Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus, cant do anything


  • This topic is locked This topic is locked
1 reply to this topic

#1 blackdawn7979

blackdawn7979

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 14 July 2009 - 05:33 PM

So i got a virus which has installed a antivirus that blocks all command prompts, i.e task manager etc...so i can do nothing except buy a registration key for the antivirus with my CC..(lol), i was able to get a log from combofix, all this happened after i ran combofix and started to use Malwarebyte and avast....im stuck now, any help would be greatly appreciated, here is the log

ComboFix 09-07-13.01 - Ben Noelle 07/14/2009 17:09.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1685 [GMT -4:00]
Running from: c:\documents and settings\Ben Noelle\Desktop\CBF.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\16940624
c:\documents and settings\All Users\Application Data\16940624\16940624
c:\documents and settings\All Users\Application Data\16940624\16940624.exe
C:\install.exe
c:\windows\Installer\260f7.msi
c:\windows\system32\BJlRqBeg.ini
c:\windows\system32\BJlRqBeg.ini2
c:\windows\system32\config\systemprofile\Desktop\System Security 2009.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security
c:\windows\system32\d3dx9_32.dll
c:\windows\system32\drivers\UACoyumasfhhmparyckq.sys
c:\windows\system32\UACcpejwqlmykahytjtf.dll
c:\windows\system32\UACenvoeemoejlcqrupv.dll
c:\windows\system32\UACgjuplrouapnxarlix.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjmuxgddotxeqkhcnj.dat
c:\windows\system32\UACmogdpqakobxihrwfl.db
c:\windows\system32\UACsutdwcvokryurqnab.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACxnlaqeuunfvvwvsac.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 05:36 . 2009-07-14 05:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-14 03:40 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-14 03:40 . 2009-07-14 03:40 -------- d-----w- c:\program files\Alwil Software
2009-07-13 23:06 . 2009-07-13 22:26 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSviA64.sys
2009-07-13 23:06 . 2009-07-13 22:26 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSvix86.sys
2009-07-13 23:06 . 2009-07-13 22:26 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys
2009-07-13 23:06 . 2009-07-13 22:26 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSxpx86.dll
2009-07-13 23:06 . 2009-06-22 22:51 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\Scxpx86.dll
2009-07-13 23:04 . 2009-07-13 23:04 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\Symantec
2009-07-13 23:02 . 2009-07-13 22:26 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVEX32A.DLL
2009-07-13 23:02 . 2009-07-13 22:26 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\EECTRL.SYS
2009-07-13 23:02 . 2009-07-13 22:26 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ERASER.SYS
2009-07-13 23:02 . 2009-07-13 22:26 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ECMSVR32.DLL
2009-07-13 23:02 . 2009-07-13 22:26 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVENG32.DLL
2009-07-13 23:02 . 2009-07-13 22:25 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\CCERASER.DLL
2009-07-13 22:48 . 2009-07-13 22:48 -------- d-----r- c:\program files\Norton Support
2009-07-13 22:26 . 2009-07-13 22:26 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-13 22:26 . 2009-07-13 22:26 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-13 22:26 . 2009-07-13 22:26 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-13 22:26 . 2009-07-13 22:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-13 22:26 . 2009-07-13 22:26 -------- d-----w- c:\program files\Symantec
2009-07-13 22:26 . 2009-07-13 22:26 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2009-07-13 22:26 . 2009-07-13 22:26 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-13 22:26 . 2009-07-13 22:26 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2009-07-13 22:26 . 2009-07-13 22:26 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-13 22:26 . 2009-07-13 22:26 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-13 22:26 . 2009-07-13 22:26 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll
2009-07-13 22:25 . 2009-07-13 22:25 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-13 22:25 . 2009-07-13 22:25 -------- d-----w- c:\windows\system32\drivers\NAV
2009-07-13 22:25 . 2009-07-13 22:25 -------- d-----w- c:\program files\Norton AntiVirus
2009-07-13 22:25 . 2009-07-13 22:25 -------- d-----w- c:\program files\Windows Sidebar
2009-07-13 22:25 . 2009-07-13 22:25 -------- d-----w- c:\program files\NortonInstaller
2009-07-13 22:24 . 2009-07-13 22:25 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\GetRightToGo
2009-07-13 19:19 . 2009-07-13 19:19 -------- d-----w- c:\program files\XoftSpySE
2009-07-13 16:20 . 2009-07-13 16:20 45056 --sha-r- c:\windows\system32\flashd.dll
2009-07-13 16:20 . 2009-07-13 16:20 26624 ----a-w- c:\windows\system32\diskcheck.exe
2009-07-13 08:00 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVENG.SYS
2009-07-13 08:00 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVEX15.SYS
2009-07-13 00:26 . 2009-07-13 00:30 -------- d-----w- c:\program files\Heroes of Newerth
2009-07-12 16:58 . 2009-07-12 16:58 -------- d-----w- c:\program files\iPod
2009-07-12 16:58 . 2009-07-12 16:58 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 16:58 . 2009-07-12 16:58 -------- d-----w- c:\program files\iTunes
2009-07-12 16:57 . 2009-07-12 16:57 -------- d-----w- c:\program files\Bonjour
2009-07-12 16:56 . 2009-07-12 16:57 -------- d-----w- c:\program files\QuickTime
2009-07-12 16:55 . 2009-07-12 16:55 -------- d-----w- c:\program files\Apple Software Update
2009-07-10 00:08 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-10 00:08 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-10 00:08 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-10 00:08 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-07 00:10 . 2009-07-07 00:10 -------- d-----w- c:\documents and settings\Ben Noelle\Local Settings\Application Data\Electronic Arts
