
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.
2009-07-14 05:36 . 2009-07-14 05:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-14 03:40 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-14 03:40 . 2009-07-14 03:40 -------- d-----w- c:\program files\Alwil Software
2009-07-13 23:06 . 2009-07-13 22:26 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSviA64.sys
2009-07-13 23:06 . 2009-07-13 22:26 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSvix86.sys
2009-07-13 23:06 . 2009-07-13 22:26 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys
2009-07-13 23:06 . 2009-07-13 22:26 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSxpx86.dll
2009-07-13 23:06 . 2009-06-22 22:51 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\Scxpx86.dll
2009-07-13 23:04 . 2009-07-13 23:04 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\Symantec
2009-07-13 23:02 . 2009-07-13 22:26 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVEX32A.DLL
2009-07-13 23:02 . 2009-07-13 22:26 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\EECTRL.SYS
2009-07-13 23:02 . 2009-07-13 22:26 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ERASER.SYS
2009-07-13 23:02 . 2009-07-13 22:26 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ECMSVR32.DLL
2009-07-13 23:02 . 2009-07-13 22:26 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVENG32.DLL
2009-07-13 23:02 . 2009-07-13 22:25 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\CCERASER.DLL
2009-07-13 22:48 . 2009-07-13 22:48 -------- d-----r- c:\program files\Norton Support
2009-07-13 22:26 . 2009-07-13 22:26 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-13 22:26 . 2009-07-13 22:26 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-13 22:26 . 2009-07-13 22:26 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-13 22:26 . 2009-07-13 22:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-13 22:26 . 2009-07-13 22:26 -------- d-----w- c:\program files\Symantec
2009-07-13 22:26 . 2009-07-13 22:26 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2009-07-13 22:26 . 2009-07-13 22:26 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-13 22:26 . 2009-07-13 22:26 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2009-07-13 22:26 . 2009-07-13 22:26 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-13 22:26 . 2009-07-13 22:26 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-13 22:26 . 2009-07-13 22:26 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll
2009-07-13 22:25 . 2009-07-13 22:25 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-13 22:25 . 2009-07-13 22:25 -------- d-----w- c:\windows\system32\drivers\NAV
2009-07-13 22:25 . 2009-07-13 22:25 -------- d-----w- c:\program files\Norton AntiVirus
2009-07-13 22:25 . 2009-07-13 22:25 -------- d-----w- c:\program files\Windows Sidebar
2009-07-13 22:25 . 2009-07-13 22:25 -------- d-----w- c:\program files\NortonInstaller
2009-07-13 22:24 . 2009-07-13 22:25 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\GetRightToGo
2009-07-13 19:19 . 2009-07-13 19:19 -------- d-----w- c:\program files\XoftSpySE
2009-07-13 16:20 . 2009-07-13 16:20 45056 --sha-r- c:\windows\system32\flashd.dll
2009-07-13 16:20 . 2009-07-13 16:20 26624 ----a-w- c:\windows\system32\diskcheck.exe
2009-07-13 08:00 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVENG.SYS
2009-07-13 08:00 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVEX15.SYS
2009-07-13 00:26 . 2009-07-13 00:30 -------- d-----w- c:\program files\Heroes of Newerth
2009-07-12 16:58 . 2009-07-12 16:58 -------- d-----w- c:\program files\iPod
2009-07-12 16:58 . 2009-07-12 16:58 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 16:58 . 2009-07-12 16:58 -------- d-----w- c:\program files\iTunes
2009-07-12 16:57 . 2009-07-12 16:57 -------- d-----w- c:\program files\Bonjour
2009-07-12 16:56 . 2009-07-12 16:57 -------- d-----w- c:\program files\QuickTime
2009-07-12 16:55 . 2009-07-12 16:55 -------- d-----w- c:\program files\Apple Software Update
2009-07-10 00:08 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-10 00:08 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-10 00:08 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-10 00:08 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-07 00:10 . 2009-07-07 00:10 -------- d-----w- c:\documents and settings\Ben Noelle\Local Settings\Application Data\Electronic Arts
2009-07-07 00:04 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Ben Noelle\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-06 16:43 . 2009-07-06 16:43 -------- d-----w- c:\program files\Download Manager
2009-06-22 22:51 . 2009-06-22 22:51 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-06-22 04:10 . 2009-06-22 04:10 -------- d-----w- c:\program files\Common Files\DivX Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 20:56 . 2008-12-07 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 20:14 . 2009-01-17 04:34 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\Download Manager
2009-07-14 16:04 . 2008-05-14 01:10 -------- d-----w- c:\program files\Steam
2009-07-14 05:41 . 2008-08-29 04:13 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-07-14 05:39 . 2008-05-19 00:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-13 22:26 . 2009-07-13 22:26 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-13 22:26 . 2009-07-13 22:26 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-13 22:25 . 2008-12-01 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-13 22:25 . 2008-12-01 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-13 20:06 . 2009-01-25 07:19 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-13 17:36 . 2008-12-07 22:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2008-12-07 22:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:44 . 2008-12-27 01:50 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\LimeWire
2009-07-13 16:44 . 2008-05-13 22:28 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\Azureus
2009-07-12 08:43 . 2009-01-30 22:49 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\mIRC
2009-07-12 05:40 . 2009-01-30 22:49 -------- d-----w- c:\program files\mIRC
