Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware.Trace


  • This topic is locked This topic is locked
15 replies to this topic

#1 Jwhitney4

Jwhitney4

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 10 January 2010 - 03:21 PM

Hello,

My computer is infected with Malware.Trace in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\\WindowsNT\CurrentVersion\UID. I have removed the file in Malwarebytes' Anti-Malware several times in safe mode with system restore turned off, but each time I run a scan, the same infected file shows up. My computer runs a little slow and my internet explorer often does not respond when I use it. However, Mozilla is working fine at the moment. I would just like to remove the file because I know it can't be good for my system. Thank you so much for your help! My logs are copied below.

Joe


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/11/2007 9:19:17 AM
System Uptime: 1/10/2010 2:44:38 PM (1 hours ago)

Motherboard: Dell Inc. | | 0JK187
Processor: Genuine Intel® CPU T2500 @ 2.00GHz | Microprocessor | 1997/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 26.676 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP1: 1/10/2010 1:43:54 AM - System Checkpoint
RP2: 1/10/2010 2:41:18 PM - Removed Java™ 6 Update 2
RP3: 1/10/2010 2:41:48 PM - Removed Java™ 6 Update 3
RP4: 1/10/2010 2:42:29 PM - Removed Java™ 6 Update 5
RP5: 1/10/2010 2:43:17 PM - Removed Java™ SE Runtime Environment 6 Update 1
RP6: 1/10/2010 2:47:18 PM - Installed Java™ 6 Update 17

==== Installed Programs ======================

µTorrent
32 Bit HP CIO Components Installer
ABBYY FineReader 5.0 Sprint
ABBYY FineReader 6.0 Sprint
Ad-Aware
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.7
Adobe Setup
Adobe Shockwave Player 11.5
AIO_Scan
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitZipper 5.0.6
Bonjour
BufferChm
C4200
C4200_doccd
c4200_Help
CCleaner
Cisco Systems VPN Client 4.8.01.0300
Citrix Program Neighborhood
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Convert DOC to PDF For Word 3.50
Copy
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell AIO Printer A940
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Plus Web Player
DocProc
DocProcQFolder
doPDF 6.2 printer
eSupportQFolder
FaxTools
Folder Lock
Free PS Convert driver 8.15
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 9.0
HP Image Zone 4.2
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP PSC & OfficeJet 4.2
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel® PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java™ 6 Update 17
LimeWire 5.4.6
Malwarebytes' Anti-Malware
MarketResearch
McAfee VirusScan Enterprise
mCore
mDriver
mDrWiFi
Melodyne 3.2 Demo
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Theme Nunavut
mIWA
mLogView
mMHouse
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.15)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mZConfig
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Post-it® Software Notes Lite
PowerDVD 5.7
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
PuTTY version 0.58
QuickTime
RealPlayer
Rhapsody Player Engine
SAPI SpeechVibe redistribution
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SolutionCenter
Sony Media Manager 2.2
Spelling Dictionaries Support For Adobe Reader 8
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V CAST Music with Rhapsody
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

