Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Signal Upgrade Process Leaves Unencrypted Messages on Disk

Featured Deal: Get 95% Off the Certified Information Systems Security Professional Training Course

Photo

Infected with Backdoor.Tidserv!inf

Started by spyderwebb , Sep 01 2010 04:23 PM

  • This topic is locked This topic is locked
31 replies to this topic

#1 spyderwebb

spyderwebb

  • Members
  • 15 posts
  • OFFLINE
    •  
  • Local time:04:52 PM

Posted 01 September 2010 - 04:23 PM

First of all I would like to say thank you for your time. Last week I was called to my parents house because their computer had crashed. They had received an error message with a blue screen and were unable to reboot the computer or otherwise bypass the blue screen. I was finally able to restore the computer to the last known working settings. I then ran Norton Antivirus in safemode and found several virus of which Norton was able to fix but there was one virus it was unable to remove, the Backdoor.Tidserv!inf. I did some reading about the virus on the Norton website which did not offer specific help in dealing with it. I did some searches and realized that this virus affects the system files in which you just can't delete and be done with it. After reading some other forums, it seemed to me that the virus does not effect everyone's computer the same way which meant there were different steps in getting ride of it. I decided it was best for me not to tackle the situation on my own and seek help from bleepingcomputer. Currently the computer is running slow and affecting web searches (from what I can tell). I still have the Internet which is a plus. Any help you may be able to provide would be greatly appreciated and thanks again.


DDS (Ver_10-03-17.01) - NTFSx86
Run by BRIAN WEBB at 14:20:49.98 on Wed 09/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.246 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\BRIAN WEBB\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://everythingy.com/ie/home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [-FreedomNeedsReboot] "c:\program files\at&t\at&t internet security suite\ZkRunOnceR.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1010011
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm694MUUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
Trusted Zone: aflac.com\my
Trusted Zone: turbotax.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {4635A474-9AA7-4467-8FA5-FAF329CB593C} - hxxps://ssl5.dealerups.com/v8/DealerUps.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138201202611
DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - hxxp://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXCab.CAB
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.bigfishgames.com/online/feedingfrenzy/Game/SproutLauncher.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys [2010-4-28 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys [2010-4-28 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys [2010-4-28 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100830.002\IDSXpx86.sys [2010-9-1 331640]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-7-9 78104]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2005-5-25 34916]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [2010-4-28 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-22 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100901.002\NAVENG.SYS [2010-9-1 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100901.002\NAVEX15.SYS [2010-9-1 1362608]
S2 AudioSrvBcmSqlStartupSvc;Windows Audio AudioSrvBcmSqlStartupSvc;c:\windows\system32\activedsk.exe srv --> c:\windows\system32\ACTIVEDSk.exe srv [?]
S2 gupdate1ca06755eda3c02;Google Update Service (gupdate1ca06755eda3c02);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 idsvcRemoteAccess;Windows CardSpace idsvcRemoteAccess;c:\windows\system32\3com_dmic.exe srv --> c:\windows\system32\3COM_DMIc.exe srv [?]
S2 MessengerClipSrv;Messenger MessengerClipSrv;c:\windows\system32\alrsvcw.exe srv --> c:\windows\system32\alrsvcw.exe srv [?]
S2 NetlogonTermService;Net Logon NetlogonTermService;c:\windows\system32\addon2vbf.exe srv --> c:\windows\system32\Addon2VBf.exe srv [?]
S2 SharedAccessRDSessMgr;Windows Firewall/Internet Connection Sharing (ICS) SharedAccessRDSessMgr;c:\windows\system32\1041p.exe srv --> c:\windows\system32\1041p.exe srv [?]
S2 ShellHWDetectionMessenger;Shell Hardware Detection ShellHWDetectionMessenger;c:\windows\system32\1033h.exe srv --> c:\windows\system32\1033h.exe srv [?]
S2 srserviceShellHWDetection;System Restore Service srserviceShellHWDetection;c:\windows\system32\actmoviee.exe srv --> c:\windows\system32\ACTMOVIEe.exe srv [?]
S2 TermServiceEventlog;Terminal Services TermServiceEventlog;c:\windows\system32\acluim.exe srv --> c:\windows\system32\ACLUIm.exe srv [?]
S2 upnphostBITS;Universal Plug and Play Device Host upnphostBITS;c:\windows\system32\appendv.exe srv --> c:\windows\system32\APPENDv.exe srv [?]
S2 w32timeSENS;Windows Time w32timeSENS;c:\windows\system32\$winnt$n.exe srv --> c:\windows\system32\$WINNT$n.exe srv [?]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11010.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11010.sys [?]

=============== Created Last 30 ================


==================== Find3M ====================

2010-07-27 06:30:35 8462336 ----a-w- c:\windows\system32\SET12.tmp
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\SET2.tmp
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 21:51:58 11077120 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ----a-w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2008-11-07 13:31:42 0 ----a-w- c:\program files\temp01
2006-06-11 18:09:58 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-03-19 16:26:39 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-16 20:27:12 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-04-10 20:29:33 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010041020100411\index.dat
2008-09-21 02:09:56 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-09-21 02:09:56 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-09-21 02:09:56 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:22:33.90 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 01 September 2010 - 05:53 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. Do not Attach logs unless I ask you to.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 spyderwebb

spyderwebb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
    •  
  • Local time:04:52 PM

Posted 01 September 2010 - 07:54 PM

Hello Gringo and thank you for your help. I did as you asked and ran combofix. The process went smoothly with no problems. As for the computer, there hasn't been any incidents, but it still seems to be running a little slow. I'm not sure if the virus has been neutralized or not. Below you will find the Log from the Combofix.

Attached Files


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 01 September 2010 - 09:53 PM

ComboFix 10-09-01.02 - BRIAN WEBB 09/01/2010 19:52:40.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.178 [GMT -4:00]
Running from: c:\documents and settings\BRIAN WEBB\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\BRIAN WEBB\Application Data\TMInc
c:\documents and settings\BRIAN WEBB\Application Data\TMInc\game.cfg
c:\documents and settings\BRIAN WEBB\Application Data\TMInc\user1.sav
c:\documents and settings\BRIAN WEBB\Local Settings\Temporary Internet Files\1BrK5.jpg
c:\documents and settings\BRIAN WEBB\Local Settings\Temporary Internet Files\7Jju5.jpg
c:\documents and settings\BRIAN WEBB\Local Settings\Temporary Internet Files\7uk7n7H.jpg
c:\documents and settings\BRIAN WEBB\Local Settings\Temporary Internet Files\g2OCX.jpg
c:\documents and settings\BRIAN WEBB\Local Settings\Temporary Internet Files\Q4ROj.jpg
c:\documents and settings\BRIAN WEBB\Local Settings\Temporary Internet Files\R1BkUAvAV.jpg
c:\documents and settings\BRIAN WEBB\Local Settings\Temporary Internet Files\t07fU7Y.jpg
c:\documents and settings\BRIAN WEBB\Local Settings\Temporary Internet Files\THsu68.jpg
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\Need2Find
c:\program files\Need2Find\bar\History\search
c:\program files\PlaySushi\PSTExt.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\3682040363.dat
c:\windows\system32\bszip.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AUDIOSRVBCMSQLSTARTUPSVC
-------\Legacy_IDSVCREMOTEACCESS
-------\Legacy_MESSENGERCLIPSRV
-------\Legacy_NETLOGONTERMSERVICE
-------\Legacy_SHAREDACCESSRDSESSMGR
-------\Legacy_SHELLHWDETECTIONMESSENGER
-------\Legacy_TERMSERVICEEVENTLOG
-------\Legacy_UPNPHOSTBITS
-------\Legacy_W32TIMESENS
-------\Service_AudioSrvBcmSqlStartupSvc
-------\Service_idsvcRemoteAccess
-------\Service_MessengerClipSrv
-------\Service_NetlogonTermService
-------\Service_SharedAccessRDSessMgr
-------\Service_ShellHWDetectionMessenger
-------\Service_TermServiceEventlog
-------\Service_upnphostBITS
-------\Service_w32timeSENS