2009-07-07 00:04 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Ben Noelle\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-06 16:43 . 2009-07-06 16:43 -------- d-----w- c:\program files\Download Manager
2009-06-22 22:51 . 2009-06-22 22:51 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-06-22 04:10 . 2009-06-22 04:10 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 20:56 . 2008-12-07 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 20:14 . 2009-01-17 04:34 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\Download Manager
2009-07-14 16:04 . 2008-05-14 01:10 -------- d-----w- c:\program files\Steam
2009-07-14 05:41 . 2008-08-29 04:13 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-07-14 05:39 . 2008-05-19 00:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-13 22:26 . 2009-07-13 22:26 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-13 22:26 . 2009-07-13 22:26 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-13 22:25 . 2008-12-01 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-13 22:25 . 2008-12-01 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-13 20:06 . 2009-01-25 07:19 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-13 17:36 . 2008-12-07 22:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2008-12-07 22:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:44 . 2008-12-27 01:50 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\LimeWire
2009-07-13 16:44 . 2008-05-13 22:28 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\Azureus
2009-07-12 08:43 . 2009-01-30 22:49 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\mIRC
2009-07-12 05:40 . 2009-01-30 22:49 -------- d-----w- c:\program files\mIRC
2009-07-07 02:13 . 2009-01-03 20:28 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-07-06 23:39 . 2008-05-13 23:59 -------- d-----w- c:\program files\Electronic Arts
2009-07-06 19:36 . 2008-05-15 00:14 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\IGN_DLM
2009-07-05 18:56 . 2008-05-13 23:15 -------- d-----w- c:\program files\AIM6
2009-07-05 18:56 . 2008-05-13 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-24 21:25 . 2009-01-04 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-22 04:10 . 2008-05-17 04:28 -------- d-----w- c:\program files\DivX
2009-06-16 19:47 . 2009-06-13 00:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-13 00:38 . 2009-06-13 00:38 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\Windows Live Writer
2009-06-13 00:37 . 2009-06-13 00:14 -------- d-----w- c:\program files\Windows Live
2009-06-13 00:36 . 2009-06-13 00:36 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-13 00:34 . 2009-06-13 00:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-13 00:15 . 2009-06-13 00:15 -------- d-----w- c:\program files\Microsoft
2009-06-13 00:14 . 2009-06-13 00:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-13 00:12 . 2009-06-13 00:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-13 00:09 . 2009-01-26 22:41 18088 ----a-w- c:\documents and settings\Ben Noelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-12 22:34 . 2008-05-13 21:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 22:30 . 2009-06-12 22:30 73112 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-10 15:51 . 2009-06-10 15:50 -------- d-----w- c:\program files\Vuze
2009-06-08 05:42 . 2008-06-23 00:16 -------- d-----w- c:\documents and settings\Ben Noelle\Application Data\Ventrilo
2009-06-08 05:42 . 2009-06-08 05:42 -------- d-----w- c:\program files\Ventrilo
2009-06-08 05:41 . 2008-06-03 03:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-08 00:50 . 2009-06-08 00:50 -------- d-----w- c:\program files\easetech
2009-06-07 01:07 . 2009-06-07 01:07 -------- d-----w- c:\program files\Bethesda Softworks
2009-06-07 00:52 . 2009-01-08 03:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-06 23:58 . 2009-06-06 23:58 -------- d-----w- c:\program files\GameSpy
2009-06-06 22:47 . 2008-05-18 21:06 22328 ----a-w- c:\documents and settings\Ben Noelle\Application Data\PnkBstrK.sys
2009-06-06 22:47 . 2008-05-18 21:06 22328 ----a-w- c:\documents and settings\Ben Noelle\Application Data\PnkBstrK.sys
2009-06-06 22:47 . 2008-05-15 22:38 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-06 22:47 . 2008-05-15 22:37 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-06 22:47 . 2008-05-15 22:37 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-06 22:47 . 2008-05-18 21:06 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 20:41 . 2009-06-04 20:41 -------- d-----w- c:\program files\Eidos
2009-06-01 12:34 . 2009-06-01 12:28 1878984 ----a-w- c:\documents and settings\Ben Noelle\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-05-21 23:01 . 2009-05-21 23:01 -------- d-----w- c:\program files\CEVO
2009-05-19 05:36 . 2009-06-24 21:25 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-24 21:25 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-24 21:25 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-24 21:25 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-24 21:25 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-24 21:25 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-24 21:25 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-24 21:25 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 19:08 . 2008-12-08 02:58 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-29 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-29 04:13 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{C80A0BE8-AF3C-B1D2-C901-A0C041D91972}"= "c:\windows\system32\flashd.dll" [2009-07-13 45056]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"VideoAcceleratorService"=2 (0x2)
"SeaPort"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NVSvc"=2 (0x2)
"Norton AntiVirus"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AppleTimeSrv"=2 (0x2)
"AppleOSSMgr"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Steam\\SteamApps\\blackdawn7979\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\blackdawn7979\\condition zero\\hl.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\blackdawn7979\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25855:TCP"= 25855:TCP:azuress
"3724:TCP"= 3724:TCP:Blizz
"6112:TCP"= 6112:TCP:Blizz