1/9/2010 9:26:48 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
1/9/2010 10:58:47 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller
1/9/2010 10:58:44 PM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s).
1/7/2010 6:00:00 PM, error: Schedule [7901] - The At67.job command failed to start due to the following error: %%2147942402
1/7/2010 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
1/7/2010 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
1/7/2010 5:00:00 PM, error: Schedule [7901] - The At66.job command failed to start due to the following error: %%2147942402
1/7/2010 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
1/7/2010 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
1/7/2010 4:00:00 PM, error: Schedule [7901] - The At65.job command failed to start due to the following error: %%2147942402
1/7/2010 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
1/7/2010 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
1/7/2010 3:00:00 PM, error: Schedule [7901] - The At64.job command failed to start due to the following error: %%2147942402
1/7/2010 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
1/7/2010 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
1/7/2010 2:00:00 PM, error: Schedule [7901] - The At63.job command failed to start due to the following error: %%2147942402
1/7/2010 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
1/7/2010 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
1/7/2010 1:00:00 PM, error: Schedule [7901] - The At62.job command failed to start due to the following error: %%2147942402
1/7/2010 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
1/7/2010 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
1/6/2010 9:25:53 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00130254EC3F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/6/2010 9:00:00 PM, error: Schedule [7901] - The At70.job command failed to start due to the following error: %%2147942402
1/6/2010 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
1/6/2010 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
1/6/2010 8:00:00 PM, error: Schedule [7901] - The At69.job command failed to start due to the following error: %%2147942402
1/6/2010 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
1/6/2010 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
1/6/2010 7:00:00 PM, error: Schedule [7901] - The At68.job command failed to start due to the following error: %%2147942402
1/6/2010 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
1/6/2010 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
1/6/2010 6:16:04 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
1/6/2010 5:51:45 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00:1B:77:15:AB:33. Network operations on this system may be disrupted as a result.
1/6/2010 11:00:00 PM, error: Schedule [7901] - The At72.job command failed to start due to the following error: %%2147942402
1/6/2010 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
1/6/2010 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
1/6/2010 10:00:00 PM, error: Schedule [7901] - The At71.job command failed to start due to the following error: %%2147942402
1/6/2010 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
1/6/2010 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
1/5/2010 2:00:00 AM, error: Schedule [7901] - The At51.job command failed to start due to the following error: %%2147942402
1/5/2010 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
1/5/2010 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
1/5/2010 12:26:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
1/5/2010 12:19:00 AM, error: Schedule [7901] - The At49.job command failed to start due to the following error: %%2147942402
1/5/2010 12:09:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
1/5/2010 1:18:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vmscsi
1/5/2010 1:00:00 AM, error: Schedule [7901] - The At50.job command failed to start due to the following error: %%2147942402
1/5/2010 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
1/5/2010 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
1/10/2010 2:13:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm vmscsi
1/10/2010 2:04:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/10/2010 12:12:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a320raid aac aarich adpu160m adpu320 aic78u2 aic78xx cercsr6 fasttx2k iastor IntelIde megasas Symmpi vmscsi
1/10/2010 1:09:42 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vmscsi
1/10/2010 1:09:42 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2010 1:09:42 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2010 1:09:42 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2010 1:09:42 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2010 1:09:42 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2010 1:09:42 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/10/2010 1:09:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/10/2010 1:09:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================

THANK YOU!

Attached Files

  • Attached File  DDS.txt   19.42KB   1 downloads
  • Attached File  ark.txt   3.07KB   10 downloads


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 PM

Posted 12 January 2010 - 08:32 PM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

After running ComboFix, please post the ComboFix log as a reply to this

#3 Jwhitney4

Jwhitney4
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 13 January 2010 - 03:05 PM

Thanks for your help Lawrence.

I ran ComboFix, however when I reached the screen that said the program was creating the log file it was taking a very long time. I left my computer running with Combofix over night and when I returned in the morning it said my system was shutting down. After a couple of hours I returned and it was still the same screen so I manually shut down my computer. I ran a Malwarebytes scan after rebooting and there were no instances of Malware.Trace. Should I run Combofix again? It seems as if my problems have gone away but I wanted to double check with you. Thanks again.

Joe

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 PM

Posted 13 January 2010 - 03:12 PM

Post the contents of c:\combofix.txt please if it exists.

#5 Jwhitney4

Jwhitney4
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 13 January 2010 - 06:14 PM

I searched my computer for combofix.txt and it doesn't exist. Should I run ComboFix again?

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 PM

Posted 13 January 2010 - 07:21 PM

Please. It shouldn't take more than 20 minutes.

#7 Jwhitney4

Jwhitney4
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 13 January 2010 - 08:30 PM

Here it is. Thanks again:

ComboFix 10-01-13.07 - Owner 01/13/2010 20:22:20.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.386 [GMT -5:00]
Running from: c:\documents and settings\ACT 13\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
The following files were disabled during the run:
c:\windows\system32\cmstdupd.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\ACT 13\Local Settings\Application Data\{E5E2C8DA-3A08-4D53-AA95-BF28B2659BDA}\chrome.manifest
c:\documents and settings\ACT 13\Local Settings\Application Data\{E5E2C8DA-3A08-4D53-AA95-BF28B2659BDA}\chrome\content\_cfg.js
c:\documents and settings\ACT 13\Local Settings\Application Data\{E5E2C8DA-3A08-4D53-AA95-BF28B2659BDA}\chrome\content\overlay.xul
c:\documents and settings\ACT 13\Local Settings\Application Data\{E5E2C8DA-3A08-4D53-AA95-BF28B2659BDA}\install.rdf
c:\documents and settings\Administrator\Local Settings\Application Data\{10BD4A24-0F7F-4B19-BE2F-1624E3DDD6A6}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{10BD4A24-0F7F-4B19-BE2F-1624E3DDD6A6}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{10BD4A24-0F7F-4B19-BE2F-1624E3DDD6A6}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{10BD4A24-0F7F-4B19-BE2F-1624E3DDD6A6}\install.rdf
C:\LOG.TXT
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\AegisP.inf
c:\windows\aseqokaqo.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLE_MOBILE_DEVICE
-------\Service_Apple Mobile Device


