Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just used ComboFix...


  • This topic is locked This topic is locked
3 replies to this topic

#1 DhruvDahiya

DhruvDahiya

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 31 December 2009 - 12:04 AM

Hey guys.

While using Google search in Firefox, I would click on the search results and it would link me to some other website containing advertisements or fraud anti-virus sites. I knew this was some sort of mal-ware or spy-ware.

So I decided to use ComboFix to scan and remove the suspicous files.

I wanted some help analysing the log file to see what the results are. Has the virus been removed?

All help appreciated.

LOG:

ComboFix 09-12-30.01 - Poonam 31/12/2009 4:29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.981.475 [GMT 0:00]
Running from: c:\documents and settings\Poonam\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\EventSystem.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
E:\install.exe

Infected copy of c:\windows\system32\drivers\iastor.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-31 03:45 . 2009-12-31 04:20 -------- d-----w- c:\program files\Mozilla Firefox 3.5.6
2009-12-31 03:13 . 2009-12-31 03:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-12-31 03:10 . 2009-12-31 03:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-31 03:09 . 2009-12-31 03:09 -------- d-----w- c:\documents and settings\Poonam\Application Data\AVG8
2009-12-30 23:58 . 2009-12-31 01:27 -------- d-----w- C:\$AVG
2009-12-30 23:57 . 2009-12-30 23:58 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-12-30 23:57 . 2009-12-30 23:57 -------- d-----w- c:\program files\AVG
2009-12-30 23:57 . 2009-12-30 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-30 21:34 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-30 21:30 . 2009-12-30 21:31 -------- d-----w- c:\program files\Windows Defender
2009-12-30 20:42 . 2009-12-30 20:42 -------- d-----w- c:\documents and settings\Poonam\Application Data\Malwarebytes
2009-12-30 20:39 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 20:14 . 2009-12-30 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-30 20:09 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 20:06 . 2009-12-30 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware21
2009-12-30 19:57 . 2009-12-30 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 07:29 . 2009-12-18 07:29 -------- d-----w- c:\program files\7-Zip
2009-12-16 01:35 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-16 01:35 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-16 01:35 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-16 01:35 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-12-16 01:35 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-16 01:35 . 2009-12-16 01:36 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-16 01:24 . 2009-12-16 01:24 -------- d-----w- c:\program files\ffdshow
2009-12-11 17:13 . 2009-12-11 20:48 -------- d-----w- c:\documents and settings\Poonam\Local Settings\Application Data\Vivitar Experience Image Manager
2009-12-11 17:13 . 2009-12-11 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Vivitar Experience Image Manager
2009-12-11 17:12 . 2009-12-11 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Vivitar
2009-12-11 17:12 . 2009-12-11 17:13 -------- d-----w- c:\program files\Vivitar Experience Image Manager
2009-12-11 06:23 . 2009-12-11 06:23 -------- d-----w- c:\program files\WinSCP3
2009-12-10 23:17 . 2009-12-10 23:17 -------- d-----w- C:\clipmate
2009-12-10 23:17 . 2009-12-10 23:17 -------- d-----w- c:\documents and settings\Poonam\Application Data\Thornsoft Development
2009-12-10 19:35 . 2009-12-10 19:35 -------- d-----w- c:\documents and settings\Poonam\Library
2009-12-10 19:35 . 2009-12-10 19:35 -------- d-----w- c:\documents and settings\Poonam\Application Data\com.adobe.ExMan
2009-12-09 21:45 . 2009-12-09 21:45 -------- d-----w- c:\program files\Megauploadforum.net
2009-12-01 17:39 . 2009-12-21 18:11 -------- d-----w- c:\documents and settings\Poonam\dwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 03:35 . 2009-11-25 17:13 79488 ----a-w- c:\documents and settings\Poonam\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 03:25 . 2008-07-21 05:44 324120 ----a-w- c:\windows\system32\drivers\iastor.sys
2009-12-31 03:25 . 2008-07-21 05:44 324120 ----a-w- c:\windows\system32\drivers\iaStor.svs
2009-12-31 02:54 . 2009-01-24 21:03 -------- d-----w- c:\program files\BitComet
2009-12-30 19:33 . 2009-06-16 16:30 -------- d-----w- c:\program files\XBC
2009-12-30 19:29 . 2009-06-21 12:45 -------- d-----w- c:\documents and settings\Poonam\Application Data\Broad Intelligence
2009-12-30 19:29 . 2009-06-21 12:44 -------- d-----w- c:\program files\MediaCoder iPod Edition
2009-12-30 19:17 . 2009-06-21 13:00 -------- d-----w- c:\program files\Any Video Converter Professional
2009-12-30 19:17 . 2009-06-21 13:00 -------- d-----w- c:\documents and settings\Poonam\Application Data\Any Video Converter Professional
2009-12-30 19:17 . 2009-08-30 11:50 -------- d-----w- c:\program files\Agree Free DIVX XVID AVI to WMV DVD Converter
2009-12-30 13:35 . 2009-01-25 16:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-30 11:59 . 2009-01-28 16:53 -------- d-----w- c:\documents and settings\Poonam\Application Data\FileZilla
2009-12-30 08:40 . 2009-06-16 19:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-24 05:15 . 2009-05-18 17:40 -------- d-----w- c:\program files\Google
2009-12-16 01:31 . 2009-08-15 12:43 -------- d-----w- c:\documents and settings\Poonam\Application Data\vlc
2009-12-12 21:23 . 2009-01-24 21:21 -------- d-----w- c:\program files\MpcStar