((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-08-28 15:32 . 2010-08-28 15:32 -------- d-----w- c:\documents and settings\Administrator.BRIAN\Local Settings\Application Data\Symantec
2010-08-27 03:43 . 2010-08-27 03:43 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-08-13 12:16 . 2010-08-14 03:11 -------- d-----w- c:\windows\system32\MpEngineStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 00:15 . 2010-01-22 00:45 -------- d-----w- c:\program files\PlaySushi
2010-09-02 00:15 . 2009-08-04 02:49 -------- d-----w- c:\program files\iWin Games
2010-09-01 03:13 . 2006-06-03 20:15 -------- d-----w- c:\documents and settings\BRIAN WEBB\Application Data\Wildfire
2010-09-01 00:46 . 2009-07-16 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-28 15:34 . 2010-04-10 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 12:40 . 2010-08-27 12:40 96512 ----a-w- c:\windows\system32\drivers\OLD4308.tmp
2010-08-27 12:40 . 2010-08-27 12:40 96512 ----a-w- c:\windows\system32\drivers\OLD4305.tmp
2010-08-27 12:40 . 2010-08-27 12:40 96512 ----a-w- c:\windows\system32\drivers\OLD4302.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42FF.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42FC.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42F9.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42F6.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42F3.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42F0.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42ED.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42EA.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42E7.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42E4.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42E1.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42DE.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42DB.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42D8.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42D5.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42D2.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42CF.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42CC.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42C9.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42C6.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42C3.tmp
2010-08-27 12:37 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42C0.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42BD.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42BA.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42B7.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42B4.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42B1.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42AE.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42AB.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42A8.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD42A5.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD42A2.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD429F.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD429C.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD4299.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD4296.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD4293.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD4290.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD428D.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD428A.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4287.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4284.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4281.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD427E.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD427B.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4278.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4275.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4272.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD426F.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD426C.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4269.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4266.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4263.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4260.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD425D.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD425A.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4257.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4254.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4251.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD424E.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD424B.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4248.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4245.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4242.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD423F.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD423C.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4239.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4236.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4233.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4230.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD422D.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD422A.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4227.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4224.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4221.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD421E.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD421B.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4218.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4215.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4212.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD420F.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD420C.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4209.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4206.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD4203.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD4200.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41FD.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41FA.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41F7.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41F4.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41F1.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41EE.tmp
2008-03-19 16:26 . 2008-03-05 14:58 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2010-08-27 . 1494C60EE680E8E79A2D3E25D5FE50FF . 96512 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-08-19 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
backup=c:\windows\pss\dlbcserv.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=c:\windows\pss\SideACT!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BRIAN WEBB^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\BRIAN WEBB\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^BRIAN WEBB^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\BRIAN WEBB\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-07 12:23 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2002-04-11 01:03 368706 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-18 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-12 01:31 722256 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 12:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 21:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 14:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 13:50 53248 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-09-14 13:50 131072 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Radio365Agent]
2006-12-19 22:55 884736 ----a-w- c:\progra~1\Live365\Radio365\Radio365TrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-10-02 12:24 222728 ----a-w- c:\program files\Real\realplayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2001-10-03 14:09 4247552 -c--a-w- c:\program files\Alcatel\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 22:48 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
2004-07-25 18:45 1277952 -c--a-w- c:\program files\Support.com\BellSouth\hcenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-02 12:24 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\GameTap\\bin\\release\\gametap.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\My Games\\Red Ace Squadron\\ras.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\SymEFA.sys [4/28/2010 8:42 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\BHDrvx86.sys [4/28/2010 8:42 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\cchpx86.sys [4/28/2010 8:40 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100830.002\IDSXpx86.sys [9/1/2010 1:29 PM 331640]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [7/9/2009 4:21 PM 78104]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [5/25/2005 9:11 AM 34916]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/26/2010 4:00 AM 102448]
S2 gupdate1ca06755eda3c02;Google Update Service (gupdate1ca06755eda3c02);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-01 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-19 17:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aflac.com\my
Trusted Zone: turbotax.com
DPF: {4635A474-9AA7-4467-8FA5-FAF329CB593C} - hxxps://ssl5.dealerups.com/v8/DealerUps.cab
DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - hxxp://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run--FreedomNeedsReboot - c:\program files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-dla - c:\windows\system32\dla\tfswctrl.exe
MSConfigStartUp-HP Update 4200C - c:\sj655\hpupdate.exe
MSConfigStartUp-NetMeter - c:\program files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~2.DLL
MSConfigStartUp-PromptCast - c:\program files\PromptCast\PromptCast.exe
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-Scalogic My Schedule - c:\program files\Scalogic\My Schedule\myschedule.exe
MSConfigStartUp-STOPzilla - c:\program files\STOPzilla!\STOPzilla.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
AddRemove-Butterfly Escape - c:\program files\Butterfly Escape\Uninstall.exe
AddRemove-Jigsaw365 - c:\program files\Jigsaw365\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 20:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-01 20:41:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-02 00:40

Pre-Run: 39,676,018,688 bytes free
Post-Run: 40,186,228,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B0C27AE91D74B937105D16DFD68AB8A0

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 01 September 2010 - 10:08 PM

Run Batch File
    Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
CODE
@echo off
copy /y c:\windows\ServicePackFiles\i386\atapi.sys c:\
del %0
    Save this as copy.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.
    It should look like this: <--vista
    It should look like this: <--XP
    Double-click on copy.bat to run it. This batchfile will delete itself when complete.

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
CODE
:filefind
atapi.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 spyderwebb

spyderwebb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
    •  
  • Local time:04:52 PM

Posted 02 September 2010 - 04:58 PM

I ran both programs as you have asked me to do. Both programs went smoothly with no incidents. Below is the Log from the SystemLook.

SystemLook 02.09.10 by jpshortstuff
Log created at 17:36 on 02/09/2010 by BRIAN WEBB
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys"
C:\atapi.sys --a---- 96512 bytes [21:34 02/09/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\I386\atapi.sys --a--c- 95360 bytes [12:58 26/05/2005] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c- 95360 bytes [19:51 10/04/2010] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------- 96512 bytes [19:22 11/09/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys --a---- 96512 bytes [19:22 11/09/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys --a---- 96512 bytes [03:43 27/08/2010] [03:43 27/08/2010] 1494C60EE680E8E79A2D3E25D5FE50FF
C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys --a--c- 95360 bytes [14:15 19/05/2005] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-= EOF =-

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 02 September 2010 - 09:18 PM

Print out these instructions to use while in the Recovery Console: (This is for XP only)
    1.Restart your computer.
    2.Before Windows loads, you will be prompted to choose which Operating System to start.
    3.Use the up and down arrow key to select Microsoft Windows Recovery Console
    4.You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
    5.At the C:\Windows prompt, type the following bolded entries, and press 'Enter' (note the spaces):
      cd c:\windows\system32\drivers
      ren atapi.sys atapi.old
      copy c:\atapi.sys c:\windows\system32\drivers
      exit
    You should see a message '1 file copied'. If you did not see that message, try again and ensure there is a space after the word copy and another space between the file paths.

    NOTE**(if you do not see 1 file copied on the screen, even after ensuring the commands are correct, rename the file back to it's original name by typing the following command then hitting Enter.
    ren atapi.old atapi.sys
    you should NOT be prompted to overwrite an existing file, but if you are, select No then type exit to restart and notify me of your results)

    6.Type exit and press 'Enter'. Your computer should reboot.

After your computer has restarted please rerun combofix for mr and send me the report

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 spyderwebb

spyderwebb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
    •  
  • Local time:04:52 PM

Posted 03 September 2010 - 06:43 PM

I was able to perform the Recovery Console and copy the file without any problems. I then ran combofix as you have asked me too, which also went without incident. After that I have notice the computer programs to be loading faster and the computer in general is running a little more smoothly. Below you will find the log from the combofix.

ComboFix 10-09-03.01 - BRIAN WEBB 09/03/2010 18:38:40.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.142 [GMT -4:00]
Running from: c:\documents and settings\BRIAN WEBB\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 )))))))))))))))))))))))))))))))
.