((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-13 03:51 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 19:47 . 2010-01-10 19:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-10 19:24 . 2010-01-10 19:24 -------- d-----w- c:\program files\Trend Micro
2010-01-10 19:14 . 2010-01-10 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-10 19:13 . 2010-01-10 19:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-10 03:17 . 2010-01-10 03:18 -------- d-----w- c:\program files\CCleaner
2010-01-10 02:30 . 2010-01-13 03:44 0 ----a-w- c:\windows\Mdepodivodukeqod.bin
2010-01-10 02:30 . 2010-01-10 06:31 120 ----a-w- c:\windows\Fsasofik.dat
2010-01-10 02:23 . 2010-01-10 02:23 35328 ----a-w- c:\windows\system32\cmstdupd.dll.vir
2009-12-23 05:05 . 2009-12-23 05:05 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-22 03:49 . 2010-01-10 03:22 -------- d-----w- c:\program files\Launchy
2009-12-22 03:38 . 2009-12-22 03:38 54996 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 19:47 . 2006-12-12 15:19 -------- d-----w- c:\program files\Java
2010-01-10 04:45 . 2007-12-19 00:46 -------- d-----w- c:\documents and settings\ACT 13\Application Data\LimeWire
2010-01-10 03:57 . 2007-12-11 23:02 -------- d-----w- c:\program files\Google
2010-01-10 02:45 . 2008-08-21 02:44 -------- d-----w- c:\documents and settings\ACT 13\Application Data\NCH Swift Sound
2010-01-09 05:06 . 2009-05-22 00:32 -------- d-----w- c:\documents and settings\ACT 13\Application Data\uTorrent
2010-01-05 18:55 . 2006-12-12 15:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-05 18:54 . 2007-12-06 17:36 -------- d-----w- c:\program files\AIM
2010-01-05 18:54 . 2007-12-06 17:36 -------- d-----w- c:\documents and settings\ACT 13\Application Data\Aim
2009-12-29 06:32 . 2007-04-11 13:59 46817 ----a-w- c:\windows\system32\nvModes.dat
2009-12-23 05:05 . 2007-12-20 06:39 -------- d-----w- c:\program files\DivX
2009-12-22 03:49 . 2008-01-08 03:28 -------- d-----w- c:\program files\LimeWire
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 17:35 . 2008-03-04 21:22 139775 ----a-w- c:\windows\hpoins15.dat
2009-11-03 05:40 . 2009-11-03 05:40 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2005-04-04 07:45 . 2009-11-04 21:02 24848 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2005-04-04 07:45 . 2009-11-04 21:02 74000 ----a-w- c:\program files\mozilla firefox\plugins\cgpcore.dll
2005-04-04 07:45 . 2009-11-04 21:02 45328 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2005-04-04 07:45 . 2009-11-04 21:02 28944 ----a-w- c:\program files\mozilla firefox\plugins\pscript.dll
2005-04-04 07:45 . 2009-11-04 21:02 69904 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2005-04-04 07:45 . 2009-11-04 21:02 24848 ----a-w- c:\program files\mozilla firefox\plugins\tcppserv.dll
2008-10-09 00:14 . 2008-10-09 00:08 1004 --sha-w- c:\windows\system32\sys_drv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"nwiz"="nwiz.exe" [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-30 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-4-11 6144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli skbdilet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 19:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 00:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 19:13 1101824 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-10-08 19:18 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-08 21:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-06-30 19:38 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [12/12/2006 10:34 AM 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [12/12/2006 10:34 AM 48140]
R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [12/12/2006 10:34 AM 204800]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [12/12/2006 10:34 AM 17664]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-03-24 c:\windows\Tasks\User_Feed_Synchronization-{4D72F1BA-615A-4E32-9D1E-82E9A1C0F503}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.google.com/mail/?hl=en&tab=wm#
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.umd.edu
FF - component: c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}\components\FFAlert.dll
FF - component: c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npican.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{97bceb59-cfcd-4b16-a863-b3f72cf9f196} - (no file)
HKLM-Run-Xbelohehucuc - c:\windows\aseqokaqo.dll
ShellExecuteHooks-{650CA63D-4A01-4BF8-A608-9B1EBB36292E} - c:\windows\system32\7NgVmFi1.dll
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 20:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1348)
c:\windows\skbdilet.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5436)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\skbdilet.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2010-01-13 20:28:36
ComboFix-quarantined-files.txt 2010-01-14 01:28