2009-12-12 21:18 . 2009-11-16 19:29 -------- d-----w- c:\program files\megui
2009-12-09 23:30 . 2009-01-21 18:00 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-08 18:17 . 2009-12-10 22:45 65536 ----a-w- c:\documents and settings\Poonam\Application Data\Mozilla\Firefox\Profiles\0wp9d2yt.default\extensions\{cc6a5222-162d-49b3-b2ca-28eade05a059}\components\Engine.dll
2009-11-29 22:49 . 2009-11-29 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2009-11-29 22:49 . 2009-11-29 15:43 -------- d-----w- c:\program files\RapidSolution
2009-11-29 17:15 . 2009-11-29 17:15 488728 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\ROFL.dll
2009-11-29 17:15 . 2009-11-29 17:15 509208 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\Tangle.dll
2009-11-29 17:15 . 2009-11-29 17:15 501016 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\SevenLoad.dll
2009-11-29 17:15 . 2009-11-29 17:15 521496 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MyVideo.dll
2009-11-29 17:15 . 2009-11-29 17:15 505112 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MetaCafe.dll
2009-11-29 17:15 . 2009-11-29 17:15 496920 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\BlipTV.dll
2009-11-29 17:15 . 2009-11-29 17:15 509208 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MySpace.dll
2009-11-29 17:15 . 2009-11-29 17:15 501016 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll
2009-11-29 17:15 . 2009-11-29 17:15 292120 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll
2009-11-29 15:46 . 2009-11-29 15:46 476512 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\RadioRip.dll
2009-11-29 15:46 . 2009-11-29 15:46 169312 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgSoundclick.dll
2009-11-29 15:46 . 2009-11-29 15:46 111968 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgPandora.dll
2009-11-29 15:46 . 2009-11-29 15:46 128352 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgMyspace.dll
2009-11-29 15:46 . 2009-11-29 15:46 111968 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgLastfm.dll
2009-11-29 15:46 . 2009-11-29 15:46 99680 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgIJigg.dll
2009-11-29 15:46 . 2009-11-29 15:46 132448 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgImeem.dll
2009-11-29 15:46 . 2009-11-29 15:46 230752 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgHypemachine.dll
2009-11-29 15:46 . 2009-11-29 15:46 120160 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgGeneral.dll
2009-11-29 15:46 . 2009-11-29 15:46 87392 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgDefault.dll
2009-11-29 15:46 . 2009-11-29 15:46 140640 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgDeezer.dll
2009-11-29 15:45 . 2009-11-29 15:45 -------- d-----w- c:\program files\PixiePack Codec Pack
2009-11-29 00:38 . 2009-06-20 21:33 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-29 00:18 . 2009-11-29 00:18 5694 ----a-r- c:\documents and settings\Poonam\Application Data\Microsoft\Installer\{CA8056BC-05E8-41FB-82C2-4750568CD379}\_86C6042DE7694DB98B69E7.exe
2009-11-29 00:18 . 2009-11-29 00:18 5694 ----a-r- c:\documents and settings\Poonam\Application Data\Microsoft\Installer\{CA8056BC-05E8-41FB-82C2-4750568CD379}\_3DB404C70A7AFA578074FD.exe
2009-11-29 00:18 . 2009-11-29 00:18 -------- d-----w- c:\program files\MiniTheatre
2009-11-27 19:10 . 2009-11-24 00:23 -------- d-----w- c:\documents and settings\Poonam\Application Data\mIRC
2009-11-27 19:09 . 2009-11-24 00:23 -------- d-----w- c:\program files\mIRC
2009-11-19 20:08 . 2009-11-19 20:08 -------- d-----w- c:\program files\iPhone Folders
2009-11-16 14:46 . 2009-11-26 14:28 37920 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2009-11-16 14:45 . 2009-11-26 14:28 27168 ----a-w- c:\windows\system32\drivers\rrnetcap.sys
2009-11-14 04:40 . 2009-01-28 16:52 -------- d-----w- c:\program files\FileZilla FTP Client
2009-11-14 04:00 . 2009-11-14 04:00 -------- d-----w- c:\program files\Microsoft
2009-11-08 04:33 . 2009-08-25 00:44 -------- d-----w- c:\program files\RealAnime6
2009-11-07 16:05 . 2009-01-21 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-11-06 15:24 . 2009-11-06 15:24 0 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\GUIcommon.dll
2009-10-29 07:46 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 16:42 . 2009-11-29 15:36 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2009-10-13 16:42 . 2009-11-29 15:36 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2009-10-13 16:42 . 2009-11-29 15:36 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2009-10-13 16:42 . 2009-11-29 15:35 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2009-10-13 16:42 . 2009-11-29 15:35 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2009-10-13 10:30 . 2008-04-14 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-04-29 15:43 . 2009-04-29 15:39 36868 ----a-w- c:\program files\uninst-Particular.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-01-21 968704]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Chatango"="c:\program files\Chatango\Chatango.exe" [2008-02-05 356352]
"Octoshape Streaming Services"="c:\documents and settings\Poonam\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-18 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-05-08 1015808]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-11 137752]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Ares\\chatServer.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\Poonam\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\XLink Kai\\kaiEngine.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"16780:TCP"= 16780:TCP:BitComet 16780 TCP
"16780:UDP"= 16780:UDP:BitComet 16780 UDP