2010-09-02 21:34 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-02 21:34 . 2008-04-13 18:40 96512 ----a-w- C:\atapi.sys
2010-08-28 15:32 . 2010-08-28 15:32 -------- d-----w- c:\documents and settings\Administrator.BRIAN\Local Settings\Application Data\Symantec
2010-08-13 12:16 . 2010-08-14 03:11 -------- d-----w- c:\windows\system32\MpEngineStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 00:15 . 2010-01-22 00:45 -------- d-----w- c:\program files\PlaySushi
2010-09-02 00:15 . 2009-08-04 02:49 -------- d-----w- c:\program files\iWin Games
2010-09-01 03:13 . 2006-06-03 20:15 -------- d-----w- c:\documents and settings\BRIAN WEBB\Application Data\Wildfire
2010-09-01 00:46 . 2009-07-16 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-28 15:34 . 2010-04-10 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 12:40 . 2010-08-27 12:40 96512 ----a-w- c:\windows\system32\drivers\OLD4308.tmp
2010-08-27 12:40 . 2010-08-27 12:40 96512 ----a-w- c:\windows\system32\drivers\OLD4305.tmp
2010-08-27 12:40 . 2010-08-27 12:40 96512 ----a-w- c:\windows\system32\drivers\OLD4302.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42FF.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42FC.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42F9.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42F6.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42F3.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42F0.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42ED.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42EA.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42E7.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42E4.tmp
2010-08-27 12:39 . 2010-08-27 12:39 96512 ----a-w- c:\windows\system32\drivers\OLD42E1.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42DE.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42DB.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42D8.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42D5.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42D2.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42CF.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42CC.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42C9.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42C6.tmp
2010-08-27 12:38 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42C3.tmp
2010-08-27 12:37 . 2010-08-27 12:38 96512 ----a-w- c:\windows\system32\drivers\OLD42C0.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42BD.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42BA.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42B7.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42B4.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42B1.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42AE.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42AB.tmp
2010-08-27 12:37 . 2010-08-27 12:37 96512 ----a-w- c:\windows\system32\drivers\OLD42A8.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD42A5.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD42A2.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD429F.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD429C.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD4299.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD4296.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD4293.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD4290.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD428D.tmp
2010-08-27 12:36 . 2010-08-27 12:36 96512 ----a-w- c:\windows\system32\drivers\OLD428A.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4287.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4284.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4281.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD427E.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD427B.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4278.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4275.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4272.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD426F.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD426C.tmp
2010-08-27 12:35 . 2010-08-27 12:35 96512 ----a-w- c:\windows\system32\drivers\OLD4269.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4266.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4263.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4260.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD425D.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD425A.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4257.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4254.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4251.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD424E.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD424B.tmp
2010-08-27 12:34 . 2010-08-27 12:34 96512 ----a-w- c:\windows\system32\drivers\OLD4248.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4245.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4242.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD423F.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD423C.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4239.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4236.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4233.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4230.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD422D.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD422A.tmp
2010-08-27 12:33 . 2010-08-27 12:33 96512 ----a-w- c:\windows\system32\drivers\OLD4227.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4224.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4221.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD421E.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD421B.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4218.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4215.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4212.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD420F.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD420C.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4209.tmp
2010-08-27 12:32 . 2010-08-27 12:32 96512 ----a-w- c:\windows\system32\drivers\OLD4206.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD4203.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD4200.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41FD.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41FA.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41F7.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41F4.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41F1.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41EE.tmp
2008-03-19 16:26 . 2008-03-05 14:58 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-08-19 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
backup=c:\windows\pss\dlbcserv.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=c:\windows\pss\SideACT!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BRIAN WEBB^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\BRIAN WEBB\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^BRIAN WEBB^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\BRIAN WEBB\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-07 12:23 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2002-04-11 01:03 368706 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-18 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-12 01:31 722256 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 12:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 21:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 14:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 13:50 53248 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-09-14 13:50 131072 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Radio365Agent]
2006-12-19 22:55 884736 ----a-w- c:\progra~1\Live365\Radio365\Radio365TrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-10-02 12:24 222728 ----a-w- c:\program files\Real\realplayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2001-10-03 14:09 4247552 -c--a-w- c:\program files\Alcatel\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 22:48 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
2004-07-25 18:45 1277952 -c--a-w- c:\program files\Support.com\BellSouth\hcenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-02 12:24 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\GameTap\\bin\\release\\gametap.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\My Games\\Red Ace Squadron\\ras.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\SymEFA.sys [4/28/2010 8:42 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\BHDrvx86.sys [4/28/2010 8:42 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\cchpx86.sys [4/28/2010 8:40 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100901.003\IDSXpx86.sys [9/2/2010 8:36 PM 331640]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [7/9/2009 4:21 PM 78104]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [5/25/2005 9:11 AM 34916]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [4/28/2010 8:41 PM 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/22/2007 1:00 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/26/2010 4:00 AM 102448]
S2 gupdate1ca06755eda3c02;Google Update Service (gupdate1ca06755eda3c02);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 srserviceShellHWDetection;System Restore Service srserviceShellHWDetection;c:\windows\system32\ACTMOVIEe.exe srv --> c:\windows\system32\ACTMOVIEe.exe srv [?]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-19 17:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aflac.com\my
Trusted Zone: turbotax.com
DPF: {4635A474-9AA7-4467-8FA5-FAF329CB593C} - hxxps://ssl5.dealerups.com/v8/DealerUps.cab
DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - hxxp://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 19:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3500)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-03 19:30:38
ComboFix-quarantined-files.txt 2010-09-03 23:30
ComboFix2.txt 2010-09-02 00:41

Pre-Run: 40,142,114,816 bytes free
Post-Run: 40,128,212,992 bytes free

- - End Of File - - 6E9FC1FBF0F917EE5DDAF10207644B8E

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 03 September 2010 - 07:06 PM