Pre-Run: 28,540,407,808 bytes free
Post-Run: 28,502,278,144 bytes free

- - End Of File - - 944822FCC59E1DFF8BC242C2BD9E5FBB


#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 PM

Posted 14 January 2010 - 12:12 PM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

QUOTE
Suspect::[3]
c:\windows\Mdepodivodukeqod.bin
c:\windows\Fsasofik.dat
c:\windows\system32\cmstdupd.dll.vir
C:\WIndows\System32\skbdilet.dll


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#9 Jwhitney4

Jwhitney4
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 14 January 2010 - 01:32 PM

Here is the next log:

ComboFix 10-01-13.07 - Owner 01/14/2010 13:21:37.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.503 [GMT -5:00]
Running from: c:\documents and settings\ACT 13\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ACT 13\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

file zipped: c:\windows\Fsasofik.dat
file zipped: c:\windows\Mdepodivodukeqod.bin
file zipped: c:\windows\system32\cmstdupd.dll.vir
.
The following files were disabled during the run:
c:\windows\system32\cmstdupd.dll


((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-13 03:51 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 19:47 . 2010-01-10 19:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-10 19:24 . 2010-01-10 19:24 -------- d-----w- c:\program files\Trend Micro
2010-01-10 19:14 . 2010-01-10 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-10 19:13 . 2010-01-10 19:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-10 03:17 . 2010-01-10 03:18 -------- d-----w- c:\program files\CCleaner
2010-01-10 02:30 . 2010-01-13 03:44 0 ----a-w- c:\windows\Mdepodivodukeqod.bin
2010-01-10 02:30 . 2010-01-10 06:31 120 ----a-w- c:\windows\Fsasofik.dat
2010-01-10 02:23 . 2010-01-10 02:23 35328 ----a-w- c:\windows\system32\cmstdupd.dll.vir
2009-12-23 05:05 . 2009-12-23 05:05 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-22 03:49 . 2010-01-10 03:22 -------- d-----w- c:\program files\Launchy
2009-12-22 03:38 . 2009-12-22 03:38 54996 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 19:47 . 2006-12-12 15:19 -------- d-----w- c:\program files\Java
2010-01-10 04:45 . 2007-12-19 00:46 -------- d-----w- c:\documents and settings\ACT 13\Application Data\LimeWire
2010-01-10 03:57 . 2007-12-11 23:02 -------- d-----w- c:\program files\Google
2010-01-10 02:45 . 2008-08-21 02:44 -------- d-----w- c:\documents and settings\ACT 13\Application Data\NCH Swift Sound
2010-01-09 05:06 . 2009-05-22 00:32 -------- d-----w- c:\documents and settings\ACT 13\Application Data\uTorrent
2010-01-05 18:55 . 2006-12-12 15:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-05 18:54 . 2007-12-06 17:36 -------- d-----w- c:\program files\AIM
2010-01-05 18:54 . 2007-12-06 17:36 -------- d-----w- c:\documents and settings\ACT 13\Application Data\Aim
2009-12-29 06:32 . 2007-04-11 13:59 46817 ----a-w- c:\windows\system32\nvModes.dat
2009-12-23 05:05 . 2007-12-20 06:39 -------- d-----w- c:\program files\DivX
2009-12-22 03:49 . 2008-01-08 03:28 -------- d-----w- c:\program files\LimeWire
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 17:35 . 2008-03-04 21:22 139775 ----a-w- c:\windows\hpoins15.dat
2009-11-03 05:40 . 2009-11-03 05:40 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2005-04-04 07:45 . 2009-11-04 21:02 24848 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2005-04-04 07:45 . 2009-11-04 21:02 74000 ----a-w- c:\program files\mozilla firefox\plugins\cgpcore.dll
2005-04-04 07:45 . 2009-11-04 21:02 45328 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2005-04-04 07:45 . 2009-11-04 21:02 28944 ----a-w- c:\program files\mozilla firefox\plugins\pscript.dll
2005-04-04 07:45 . 2009-11-04 21:02 69904 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2005-04-04 07:45 . 2009-11-04 21:02 24848 ----a-w- c:\program files\mozilla firefox\plugins\tcppserv.dll
2008-10-09 00:14 . 2008-10-09 00:08 1004 --sha-w- c:\windows\system32\sys_drv.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-14_01.26.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-14 18:17 . 2010-01-14 18:17 16384 c:\windows\Temp\Perflib_Perfdata_310.dat
+ 2004-08-04 12:00 . 2010-01-14 18:22 80508 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-01-14 01:18 80508 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-01-14 18:22 463302 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-01-14 01:18 463302 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"nwiz"="nwiz.exe" [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-30 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-4-11 6144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli skbdilet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 19:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 00:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 19:13 1101824 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-10-08 19:18 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-08 21:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-06-30 19:38 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [12/12/2006 10:34 AM 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [12/12/2006 10:34 AM 48140]
R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [12/12/2006 10:34 AM 204800]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [12/12/2006 10:34 AM 17664]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-03-24 c:\windows\Tasks\User_Feed_Synchronization-{4D72F1BA-615A-4E32-9D1E-82E9A1C0F503}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.google.com/mail/?hl=en&tab=wm#
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.umd.edu
FF - component: c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}\components\FFAlert.dll
FF - component: c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npican.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 13:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1352)
c:\windows\skbdilet.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2044)
c:\windows\system32\WININET.dll
c:\windows\skbdilet.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2010-01-14 13:27:50
ComboFix-quarantined-files.txt 2010-01-14 18:27
ComboFix2.txt 2010-01-14 01:28