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [15/01/2009 16:00 2521880]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [29/11/2009 15:35 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [29/11/2009 15:35 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [29/11/2009 15:36 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [29/11/2009 15:36 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [29/11/2009 15:36 25704]
S0 cerc6;cerc6; [x]
S2 gupdate1c9d7dfde0aa24c;Google Update Service (gupdate1c9d7dfde0aa24c);c:\program files\Google\Update\GoogleUpdate.exe [18/05/2009 17:41 133104]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [16/06/2009 15:57 36928]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 16:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-12-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-18 17:40]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-18 17:41]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-18 17:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ulster.ac.uk/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {31C91A11-961B-46C3-9C93-EF0CCF03AB8F} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Poonam\Application Data\Mozilla\Firefox\Profiles\0wp9d2yt.default\
FF - prefs.js: keyword.URL - hxxp://recovery.alexa.com/helper/?aid=mY1fb1m9aj00O0&plugin=spkyf-1.4.7&reason=keyword&location=
FF - plugin: c:\documents and settings\Poonam\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Google Update - c:\documents and settings\Poonam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
HKCU-Run-ClipMate7 - c:\program files\ClipMate7\ClipMate.exe
AddRemove-4U AVI MPEG Converter_is1 - c:\program files\4U Computing\AVI MPEG Converter\unins000.exe
AddRemove-4U MP4 Video Converter_is1 - c:\program files\4U Computing\MP4 Video Converter\unins000.exe
AddRemove-Advanced PDF Repair v2.0 - c:\progra~1\APDFR\UNWISE.EXE
AddRemove-Agree Free DIVX XVID AVI to WMV DVD Converter_is1 - c:\program files\Agree Free DIVX XVID AVI to WMV DVD Converter\unins000.exe
AddRemove-Any Video Converter Professional_is1 - c:\program files\Any Video Converter Professional\unins000.exe
AddRemove-AVI MPEG RM WMV Splitter_is1 - c:\program files\AVI MPEG RM WMV Splitter\unins000.exe
AddRemove-Daniusoft Media Converter Pro_is1 - c:\program files\Daniusoft\Media Converter Pro\unins000.exe
AddRemove-Easy Video Splitter_is1 - c:\program files\Easy Video Splitter\unins000.exe
AddRemove-Join (Merge, Combine) Multiple Zip Files Into On~E1ECF74F_is1 - c:\program files\Join (Merge
AddRemove-MediaCoder iPod Edition - c:\program files\MediaCoder iPod Edition\uninst.exe
AddRemove-Miro - c:\program files\Participatory Culture Foundation\Miro\uninstall.exe
AddRemove-Shutdown Monster - c:\program files\Shutdown Monster\Uninst.exe
AddRemove-SID Video Cutter & Splitter_is1 - c:\program files\SoundInDepth.com\SID Video Cutter & Splitter\unins000.exe
AddRemove-Trapcode Particular - c:\windows\unvise32.exe
AddRemove-Videora iPod touch Converter - c:\program files\Red Kawa\Video Converter App\uninstaller.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
AddRemove-YouTube Downloader App - c:\program files\Regensoft\Downloader App\uninstaller.exe
AddRemove-{2E924A2A-8FBC-4C84-8A3A-63FB386C9A29}_is1 - c:\program files\ClipMate7\unins000.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
AddRemove-Google Chrome - c:\documents and settings\Poonam\Local Settings\Application Data\Google\Chrome\Application\4.0.249.43\Installer\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 04:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1656)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-31 04:44:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-31 04:44

Pre-Run: 129,182,593,024 bytes free
Post-Run: 130,242,215,936 bytes free

- - End Of File - - B9D2A6C6FEDCCE43C73CC9FECD60A7D4

Edited by Orange Blossom, 31 December 2009 - 01:18 AM.
Move to HJT forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:53 AM

Posted 31 December 2009 - 04:09 AM

Hi DhruvDahiya,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Disconnect from the Internet and close all running programs.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
    • Sections
    • IAT/EAT
    • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
    • Show All (this one also should be unchecked)
  • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
  • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:53 AM

Posted 03 January 2010 - 07:00 AM

Are you still there?

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:53 AM

Posted 04 January 2010 - 05:40 PM

This thread will now be closed due to lack of activity.

If you should have the same or a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users