Greetings

That looks very good now do this for me next please


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
File::
c:\windows\system32\drivers\OLD4308.tmp
c:\windows\system32\drivers\OLD4305.tmp
c:\windows\system32\drivers\OLD4302.tmp
c:\windows\system32\drivers\OLD42FF.tmp
c:\windows\system32\drivers\OLD42FC.tmp
c:\windows\system32\drivers\OLD42F9.tmp
c:\windows\system32\drivers\OLD42F6.tmp
c:\windows\system32\drivers\OLD42F3.tmp
c:\windows\system32\drivers\OLD42F0.tmp
c:\windows\system32\drivers\OLD42ED.tmp
c:\windows\system32\drivers\OLD42EA.tmp
c:\windows\system32\drivers\OLD42E7.tmp
c:\windows\system32\drivers\OLD42E4.tmp
c:\windows\system32\drivers\OLD42E1.tmp
c:\windows\system32\drivers\OLD42DE.tmp
c:\windows\system32\drivers\OLD42DB.tmp
c:\windows\system32\drivers\OLD42D8.tmp
c:\windows\system32\drivers\OLD42D5.tmp
c:\windows\system32\drivers\OLD42D2.tmp
c:\windows\system32\drivers\OLD42CF.tmp
c:\windows\system32\drivers\OLD42CC.tmp
c:\windows\system32\drivers\OLD42C9.tmp
c:\windows\system32\drivers\OLD42C6.tmp
c:\windows\system32\drivers\OLD42C3.tmp
c:\windows\system32\drivers\OLD42C0.tmp
c:\windows\system32\drivers\OLD42BD.tmp
c:\windows\system32\drivers\OLD42BA.tmp
c:\windows\system32\drivers\OLD42B7.tmp
c:\windows\system32\drivers\OLD42B4.tmp
c:\windows\system32\drivers\OLD42B1.tmp
c:\windows\system32\drivers\OLD42AE.tmp
c:\windows\system32\drivers\OLD42AB.tmp
c:\windows\system32\drivers\OLD42A8.tmp
c:\windows\system32\drivers\OLD42A5.tmp
c:\windows\system32\drivers\OLD42A2.tmp
c:\windows\system32\drivers\OLD429F.tmp
c:\windows\system32\drivers\OLD429C.tmp
c:\windows\system32\drivers\OLD4299.tmp
c:\windows\system32\drivers\OLD4296.tmp
c:\windows\system32\drivers\OLD4293.tmp
c:\windows\system32\drivers\OLD4290.tmp
c:\windows\system32\drivers\OLD428D.tmp
c:\windows\system32\drivers\OLD428A.tmp
c:\windows\system32\drivers\OLD4287.tmp
c:\windows\system32\drivers\OLD4284.tmp
c:\windows\system32\drivers\OLD4281.tmp
c:\windows\system32\drivers\OLD427E.tmp
c:\windows\system32\drivers\OLD427B.tmp
c:\windows\system32\drivers\OLD4278.tmp
c:\windows\system32\drivers\OLD4275.tmp
c:\windows\system32\drivers\OLD4272.tmp
c:\windows\system32\drivers\OLD426F.tmp
c:\windows\system32\drivers\OLD426C.tmp
c:\windows\system32\drivers\OLD4269.tmp
c:\windows\system32\drivers\OLD4266.tmp
c:\windows\system32\drivers\OLD4263.tmp
c:\windows\system32\drivers\OLD4260.tmp
c:\windows\system32\drivers\OLD425D.tmp
c:\windows\system32\drivers\OLD425A.tmp
c:\windows\system32\drivers\OLD4257.tmp
c:\windows\system32\drivers\OLD4254.tmp
c:\windows\system32\drivers\OLD4251.tmp
c:\windows\system32\drivers\OLD424E.tmp
c:\windows\system32\drivers\OLD424B.tmp
c:\windows\system32\drivers\OLD4248.tmp
c:\windows\system32\drivers\OLD4245.tmp
c:\windows\system32\drivers\OLD4242.tmp
c:\windows\system32\drivers\OLD423F.tmp
c:\windows\system32\drivers\OLD423C.tmp
c:\windows\system32\drivers\OLD4239.tmp
c:\windows\system32\drivers\OLD4236.tmp
c:\windows\system32\drivers\OLD4233.tmp
c:\windows\system32\drivers\OLD4230.tmp
c:\windows\system32\drivers\OLD422D.tmp
c:\windows\system32\drivers\OLD422A.tmp
c:\windows\system32\drivers\OLD4227.tmp
c:\windows\system32\drivers\OLD4224.tmp
c:\windows\system32\drivers\OLD4221.tmp
c:\windows\system32\drivers\OLD421E.tmp
c:\windows\system32\drivers\OLD421B.tmp
c:\windows\system32\drivers\OLD4218.tmp
c:\windows\system32\drivers\OLD4215.tmp
c:\windows\system32\drivers\OLD4212.tmp
c:\windows\system32\drivers\OLD420F.tmp
c:\windows\system32\drivers\OLD420C.tmp
c:\windows\system32\drivers\OLD4209.tmp
c:\windows\system32\drivers\OLD4206.tmp
c:\windows\system32\drivers\OLD4203.tmp
c:\windows\system32\drivers\OLD4200.tmp
c:\windows\system32\drivers\OLD41FD.tmp
c:\windows\system32\drivers\OLD41FA.tmp
c:\windows\system32\drivers\OLD41F7.tmp
c:\windows\system32\drivers\OLD41F4.tmp
c:\windows\system32\drivers\OLD41F1.tmp
c:\windows\system32\drivers\OLD41EE.tmp


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 spyderwebb

spyderwebb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
    •  
  • Local time:04:52 PM

Posted 03 September 2010 - 08:36 PM

I did the CFScript.txt file and the combofix. During the combofix, a message appeared which stated "Combofix needs to submit malware files for further analysis. Make sure you are connected to the internet and click okay." I clicked okay and it continued to run then produce the log from the scan which you'll find below. As for the computer it seems to have slowed down a little but nothing too serious.