Pre-Run: 28,489,568,256 bytes free
Post-Run: 28,451,340,288 bytes free

- - End Of File - - 628ADD3D5370B0193B40FA022C89E5F1
Upload was successful


#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 PM

Posted 14 January 2010 - 01:57 PM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

QUOTE
File::
c:\windows\Mdepodivodukeqod.bin
c:\windows\Fsasofik.dat
c:\windows\system32\cmstdupd.dll.vir
c:\windows\system32\cmstdupd.dll
C:\WIndows\System32\skbdilet.dll

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#11 Jwhitney4

Jwhitney4
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 14 January 2010 - 02:37 PM

ComboFix 10-01-13.07 - Owner 01/14/2010 14:29:02.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.499 [GMT -5:00]
Running from: c:\documents and settings\ACT 13\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ACT 13\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FILE ::
"c:\windows\Fsasofik.dat"
"c:\windows\Mdepodivodukeqod.bin"
"c:\windows\system32\cmstdupd.dll"
"c:\windows\system32\cmstdupd.dll.vir"
"c:\windows\System32\skbdilet.dll"
.
The following files were disabled during the run:
c:\windows\system32\cmstdupd.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fsasofik.dat
c:\windows\Mdepodivodukeqod.bin
c:\windows\system32\cmstdupd.dll.vir