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [7/13/2009 6:26 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [7/13/2009 6:26 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [7/13/2009 6:26 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys [7/13/2009 7:06 PM 276344]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/12/2009 8:37 PM 55152]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [10/8/2007 11:56 PM 4864]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [10/8/2007 11:56 PM 6528]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [8/29/2008 12:13 AM 35584]
R3 aapltctp;Apple Trackpad Enabler;c:\windows\system32\drivers\aapltctp.sys [5/13/2008 5:53 PM 4224]
R3 aapltp;Apple Trackpad;c:\windows\system32\drivers\aapltp.sys [5/13/2008 5:53 PM 35072]
R3 applebt;Apple Built-in Bluetooth;c:\windows\system32\drivers\applebt.sys [5/14/2008 12:49 AM 8064]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [5/13/2008 5:53 PM 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [5/13/2008 5:53 PM 17920]
S3 BthKicker;Apple Bluetooth Device Driver;c:\windows\system32\drivers\BthKicker.sys [5/13/2008 5:52 PM 7424]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/7/2008 6:41 PM 38160]
S4 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [10/9/2007 1:04 AM 140592]
S4 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [10/9/2007 1:05 AM 99632]
S4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S4 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [7/13/2009 6:26 PM 115560]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/13/2008 7:15 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{767C07C6-0ADE-40C6-BD84-7B44C7277284} - c:\windows\system32\geBqRlJB.dll
HKLM-Run-16940624 - c:\documents and settings\All Users\Application Data\16940624\16940624.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Ben Noelle\Application Data\Mozilla\Firefox\Profiles\cecd181l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - plugin: c:\documents and settings\Ben Noelle\Application Data\Mozilla\Firefox\Profiles\cecd181l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\documents and settings\Ben Noelle\Application Data\Mozilla\Firefox\Profiles\cecd181l.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 17:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\hjgruiboeysctg.sys 66560 bytes executable
c:\docume~1\BENNOE~1\LOCALS~1\Temp\hjgrui000 0 bytes
c:\windows\TEMP\hjgruicdbxpapwte.tmp 18944 bytes executable
c:\windows\TEMP\hjgruidnvkxnqoup.tmp 18944 bytes executable
c:\windows\TEMP\hjgruidvstsrlkvr.tmp 91 bytes
c:\windows\TEMP\hjgruidxgrdnppjr.tmp 18944 bytes executable
c:\windows\TEMP\hjgruigoifnwmiet.tmp 91 bytes
c:\windows\TEMP\hjgruihcblyimuij.tmp 91 bytes
c:\windows\TEMP\hjgruioreneewtvh.tmp 18944 bytes executable
c:\windows\TEMP\hjgruiqbxmspfgnp.tmp 91 bytes
c:\windows\TEMP\hjgruixvpnyapyur.tmp 18944 bytes executable
c:\windows\system32\hjgruicvsldeff.dll 18944 bytes executable
c:\windows\system32\hjgruikcabsfjv.dat 91 bytes
c:\windows\system32\hjgruivusciuir.dll 41472 bytes executable
c:\windows\system32\hjgruivvnymgpa.dat 37374 bytes

scan completed successfully
hidden files: 15

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruikrmsuuvp]
"imagepath"="\systemroot\system32\drivers\hjgruiboeysctg.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-1336601894-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1085031214-1336601894-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fb,35,06,ee,95,67,4e,1d,e8,b5,d2,65,5f,ec,c3,a6,f3,b4,b9,0f,76,2e,07,
9f,bc,37,66,ba,37,fe,3d,ff,23,0d,31,a3,bd,da,f6,15,07,e4,d1,e7,91,6d,a3,e0,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1085031214-1336601894-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:14,10,11,1f,e1,b2,76,00,5b,66,8b,2e,d8,0e,ce,15,81,9e,34,ee,e0,
b5,e3,9b,3c,72,c6,67,73,74,56,11,37,98,c2,85,73,04,b7,de,0c,12,36,e7,0d,50,\
"rkeysecu"=hex:c6,33,0b,9a,56,d3,7c,97,b6,f5,94,14,28,20,cc,7d

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hjgruikrmsuuvp]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\hjgruiboeysctg.sys"
.
Completion time: 2009-07-14 17:22
ComboFix-quarantined-files.txt 2009-07-14 21:22

Pre-Run: 866,217,984 bytes free
Post-Run: 4,256,538,624 bytes free

333 --- E O F --- 2009-07-14 05:36

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:44 PM

Posted 14 July 2009 - 06:00 PM

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I Infected forum.
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users