ComboFix 10-09-03.01 - BRIAN WEBB 09/03/2010 20:31:36.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.220 [GMT -4:00]
Running from: c:\documents and settings\BRIAN WEBB\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\BRIAN WEBB\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FILE ::
"c:\windows\system32\drivers\OLD41EE.tmp"
"c:\windows\system32\drivers\OLD41F1.tmp"
"c:\windows\system32\drivers\OLD41F4.tmp"
"c:\windows\system32\drivers\OLD41F7.tmp"
"c:\windows\system32\drivers\OLD41FA.tmp"
"c:\windows\system32\drivers\OLD41FD.tmp"
"c:\windows\system32\drivers\OLD4200.tmp"
"c:\windows\system32\drivers\OLD4203.tmp"
"c:\windows\system32\drivers\OLD4206.tmp"
"c:\windows\system32\drivers\OLD4209.tmp"
"c:\windows\system32\drivers\OLD420C.tmp"
"c:\windows\system32\drivers\OLD420F.tmp"
"c:\windows\system32\drivers\OLD4212.tmp"
"c:\windows\system32\drivers\OLD4215.tmp"
"c:\windows\system32\drivers\OLD4218.tmp"
"c:\windows\system32\drivers\OLD421B.tmp"
"c:\windows\system32\drivers\OLD421E.tmp"
"c:\windows\system32\drivers\OLD4221.tmp"
"c:\windows\system32\drivers\OLD4224.tmp"
"c:\windows\system32\drivers\OLD4227.tmp"
"c:\windows\system32\drivers\OLD422A.tmp"
"c:\windows\system32\drivers\OLD422D.tmp"
"c:\windows\system32\drivers\OLD4230.tmp"
"c:\windows\system32\drivers\OLD4233.tmp"
"c:\windows\system32\drivers\OLD4236.tmp"
"c:\windows\system32\drivers\OLD4239.tmp"
"c:\windows\system32\drivers\OLD423C.tmp"
"c:\windows\system32\drivers\OLD423F.tmp"
"c:\windows\system32\drivers\OLD4242.tmp"
"c:\windows\system32\drivers\OLD4245.tmp"
"c:\windows\system32\drivers\OLD4248.tmp"
"c:\windows\system32\drivers\OLD424B.tmp"
"c:\windows\system32\drivers\OLD424E.tmp"
"c:\windows\system32\drivers\OLD4251.tmp"
"c:\windows\system32\drivers\OLD4254.tmp"
"c:\windows\system32\drivers\OLD4257.tmp"
"c:\windows\system32\drivers\OLD425A.tmp"
"c:\windows\system32\drivers\OLD425D.tmp"
"c:\windows\system32\drivers\OLD4260.tmp"
"c:\windows\system32\drivers\OLD4263.tmp"
"c:\windows\system32\drivers\OLD4266.tmp"
"c:\windows\system32\drivers\OLD4269.tmp"
"c:\windows\system32\drivers\OLD426C.tmp"
"c:\windows\system32\drivers\OLD426F.tmp"
"c:\windows\system32\drivers\OLD4272.tmp"
"c:\windows\system32\drivers\OLD4275.tmp"
"c:\windows\system32\drivers\OLD4278.tmp"
"c:\windows\system32\drivers\OLD427B.tmp"
"c:\windows\system32\drivers\OLD427E.tmp"
"c:\windows\system32\drivers\OLD4281.tmp"
"c:\windows\system32\drivers\OLD4284.tmp"
"c:\windows\system32\drivers\OLD4287.tmp"
"c:\windows\system32\drivers\OLD428A.tmp"
"c:\windows\system32\drivers\OLD428D.tmp"
"c:\windows\system32\drivers\OLD4290.tmp"
"c:\windows\system32\drivers\OLD4293.tmp"
"c:\windows\system32\drivers\OLD4296.tmp"
"c:\windows\system32\drivers\OLD4299.tmp"
"c:\windows\system32\drivers\OLD429C.tmp"
"c:\windows\system32\drivers\OLD429F.tmp"
"c:\windows\system32\drivers\OLD42A2.tmp"
"c:\windows\system32\drivers\OLD42A5.tmp"
"c:\windows\system32\drivers\OLD42A8.tmp"
"c:\windows\system32\drivers\OLD42AB.tmp"
"c:\windows\system32\drivers\OLD42AE.tmp"
"c:\windows\system32\drivers\OLD42B1.tmp"
"c:\windows\system32\drivers\OLD42B4.tmp"
"c:\windows\system32\drivers\OLD42B7.tmp"
"c:\windows\system32\drivers\OLD42BA.tmp"
"c:\windows\system32\drivers\OLD42BD.tmp"
"c:\windows\system32\drivers\OLD42C0.tmp"
"c:\windows\system32\drivers\OLD42C3.tmp"
"c:\windows\system32\drivers\OLD42C6.tmp"
"c:\windows\system32\drivers\OLD42C9.tmp"
"c:\windows\system32\drivers\OLD42CC.tmp"
"c:\windows\system32\drivers\OLD42CF.tmp"
"c:\windows\system32\drivers\OLD42D2.tmp"
"c:\windows\system32\drivers\OLD42D5.tmp"
"c:\windows\system32\drivers\OLD42D8.tmp"
"c:\windows\system32\drivers\OLD42DB.tmp"
"c:\windows\system32\drivers\OLD42DE.tmp"
"c:\windows\system32\drivers\OLD42E1.tmp"
"c:\windows\system32\drivers\OLD42E4.tmp"
"c:\windows\system32\drivers\OLD42E7.tmp"
"c:\windows\system32\drivers\OLD42EA.tmp"
"c:\windows\system32\drivers\OLD42ED.tmp"
"c:\windows\system32\drivers\OLD42F0.tmp"
"c:\windows\system32\drivers\OLD42F3.tmp"
"c:\windows\system32\drivers\OLD42F6.tmp"
"c:\windows\system32\drivers\OLD42F9.tmp"
"c:\windows\system32\drivers\OLD42FC.tmp"
"c:\windows\system32\drivers\OLD42FF.tmp"
"c:\windows\system32\drivers\OLD4302.tmp"
"c:\windows\system32\drivers\OLD4305.tmp"
"c:\windows\system32\drivers\OLD4308.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\OLD41EE.tmp
c:\windows\system32\drivers\OLD41F1.tmp
c:\windows\system32\drivers\OLD41F4.tmp
c:\windows\system32\drivers\OLD41F7.tmp
c:\windows\system32\drivers\OLD41FA.tmp
c:\windows\system32\drivers\OLD41FD.tmp
c:\windows\system32\drivers\OLD4200.tmp
c:\windows\system32\drivers\OLD4203.tmp
c:\windows\system32\drivers\OLD4206.tmp
c:\windows\system32\drivers\OLD4209.tmp
c:\windows\system32\drivers\OLD420C.tmp
c:\windows\system32\drivers\OLD420F.tmp
c:\windows\system32\drivers\OLD4212.tmp
c:\windows\system32\drivers\OLD4215.tmp
c:\windows\system32\drivers\OLD4218.tmp
c:\windows\system32\drivers\OLD421B.tmp
c:\windows\system32\drivers\OLD421E.tmp
c:\windows\system32\drivers\OLD4221.tmp
c:\windows\system32\drivers\OLD4224.tmp
c:\windows\system32\drivers\OLD4227.tmp
c:\windows\system32\drivers\OLD422A.tmp
c:\windows\system32\drivers\OLD422D.tmp
c:\windows\system32\drivers\OLD4230.tmp
c:\windows\system32\drivers\OLD4233.tmp
c:\windows\system32\drivers\OLD4236.tmp
c:\windows\system32\drivers\OLD4239.tmp
c:\windows\system32\drivers\OLD423C.tmp
c:\windows\system32\drivers\OLD423F.tmp
c:\windows\system32\drivers\OLD4242.tmp
c:\windows\system32\drivers\OLD4245.tmp
c:\windows\system32\drivers\OLD4248.tmp
c:\windows\system32\drivers\OLD424B.tmp
c:\windows\system32\drivers\OLD424E.tmp
c:\windows\system32\drivers\OLD4251.tmp
c:\windows\system32\drivers\OLD4254.tmp
c:\windows\system32\drivers\OLD4257.tmp
c:\windows\system32\drivers\OLD425A.tmp
c:\windows\system32\drivers\OLD425D.tmp
c:\windows\system32\drivers\OLD4260.tmp
c:\windows\system32\drivers\OLD4263.tmp
c:\windows\system32\drivers\OLD4266.tmp
c:\windows\system32\drivers\OLD4269.tmp
c:\windows\system32\drivers\OLD426C.tmp
c:\windows\system32\drivers\OLD426F.tmp
c:\windows\system32\drivers\OLD4272.tmp
c:\windows\system32\drivers\OLD4275.tmp
c:\windows\system32\drivers\OLD4278.tmp
c:\windows\system32\drivers\OLD427B.tmp
c:\windows\system32\drivers\OLD427E.tmp
c:\windows\system32\drivers\OLD4281.tmp
c:\windows\system32\drivers\OLD4284.tmp
c:\windows\system32\drivers\OLD4287.tmp
c:\windows\system32\drivers\OLD428A.tmp
c:\windows\system32\drivers\OLD428D.tmp
c:\windows\system32\drivers\OLD4290.tmp
c:\windows\system32\drivers\OLD4293.tmp
c:\windows\system32\drivers\OLD4296.tmp
c:\windows\system32\drivers\OLD4299.tmp
c:\windows\system32\drivers\OLD429C.tmp
c:\windows\system32\drivers\OLD429F.tmp
c:\windows\system32\drivers\OLD42A2.tmp
c:\windows\system32\drivers\OLD42A5.tmp
c:\windows\system32\drivers\OLD42A8.tmp
c:\windows\system32\drivers\OLD42AB.tmp
c:\windows\system32\drivers\OLD42AE.tmp
c:\windows\system32\drivers\OLD42B1.tmp
c:\windows\system32\drivers\OLD42B4.tmp
c:\windows\system32\drivers\OLD42B7.tmp
c:\windows\system32\drivers\OLD42BA.tmp
c:\windows\system32\drivers\OLD42BD.tmp
c:\windows\system32\drivers\OLD42C0.tmp
c:\windows\system32\drivers\OLD42C3.tmp
c:\windows\system32\drivers\OLD42C6.tmp
c:\windows\system32\drivers\OLD42C9.tmp
c:\windows\system32\drivers\OLD42CC.tmp
c:\windows\system32\drivers\OLD42CF.tmp
c:\windows\system32\drivers\OLD42D2.tmp
c:\windows\system32\drivers\OLD42D5.tmp
c:\windows\system32\drivers\OLD42D8.tmp
c:\windows\system32\drivers\OLD42DB.tmp
c:\windows\system32\drivers\OLD42DE.tmp
c:\windows\system32\drivers\OLD42E1.tmp
c:\windows\system32\drivers\OLD42E4.tmp
c:\windows\system32\drivers\OLD42E7.tmp
c:\windows\system32\drivers\OLD42EA.tmp
c:\windows\system32\drivers\OLD42ED.tmp
c:\windows\system32\drivers\OLD42F0.tmp
c:\windows\system32\drivers\OLD42F3.tmp
c:\windows\system32\drivers\OLD42F6.tmp
c:\windows\system32\drivers\OLD42F9.tmp
c:\windows\system32\drivers\OLD42FC.tmp
c:\windows\system32\drivers\OLD42FF.tmp
c:\windows\system32\drivers\OLD4302.tmp
c:\windows\system32\drivers\OLD4305.tmp
c:\windows\system32\drivers\OLD4308.tmp