.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-13 03:51 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 19:47 . 2010-01-10 19:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-10 19:24 . 2010-01-10 19:24 -------- d-----w- c:\program files\Trend Micro
2010-01-10 19:14 . 2010-01-10 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-10 19:13 . 2010-01-10 19:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-10 03:17 . 2010-01-10 03:18 -------- d-----w- c:\program files\CCleaner
2009-12-23 05:05 . 2009-12-23 05:05 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-22 03:49 . 2010-01-10 03:22 -------- d-----w- c:\program files\Launchy
2009-12-22 03:38 . 2009-12-22 03:38 54996 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 19:47 . 2006-12-12 15:19 -------- d-----w- c:\program files\Java
2010-01-10 04:45 . 2007-12-19 00:46 -------- d-----w- c:\documents and settings\ACT 13\Application Data\LimeWire
2010-01-10 03:57 . 2007-12-11 23:02 -------- d-----w- c:\program files\Google
2010-01-10 02:45 . 2008-08-21 02:44 -------- d-----w- c:\documents and settings\ACT 13\Application Data\NCH Swift Sound
2010-01-09 05:06 . 2009-05-22 00:32 -------- d-----w- c:\documents and settings\ACT 13\Application Data\uTorrent
2010-01-05 18:55 . 2006-12-12 15:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-05 18:54 . 2007-12-06 17:36 -------- d-----w- c:\program files\AIM
2010-01-05 18:54 . 2007-12-06 17:36 -------- d-----w- c:\documents and settings\ACT 13\Application Data\Aim
2009-12-29 06:32 . 2007-04-11 13:59 46817 ----a-w- c:\windows\system32\nvModes.dat
2009-12-23 05:05 . 2007-12-20 06:39 -------- d-----w- c:\program files\DivX
2009-12-22 03:49 . 2008-01-08 03:28 -------- d-----w- c:\program files\LimeWire
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 17:35 . 2008-03-04 21:22 139775 ----a-w- c:\windows\hpoins15.dat
2009-11-03 05:40 . 2009-11-03 05:40 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2005-04-04 07:45 . 2009-11-04 21:02 24848 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2005-04-04 07:45 . 2009-11-04 21:02 74000 ----a-w- c:\program files\mozilla firefox\plugins\cgpcore.dll
2005-04-04 07:45 . 2009-11-04 21:02 45328 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2005-04-04 07:45 . 2009-11-04 21:02 28944 ----a-w- c:\program files\mozilla firefox\plugins\pscript.dll
2005-04-04 07:45 . 2009-11-04 21:02 69904 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2005-04-04 07:45 . 2009-11-04 21:02 24848 ----a-w- c:\program files\mozilla firefox\plugins\tcppserv.dll
2008-10-09 00:14 . 2008-10-09 00:08 1004 --sha-w- c:\windows\system32\sys_drv.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-14_01.26.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-14 19:22 . 2010-01-14 19:22 16384 c:\windows\Temp\Perflib_Perfdata_364.dat
+ 2004-08-04 12:00 . 2010-01-14 19:26 80508 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-01-14 01:18 80508 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-01-14 19:26 463302 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-01-14 01:18 463302 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"nwiz"="nwiz.exe" [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-30 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-4-11 6144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli skbdilet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 19:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 00:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 19:13 1101824 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-10-08 19:18 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-08 21:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-06-30 19:38 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [12/12/2006 10:34 AM 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [12/12/2006 10:34 AM 48140]
R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [12/12/2006 10:34 AM 204800]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [12/12/2006 10:34 AM 17664]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-03-24 c:\windows\Tasks\User_Feed_Synchronization-{4D72F1BA-615A-4E32-9D1E-82E9A1C0F503}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.google.com/mail/?hl=en&tab=wm#
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.umd.edu
FF - component: c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}\components\FFAlert.dll
FF - component: c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npican.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 14:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1348)
c:\windows\skbdilet.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-01-14 14:35:23
ComboFix-quarantined-files.txt 2010-01-14 19:35
ComboFix2.txt 2010-01-14 18:28
ComboFix3.txt 2010-01-14 01:28

Pre-Run: 28,456,808,448 bytes free
Post-Run: 28,418,101,248 bytes free

- - End Of File - - A3EE6B60D00C9814090F225F55F48E64


#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 PM

Posted 14 January 2010 - 02:45 PM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

QUOTE
File::
c:\windows\system32\cmstdupd.dll.vir
c:\windows\system32\cmstdupd.dll
C:\WIndows\skbdilet.dll

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].