2009-07-07 02:13 . 2009-01-03 20:28 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-07-06 23:39 . 2008-05-13 23:59 -------- d-----w- c:\program files\Electronic Arts
2009-07-06 19:36 . 2008-05-15 00:14 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\IGN_DLM
2009-07-05 18:56 . 2008-05-13 23:15 -------- d-----w- c:\program files\AIM6
2009-07-05 18:56 . 2008-05-13 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-24 21:25 . 2009-01-04 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-22 04:10 . 2008-05-17 04:28 -------- d-----w- c:\program files\DivX
2009-06-16 19:47 . 2009-06-13 00:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-13 00:38 . 2009-06-13 00:38 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\Windows Live Writer
2009-06-13 00:37 . 2009-06-13 00:14 -------- d-----w- c:\program files\Windows Live
2009-06-13 00:36 . 2009-06-13 00:36 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-13 00:34 . 2009-06-13 00:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-13 00:15 . 2009-06-13 00:15 -------- d-----w- c:\program files\Microsoft
2009-06-13 00:14 . 2009-06-13 00:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-13 00:12 . 2009-06-13 00:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-13 00:09 . 2009-01-26 22:41 18088 ----a-w- c:\documents and settings\Ben Noelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-12 22:34 . 2008-05-13 21:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 22:30 . 2009-06-12 22:30 73112 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-10 15:51 . 2009-06-10 15:50 -------- d-----w- c:\program files\Vuze
2009-06-08 05:42 . 2008-06-23 00:16 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\Ventrilo
2009-06-08 05:42 . 2009-06-08 05:42 -------- d-----w- c:\program files\Ventrilo
2009-06-08 05:41 . 2008-06-03 03:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-08 00:50 . 2009-06-08 00:50 -------- d-----w- c:\program files\easetech
2009-06-07 01:07 . 2009-06-07 01:07 -------- d-----w- c:\program files\Bethesda Softworks
2009-06-07 00:52 . 2009-01-08 03:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-06 23:58 . 2009-06-06 23:58 -------- d-----w- c:\program files\GameSpy
2009-06-06 22:47 . 2008-05-18 21:06 22328 ----a-w- c:\documents and settings\Ben Noelle\Application Data\PnkBstrK.sys
2009-06-06 22:47 . 2008-05-18 21:06 22328 ----a-w- c:\documents and settings\Ben Noelle\Application Data\PnkBstrK.sys
2009-06-06 22:47 . 2008-05-15 22:38 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-06 22:47 . 2008-05-15 22:37 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-06 22:47 . 2008-05-15 22:37 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-06 22:47 . 2008-05-18 21:06 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 20:41 . 2009-06-04 20:41 -------- d-----w- c:\program files\Eidos
2009-06-01 12:34 . 2009-06-01 12:28 1878984 ----a-w- c:\documents and settings\Ben Noelle\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-05-21 23:01 . 2009-05-21 23:01 -------- d-----w- c:\program files\CEVO
2009-05-19 05:36 . 2009-06-24 21:25 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-24 21:25 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-24 21:25 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-24 21:25 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-24 21:25 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-24 21:25 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-24 21:25 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-24 21:25 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 19:08 . 2008-12-08 02:58 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-29 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-29 04:13 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{C80A0BE8-AF3C-B1D2-C901-A0C041D91972}"= "c:\windows\system32\flashd.dll" [2009-07-13 45056]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"VideoAcceleratorService"=2 (0x2)
"SeaPort"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NVSvc"=2 (0x2)
"Norton AntiVirus"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AppleTimeSrv"=2 (0x2)
"AppleOSSMgr"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Steam\\SteamApps\\blackdawn7979\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\blackdawn7979\\condition zero\\hl.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\blackdawn7979\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25855:TCP"= 25855:TCP:azuress
"3724:TCP"= 3724:TCP:Blizz
"6112:TCP"= 6112:TCP:Blizz
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [7/13/2009 6:26 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [7/13/2009 6:26 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [7/13/2009 6:26 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys [7/13/2009 7:06 PM 276344]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/12/2009 8:37 PM 55152]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [10/8/2007 11:56 PM 4864]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [10/8/2007 11:56 PM 6528]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [8/29/2008 12:13 AM 35584]
R3 aapltctp;Apple Trackpad Enabler;c:\windows\system32\drivers\aapltctp.sys [5/13/2008 5:53 PM 4224]
R3 aapltp;Apple Trackpad;c:\windows\system32\drivers\aapltp.sys [5/13/2008 5:53 PM 35072]
R3 applebt;Apple Built-in Bluetooth;c:\windows\system32\drivers\applebt.sys [5/14/2008 12:49 AM 8064]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [5/13/2008 5:53 PM 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [5/13/2008 5:53 PM 17920]
S3 BthKicker;Apple Bluetooth Device Driver;c:\windows\system32\drivers\BthKicker.sys [5/13/2008 5:52 PM 7424]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/7/2008 6:41 PM 38160]
S4 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [10/9/2007 1:04 AM 140592]
S4 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [10/9/2007 1:05 AM 99632]
S4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S4 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [7/13/2009 6:26 PM 115560]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/13/2008 7:15 PM 24652]
.