.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-09-02 21:34 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-02 21:34 . 2008-04-13 18:40 96512 ----a-w- C:\atapi.sys
2010-08-28 15:32 . 2010-08-28 15:32 -------- d-----w- c:\documents and settings\Administrator.BRIAN\Local Settings\Application Data\Symantec
2010-08-13 12:16 . 2010-08-14 03:11 -------- d-----w- c:\windows\system32\MpEngineStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 00:15 . 2010-01-22 00:45 -------- d-----w- c:\program files\PlaySushi
2010-09-02 00:15 . 2009-08-04 02:49 -------- d-----w- c:\program files\iWin Games
2010-09-01 03:13 . 2006-06-03 20:15 -------- d-----w- c:\documents and settings\BRIAN WEBB\Application Data\Wildfire
2010-09-01 00:46 . 2009-07-16 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-28 15:34 . 2010-04-10 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41EB.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41E8.tmp
2010-08-27 12:31 . 2010-08-27 12:31 96512 ----a-w- c:\windows\system32\drivers\OLD41E5.tmp
2010-08-27 12:30 . 2010-08-27 12:30 96512 ----a-w- c:\windows\system32\drivers\OLD41E2.tmp
2010-08-27 12:30 . 2010-08-27 12:30 96512 ----a-w- c:\windows\system32\drivers\OLD41DF.tmp
2010-08-27 12:30 . 2010-08-27 12:30 96512 ----a-w- c:\windows\system32\drivers\OLD41DC.tmp
2010-08-27 12:30 . 2010-08-27 12:30 96512 ----a-w- c:\windows\system32\drivers\OLD41D9.tmp
2010-08-27 12:30 . 2010-08-27 12:30 96512 ----a-w- c:\windows\system32\drivers\OLD41D6.tmp
2010-08-27 12:30 . 2010-08-27 12:30 96512 ----a-w- c:\windows\system32\drivers\OLD41D3.tmp
2010-08-27 12:30 . 2010-08-27 12:30 96512 ----a-w- c:\windows\system32\drivers\OLD41D0.tmp
2010-08-27 12:30 . 2010-08-27 12:30 96512 ----a-w- c:\windows\system32\drivers\OLD41CD.tmp
2010-08-27 12:30 . 2010-08-27 12:30 96512 ----a-w- c:\windows\system32\drivers\OLD41CA.tmp
2010-08-27 12:30 . 2010-08-27 12:30 96512 ----a-w- c:\windows\system32\drivers\OLD41C7.tmp
2010-08-27 12:30 . 2010-08-27 12:30 96512 ----a-w- c:\windows\system32\drivers\OLD41C4.tmp
2010-08-27 12:29 . 2010-08-27 12:29 96512 ----a-w- c:\windows\system32\drivers\OLD41C1.tmp
2010-08-27 12:29 . 2010-08-27 12:29 96512 ----a-w- c:\windows\system32\drivers\OLD41BE.tmp
2010-08-27 12:29 . 2010-08-27 12:29 96512 ----a-w- c:\windows\system32\drivers\OLD41BB.tmp
2010-08-27 12:29 . 2010-08-27 12:29 96512 ----a-w- c:\windows\system32\drivers\OLD41B8.tmp
2010-08-27 12:29 . 2010-08-27 12:29 96512 ----a-w- c:\windows\system32\drivers\OLD41B5.tmp
2010-08-27 12:29 . 2010-08-27 12:29 96512 ----a-w- c:\windows\system32\drivers\OLD41B2.tmp
2010-08-27 12:29 . 2010-08-27 12:29 96512 ----a-w- c:\windows\system32\drivers\OLD41AF.tmp
2010-08-27 12:29 . 2010-08-27 12:29 96512 ----a-w- c:\windows\system32\drivers\OLD41AC.tmp
2010-08-27 12:29 . 2010-08-27 12:29 96512 ----a-w- c:\windows\system32\drivers\OLD41A9.tmp
2010-08-27 12:29 . 2010-08-27 12:29 96512 ----a-w- c:\windows\system32\drivers\OLD41A6.tmp
2010-08-27 12:29 . 2010-08-27 12:29 96512 ----a-w- c:\windows\system32\drivers\OLD41A3.tmp
2010-08-27 12:28 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD41A0.tmp
2010-08-27 12:28 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD419D.tmp
2010-08-27 12:28 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD419A.tmp
2010-08-27 12:28 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD4197.tmp
2010-08-27 12:28 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD4194.tmp
2010-08-27 12:28 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD4191.tmp
2010-08-27 12:28 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD418E.tmp
2010-08-27 12:28 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD418B.tmp
2010-08-27 12:28 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD4188.tmp
2010-08-27 12:28 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD4185.tmp
2010-08-27 12:28 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD4182.tmp
2010-08-27 12:27 . 2010-08-27 12:28 96512 ----a-w- c:\windows\system32\drivers\OLD417F.tmp
2010-08-27 12:27 . 2010-08-27 12:27 96512 ----a-w- c:\windows\system32\drivers\OLD417C.tmp
2010-08-27 12:27 . 2010-08-27 12:27 96512 ----a-w- c:\windows\system32\drivers\OLD4179.tmp
2010-08-27 12:27 . 2010-08-27 12:27 96512 ----a-w- c:\windows\system32\drivers\OLD4176.tmp
2010-08-27 12:27 . 2010-08-27 12:27 96512 ----a-w- c:\windows\system32\drivers\OLD4173.tmp
2010-08-27 12:27 . 2010-08-27 12:27 96512 ----a-w- c:\windows\system32\drivers\OLD4170.tmp
2010-08-27 12:27 . 2010-08-27 12:27 96512 ----a-w- c:\windows\system32\drivers\OLD416D.tmp
2010-08-27 12:27 . 2010-08-27 12:27 96512 ----a-w- c:\windows\system32\drivers\OLD416A.tmp
2010-08-27 12:27 . 2010-08-27 12:27 96512 ----a-w- c:\windows\system32\drivers\OLD4167.tmp
2010-08-27 12:27 . 2010-08-27 12:27 96512 ----a-w- c:\windows\system32\drivers\OLD4164.tmp
2010-08-27 12:27 . 2010-08-27 12:27 96512 ----a-w- c:\windows\system32\drivers\OLD4161.tmp
2010-08-27 12:26 . 2010-08-27 12:27 96512 ----a-w- c:\windows\system32\drivers\OLD415E.tmp
2010-08-27 12:26 . 2010-08-27 12:26 96512 ----a-w- c:\windows\system32\drivers\OLD415B.tmp
2010-08-27 12:26 . 2010-08-27 12:26 96512 ----a-w- c:\windows\system32\drivers\OLD4158.tmp
2010-08-27 12:26 . 2010-08-27 12:26 96512 ----a-w- c:\windows\system32\drivers\OLD4155.tmp
2010-08-27 12:26 . 2010-08-27 12:26 96512 ----a-w- c:\windows\system32\drivers\OLD4152.tmp
2010-08-27 12:26 . 2010-08-27 12:26 96512 ----a-w- c:\windows\system32\drivers\OLD414F.tmp
2010-08-27 12:26 . 2010-08-27 12:26 96512 ----a-w- c:\windows\system32\drivers\OLD414C.tmp
2010-08-27 12:26 . 2010-08-27 12:26 96512 ----a-w- c:\windows\system32\drivers\OLD4149.tmp
2010-08-27 12:26 . 2010-08-27 12:26 96512 ----a-w- c:\windows\system32\drivers\OLD4146.tmp
2010-08-27 12:26 . 2010-08-27 12:26 96512 ----a-w- c:\windows\system32\drivers\OLD4143.tmp
2010-08-27 12:26 . 2010-08-27 12:26 96512 ----a-w- c:\windows\system32\drivers\OLD4140.tmp
2010-08-27 12:25 . 2010-08-27 12:26 96512 ----a-w- c:\windows\system32\drivers\OLD413D.tmp
2010-08-27 12:25 . 2010-08-27 12:25 96512 ----a-w- c:\windows\system32\drivers\OLD413A.tmp
2010-08-27 12:25 . 2010-08-27 12:25 96512 ----a-w- c:\windows\system32\drivers\OLD4137.tmp
2010-08-27 12:25 . 2010-08-27 12:25 96512 ----a-w- c:\windows\system32\drivers\OLD4134.tmp
2010-08-27 12:25 . 2010-08-27 12:25 96512 ----a-w- c:\windows\system32\drivers\OLD4131.tmp