#13 Jwhitney4

Jwhitney4
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 14 January 2010 - 03:38 PM

ComboFix 10-01-14.01 - Owner 01/14/2010 15:24:00.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.341 [GMT -5:00]
Running from: c:\documents and settings\ACT 13\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ACT 13\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FILE ::
"c:\windows\skbdilet.dll"
"c:\windows\system32\cmstdupd.dll"
"c:\windows\system32\cmstdupd.dll.vir"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\skbdilet.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-13 03:51 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 19:47 . 2010-01-10 19:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-10 19:24 . 2010-01-10 19:24 -------- d-----w- c:\program files\Trend Micro
2010-01-10 19:14 . 2010-01-10 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-10 19:13 . 2010-01-10 19:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-10 03:17 . 2010-01-10 03:18 -------- d-----w- c:\program files\CCleaner
2009-12-23 05:05 . 2009-12-23 05:05 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-22 03:49 . 2010-01-10 03:22 -------- d-----w- c:\program files\Launchy
2009-12-22 03:38 . 2009-12-22 03:38 54996 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 19:47 . 2006-12-12 15:19 -------- d-----w- c:\program files\Java
2010-01-10 04:45 . 2007-12-19 00:46 -------- d-----w- c:\documents and settings\ACT 13\Application Data\LimeWire
2010-01-10 03:57 . 2007-12-11 23:02 -------- d-----w- c:\program files\Google
2010-01-10 02:45 . 2008-08-21 02:44 -------- d-----w- c:\documents and settings\ACT 13\Application Data\NCH Swift Sound
2010-01-09 05:06 . 2009-05-22 00:32 -------- d-----w- c:\documents and settings\ACT 13\Application Data\uTorrent
2010-01-05 18:55 . 2006-12-12 15:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-05 18:54 . 2007-12-06 17:36 -------- d-----w- c:\program files\AIM
2010-01-05 18:54 . 2007-12-06 17:36 -------- d-----w- c:\documents and settings\ACT 13\Application Data\Aim
2009-12-29 06:32 . 2007-04-11 13:59 46817 ----a-w- c:\windows\system32\nvModes.dat
2009-12-23 05:05 . 2007-12-20 06:39 -------- d-----w- c:\program files\DivX
2009-12-22 03:49 . 2008-01-08 03:28 -------- d-----w- c:\program files\LimeWire
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 17:35 . 2008-03-04 21:22 139775 ----a-w- c:\windows\hpoins15.dat
2009-11-03 05:40 . 2009-11-03 05:40 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2005-04-04 07:45 . 2009-11-04 21:02 24848 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2005-04-04 07:45 . 2009-11-04 21:02 74000 ----a-w- c:\program files\mozilla firefox\plugins\cgpcore.dll
2005-04-04 07:45 . 2009-11-04 21:02 45328 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2005-04-04 07:45 . 2009-11-04 21:02 28944 ----a-w- c:\program files\mozilla firefox\plugins\pscript.dll
2005-04-04 07:45 . 2009-11-04 21:02 69904 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2005-04-04 07:45 . 2009-11-04 21:02 24848 ----a-w- c:\program files\mozilla firefox\plugins\tcppserv.dll
2008-10-09 00:14 . 2008-10-09 00:08 1004 --sha-w- c:\windows\system32\sys_drv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"nwiz"="nwiz.exe" [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-30 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-4-11 6144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ %I

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 19:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 00:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 19:13 1101824 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-10-08 19:18 995328 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-08 21:07 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-06-30 19:38 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [12/12/2006 10:34 AM 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\AAC.SYS [12/12/2006 10:34 AM 48140]
R0 aarich;aarich;c:\windows\system32\drivers\AARICH.SYS [12/12/2006 10:34 AM 204800]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\MEGASAS.SYS [12/12/2006 10:34 AM 17664]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-03-24 c:\windows\Tasks\User_Feed_Synchronization-{4D72F1BA-615A-4E32-9D1E-82E9A1C0F503}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.google.com/mail/?hl=en&tab=wm#
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.umd.edu
FF - component: c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}\components\FFAlert.dll
FF - component: c:\documents and settings\ACT 13\Application Data\Mozilla\Firefox\Profiles\a9iihnj9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npican.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 15:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\SCardSvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-14 15:36:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 20:36
ComboFix2.txt 2010-01-14 19:35
ComboFix3.txt 2010-01-14 18:28
ComboFix4.txt 2010-01-14 01:28

Pre-Run: 28,356,042,752 bytes free
Post-Run: 28,323,139,584 bytes free

- - End Of File - - 841FF37BD33D46EE0CF23502B69A274B


#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:28 PM

Posted 14 January 2010 - 05:55 PM

Looks good. How does the computer feel to you? Any issues?

#15 Jwhitney4

Jwhitney4
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 14 January 2010 - 07:43 PM

Everything seems to be running fine now. Thank you so much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users