Contents of the 'Scheduled Tasks' folder
2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-07-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
- - - - ORPHANS REMOVED - - - -
BHO-{767C07C6-0ADE-40C6-BD84-7B44C7277284} - c:\windows\system32\geBqRlJB.dll
HKLM-Run-16940624 - c:\documents and settings\All Users\Application Data\16940624\16940624.exe
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Ben Noelle\Application Data\Mozilla\Firefox\Profiles\cecd181l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - plugin: c:\documents and settings\Ben Noelle\Application Data\Mozilla\Firefox\Profiles\cecd181l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\documents and settings\Ben Noelle\Application Data\Mozilla\Firefox\Profiles\cecd181l.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 17:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\drivers\hjgruiboeysctg.sys 66560 bytes executable
c:\docume~1\BENNOE~1\LOCALS~1\Temp\hjgrui000 0 bytes
c:\windows\TEMP\hjgruicdbxpapwte.tmp 18944 bytes executable
c:\windows\TEMP\hjgruidnvkxnqoup.tmp 18944 bytes executable
c:\windows\TEMP\hjgruidvstsrlkvr.tmp 91 bytes
c:\windows\TEMP\hjgruidxgrdnppjr.tmp 18944 bytes executable
c:\windows\TEMP\hjgruigoifnwmiet.tmp 91 bytes
c:\windows\TEMP\hjgruihcblyimuij.tmp 91 bytes
c:\windows\TEMP\hjgruioreneewtvh.tmp 18944 bytes executable
c:\windows\TEMP\hjgruiqbxmspfgnp.tmp 91 bytes
c:\windows\TEMP\hjgruixvpnyapyur.tmp 18944 bytes executable
c:\windows\system32\hjgruicvsldeff.dll 18944 bytes executable
c:\windows\system32\hjgruikcabsfjv.dat 91 bytes
c:\windows\system32\hjgruivusciuir.dll 41472 bytes executable
c:\windows\system32\hjgruivvnymgpa.dat 37374 bytes
scan completed successfully
hidden files: 15
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruikrmsuuvp]
"imagepath"="\systemroot\system32\drivers\hjgruiboeysctg.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1085031214-1336601894-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1085031214-1336601894-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fb,35,06,ee,95,67,4e,1d,e8,b5,d2,65,5f,ec,c3,a6,f3,b4,b9,0f,76,2e,07,
9f,bc,37,66,ba,37,fe,3d,ff,23,0d,31,a3,bd,da,f6,15,07,e4,d1,e7,91,6d,a3,e0,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
[HKEY_USERS\S-1-5-21-1085031214-1336601894-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:14,10,11,1f,e1,b2,76,00,5b,66,8b,2e,d8,0e,ce,15,81,9e,34,ee,e0,
b5,e3,9b,3c,72,c6,67,73,74,56,11,37,98,c2,85,73,04,b7,de,0c,12,36,e7,0d,50,\
"rkeysecu"=hex:c6,33,0b,9a,56,d3,7c,97,b6,f5,94,14,28,20,cc,7d
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruikrmsuuvp]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\hjgruiboeysctg.sys"
.
Completion time: 2009-07-14 17:22
ComboFix-quarantined-files.txt 2009-07-14 21:22
Pre-Run: 866,217,984 bytes free
Post-Run: 4,256,538,624 bytes free
333 --- E O F --- 2009-07-14 05:36