2010-08-27 12:25 . 2010-08-27 12:25 96512 ----a-w- c:\windows\system32\drivers\OLD412E.tmp
2010-08-27 12:25 . 2010-08-27 12:25 96512 ----a-w- c:\windows\system32\drivers\OLD412B.tmp
2010-08-27 12:25 . 2010-08-27 12:25 96512 ----a-w- c:\windows\system32\drivers\OLD4128.tmp
2010-08-27 12:25 . 2010-08-27 12:25 96512 ----a-w- c:\windows\system32\drivers\OLD4125.tmp
2010-08-27 12:25 . 2010-08-27 12:25 96512 ----a-w- c:\windows\system32\drivers\OLD4122.tmp
2010-08-27 12:25 . 2010-08-27 12:25 96512 ----a-w- c:\windows\system32\drivers\OLD411F.tmp
2010-08-27 12:24 . 2010-08-27 12:25 96512 ----a-w- c:\windows\system32\drivers\OLD411C.tmp
2010-08-27 12:24 . 2010-08-27 12:24 96512 ----a-w- c:\windows\system32\drivers\OLD4119.tmp
2010-08-27 12:24 . 2010-08-27 12:24 96512 ----a-w- c:\windows\system32\drivers\OLD4116.tmp
2010-08-27 12:24 . 2010-08-27 12:24 96512 ----a-w- c:\windows\system32\drivers\OLD4113.tmp
2010-08-27 12:24 . 2010-08-27 12:24 96512 ----a-w- c:\windows\system32\drivers\OLD4110.tmp
2010-08-27 12:24 . 2010-08-27 12:24 96512 ----a-w- c:\windows\system32\drivers\OLD410D.tmp
2010-08-27 12:24 . 2010-08-27 12:24 96512 ----a-w- c:\windows\system32\drivers\OLD410A.tmp
2010-08-27 12:24 . 2010-08-27 12:24 96512 ----a-w- c:\windows\system32\drivers\OLD4107.tmp
2010-08-27 12:24 . 2010-08-27 12:24 96512 ----a-w- c:\windows\system32\drivers\OLD4104.tmp
2010-08-27 12:24 . 2010-08-27 12:24 96512 ----a-w- c:\windows\system32\drivers\OLD4101.tmp
2010-08-27 12:24 . 2010-08-27 12:24 96512 ----a-w- c:\windows\system32\drivers\OLD40FE.tmp
2010-08-27 12:23 . 2010-08-27 12:24 96512 ----a-w- c:\windows\system32\drivers\OLD40FB.tmp
2010-08-27 12:23 . 2010-08-27 12:23 96512 ----a-w- c:\windows\system32\drivers\OLD40F8.tmp
2010-08-27 12:23 . 2010-08-27 12:23 96512 ----a-w- c:\windows\system32\drivers\OLD40F5.tmp
2010-08-27 12:23 . 2010-08-27 12:23 96512 ----a-w- c:\windows\system32\drivers\OLD40F2.tmp
2010-08-27 12:23 . 2010-08-27 12:23 96512 ----a-w- c:\windows\system32\drivers\OLD40EF.tmp
2010-08-27 12:23 . 2010-08-27 12:23 96512 ----a-w- c:\windows\system32\drivers\OLD40EC.tmp
2010-08-27 12:23 . 2010-08-27 12:23 96512 ----a-w- c:\windows\system32\drivers\OLD40E9.tmp
2010-08-27 12:23 . 2010-08-27 12:23 96512 ----a-w- c:\windows\system32\drivers\OLD40E6.tmp
2010-08-27 12:23 . 2010-08-27 12:23 96512 ----a-w- c:\windows\system32\drivers\OLD40E3.tmp
2010-08-27 12:23 . 2010-08-27 12:23 96512 ----a-w- c:\windows\system32\drivers\OLD40E0.tmp
2010-08-27 12:23 . 2010-08-27 12:23 96512 ----a-w- c:\windows\system32\drivers\OLD40DD.tmp
2010-08-27 12:22 . 2010-08-27 12:23 96512 ----a-w- c:\windows\system32\drivers\OLD40DA.tmp
2010-08-27 12:22 . 2010-08-27 12:22 96512 ----a-w- c:\windows\system32\drivers\OLD40D7.tmp
2010-08-27 12:22 . 2010-08-27 12:22 96512 ----a-w- c:\windows\system32\drivers\OLD40D4.tmp
2010-08-27 12:22 . 2010-08-27 12:22 96512 ----a-w- c:\windows\system32\drivers\OLD40D1.tmp
2008-03-19 16:26 . 2008-03-05 14:58 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-08-19 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
backup=c:\windows\pss\dlbcserv.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=c:\windows\pss\SideACT!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BRIAN WEBB^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\BRIAN WEBB\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^BRIAN WEBB^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\BRIAN WEBB\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-07 12:23 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2002-04-11 01:03 368706 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-18 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-12 01:31 722256 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 12:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 21:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 14:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 13:50 53248 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-09-14 13:50 131072 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Radio365Agent]
2006-12-19 22:55 884736 ----a-w- c:\progra~1\Live365\Radio365\Radio365TrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-10-02 12:24 222728 ----a-w- c:\program files\Real\realplayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2001-10-03 14:09 4247552 -c--a-w- c:\program files\Alcatel\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 22:48 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
2004-07-25 18:45 1277952 -c--a-w- c:\program files\Support.com\BellSouth\hcenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-02 12:24 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\GameTap\\bin\\release\\gametap.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\My Games\\Red Ace Squadron\\ras.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\SymEFA.sys [4/28/2010 8:42 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\BHDrvx86.sys [4/28/2010 8:42 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\cchpx86.sys [4/28/2010 8:40 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100901.003\IDSXpx86.sys [9/2/2010 8:36 PM 331640]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [7/9/2009 4:21 PM 78104]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [5/25/2005 9:11 AM 34916]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [4/28/2010 8:41 PM 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/22/2007 1:00 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/26/2010 4:00 AM 102448]
S2 gupdate1ca06755eda3c02;Google Update Service (gupdate1ca06755eda3c02);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 srserviceShellHWDetection;System Restore Service srserviceShellHWDetection;c:\windows\system32\ACTMOVIEe.exe srv --> c:\windows\system32\ACTMOVIEe.exe srv [?]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-19 17:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aflac.com\my
Trusted Zone: turbotax.com
DPF: {4635A474-9AA7-4467-8FA5-FAF329CB593C} - hxxps://ssl5.dealerups.com/v8/DealerUps.cab
DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - hxxp://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 20:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
Completion time: 2010-09-03 21:03:48
ComboFix-quarantined-files.txt 2010-09-04 01:03
ComboFix2.txt 2010-09-03 23:30
ComboFix3.txt 2010-09-02 00:41

Pre-Run: 40,135,094,272 bytes free
Post-Run: 40,114,368,512 bytes free

- - End Of File - - B993B9E37DCEBCD7FD591DD4AA809A69

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 03 September 2010 - 09:35 PM

I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
File::
c:\windows\system32\drivers\OLD41EB.tmp
c:\windows\system32\drivers\OLD41E8.tmp
c:\windows\system32\drivers\OLD41E5.tmp
c:\windows\system32\drivers\OLD41E2.tmp
c:\windows\system32\drivers\OLD41DF.tmp
c:\windows\system32\drivers\OLD41DC.tmp
c:\windows\system32\drivers\OLD41D9.tmp
c:\windows\system32\drivers\OLD41D6.tmp
c:\windows\system32\drivers\OLD41D3.tmp
c:\windows\system32\drivers\OLD41D0.tmp
c:\windows\system32\drivers\OLD41CD.tmp
c:\windows\system32\drivers\OLD41CA.tmp
c:\windows\system32\drivers\OLD41C7.tmp
c:\windows\system32\drivers\OLD41C4.tmp
c:\windows\system32\drivers\OLD41C1.tmp
c:\windows\system32\drivers\OLD41BE.tmp
c:\windows\system32\drivers\OLD41BB.tmp
c:\windows\system32\drivers\OLD41B8.tmp
c:\windows\system32\drivers\OLD41B5.tmp
c:\windows\system32\drivers\OLD41B2.tmp
c:\windows\system32\drivers\OLD41AF.tmp
c:\windows\system32\drivers\OLD41AC.tmp
c:\windows\system32\drivers\OLD41A9.tmp
c:\windows\system32\drivers\OLD41A6.tmp
c:\windows\system32\drivers\OLD41A3.tmp
c:\windows\system32\drivers\OLD41A0.tmp
c:\windows\system32\drivers\OLD419D.tmp
c:\windows\system32\drivers\OLD419A.tmp
c:\windows\system32\drivers\OLD4197.tmp
c:\windows\system32\drivers\OLD4194.tmp
c:\windows\system32\drivers\OLD4191.tmp
c:\windows\system32\drivers\OLD418E.tmp
c:\windows\system32\drivers\OLD418B.tmp
c:\windows\system32\drivers\OLD4188.tmp
c:\windows\system32\drivers\OLD4185.tmp
c:\windows\system32\drivers\OLD4182.tmp
c:\windows\system32\drivers\OLD417F.tmp
c:\windows\system32\drivers\OLD417C.tmp
c:\windows\system32\drivers\OLD4179.tmp
c:\windows\system32\drivers\OLD4176.tmp
c:\windows\system32\drivers\OLD4173.tmp
c:\windows\system32\drivers\OLD4170.tmp
c:\windows\system32\drivers\OLD416D.tmp
c:\windows\system32\drivers\OLD416A.tmp
c:\windows\system32\drivers\OLD4167.tmp
c:\windows\system32\drivers\OLD4164.tmp
c:\windows\system32\drivers\OLD4161.tmp
c:\windows\system32\drivers\OLD415E.tmp
c:\windows\system32\drivers\OLD415B.tmp
c:\windows\system32\drivers\OLD4158.tmp
c:\windows\system32\drivers\OLD4155.tmp
c:\windows\system32\drivers\OLD4152.tmp
c:\windows\system32\drivers\OLD414F.tmp
c:\windows\system32\drivers\OLD414C.tmp
c:\windows\system32\drivers\OLD4149.tmp
c:\windows\system32\drivers\OLD4146.tmp
c:\windows\system32\drivers\OLD4143.tmp
c:\windows\system32\drivers\OLD4140.tmp
c:\windows\system32\drivers\OLD413D.tmp
c:\windows\system32\drivers\OLD413A.tmp
c:\windows\system32\drivers\OLD4137.tmp
c:\windows\system32\drivers\OLD4134.tmp
c:\windows\system32\drivers\OLD4131.tmp
c:\windows\system32\drivers\OLD412E.tmp
c:\windows\system32\drivers\OLD412B.tmp
c:\windows\system32\drivers\OLD4128.tmp
c:\windows\system32\drivers\OLD4125.tmp
c:\windows\system32\drivers\OLD4122.tmp
c:\windows\system32\drivers\OLD411F.tmp
c:\windows\system32\drivers\OLD411C.tmp
c:\windows\system32\drivers\OLD4119.tmp
c:\windows\system32\drivers\OLD4116.tmp
c:\windows\system32\drivers\OLD4113.tmp
c:\windows\system32\drivers\OLD4110.tmp
c:\windows\system32\drivers\OLD410D.tmp
c:\windows\system32\drivers\OLD410A.tmp
c:\windows\system32\drivers\OLD4107.tmp
c:\windows\system32\drivers\OLD4104.tmp
c:\windows\system32\drivers\OLD4101.tmp
c:\windows\system32\drivers\OLD40FE.tmp
c:\windows\system32\drivers\OLD40FB.tmp
c:\windows\system32\drivers\OLD40F8.tmp
c:\windows\system32\drivers\OLD40F5.tmp
c:\windows\system32\drivers\OLD40F2.tmp
c:\windows\system32\drivers\OLD40EF.tmp
c:\windows\system32\drivers\OLD40EC.tmp
c:\windows\system32\drivers\OLD40E9.tmp
c:\windows\system32\drivers\OLD40E6.tmp
c:\windows\system32\drivers\OLD40E3.tmp
c:\windows\system32\drivers\OLD40E0.tmp
c:\windows\system32\drivers\OLD40DD.tmp
c:\windows\system32\drivers\OLD40DA.tmp
c:\windows\system32\drivers\OLD40D7.tmp
c:\windows\system32\drivers\OLD40D4.tmp
c:\windows\system32\drivers\OLD40D1.tmp


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 spyderwebb

spyderwebb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
    •  
  • Local time:04:52 PM

Posted 03 September 2010 - 11:16 PM

Allright, I ran the new CFScript.txt with Combofix and just like the last time I got the message "Combofix needs to submit malware files for further analysis." After the combofix finished, the computer seems to have sped up a lot more. Below you'll find the log from the combofix.

ComboFix 10-09-03.01 - BRIAN WEBB 09/03/2010 23:28:04.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.186 [GMT -4:00]
Running from: c:\documents and settings\BRIAN WEBB\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\BRIAN WEBB\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FILE ::
"c:\windows\system32\drivers\OLD40D1.tmp"
"c:\windows\system32\drivers\OLD40D4.tmp"
"c:\windows\system32\drivers\OLD40D7.tmp"
"c:\windows\system32\drivers\OLD40DA.tmp"
"c:\windows\system32\drivers\OLD40DD.tmp"
"c:\windows\system32\drivers\OLD40E0.tmp"
"c:\windows\system32\drivers\OLD40E3.tmp"
"c:\windows\system32\drivers\OLD40E6.tmp"
"c:\windows\system32\drivers\OLD40E9.tmp"
"c:\windows\system32\drivers\OLD40EC.tmp"
"c:\windows\system32\drivers\OLD40EF.tmp"
"c:\windows\system32\drivers\OLD40F2.tmp"
"c:\windows\system32\drivers\OLD40F5.tmp"
"c:\windows\system32\drivers\OLD40F8.tmp"
"c:\windows\system32\drivers\OLD40FB.tmp"
"c:\windows\system32\drivers\OLD40FE.tmp"
"c:\windows\system32\drivers\OLD4101.tmp"
"c:\windows\system32\drivers\OLD4104.tmp"
"c:\windows\system32\drivers\OLD4107.tmp"
"c:\windows\system32\drivers\OLD410A.tmp"
"c:\windows\system32\drivers\OLD410D.tmp"
"c:\windows\system32\drivers\OLD4110.tmp"
"c:\windows\system32\drivers\OLD4113.tmp"
"c:\windows\system32\drivers\OLD4116.tmp"
"c:\windows\system32\drivers\OLD4119.tmp"
"c:\windows\system32\drivers\OLD411C.tmp"
"c:\windows\system32\drivers\OLD411F.tmp"
"c:\windows\system32\drivers\OLD4122.tmp"
"c:\windows\system32\drivers\OLD4125.tmp"
"c:\windows\system32\drivers\OLD4128.tmp"
"c:\windows\system32\drivers\OLD412B.tmp"
"c:\windows\system32\drivers\OLD412E.tmp"
"c:\windows\system32\drivers\OLD4131.tmp"
"c:\windows\system32\drivers\OLD4134.tmp"
"c:\windows\system32\drivers\OLD4137.tmp"
"c:\windows\system32\drivers\OLD413A.tmp"
"c:\windows\system32\drivers\OLD413D.tmp"
"c:\windows\system32\drivers\OLD4140.tmp"
"c:\windows\system32\drivers\OLD4143.tmp"
"c:\windows\system32\drivers\OLD4146.tmp"
"c:\windows\system32\drivers\OLD4149.tmp"
"c:\windows\system32\drivers\OLD414C.tmp"
"c:\windows\system32\drivers\OLD414F.tmp"
"c:\windows\system32\drivers\OLD4152.tmp"
"c:\windows\system32\drivers\OLD4155.tmp"
"c:\windows\system32\drivers\OLD4158.tmp"
"c:\windows\system32\drivers\OLD415B.tmp"
"c:\windows\system32\drivers\OLD415E.tmp"
"c:\windows\system32\drivers\OLD4161.tmp"
"c:\windows\system32\drivers\OLD4164.tmp"
"c:\windows\system32\drivers\OLD4167.tmp"
"c:\windows\system32\drivers\OLD416A.tmp"
"c:\windows\system32\drivers\OLD416D.tmp"
"c:\windows\system32\drivers\OLD4170.tmp"
"c:\windows\system32\drivers\OLD4173.tmp"
"c:\windows\system32\drivers\OLD4176.tmp"
"c:\windows\system32\drivers\OLD4179.tmp"
"c:\windows\system32\drivers\OLD417C.tmp"
"c:\windows\system32\drivers\OLD417F.tmp"
"c:\windows\system32\drivers\OLD4182.tmp"
"c:\windows\system32\drivers\OLD4185.tmp"
"c:\windows\system32\drivers\OLD4188.tmp"
"c:\windows\system32\drivers\OLD418B.tmp"
"c:\windows\system32\drivers\OLD418E.tmp"
"c:\windows\system32\drivers\OLD4191.tmp"
"c:\windows\system32\drivers\OLD4194.tmp"
"c:\windows\system32\drivers\OLD4197.tmp"
"c:\windows\system32\drivers\OLD419A.tmp"
"c:\windows\system32\drivers\OLD419D.tmp"
"c:\windows\system32\drivers\OLD41A0.tmp"
"c:\windows\system32\drivers\OLD41A3.tmp"
"c:\windows\system32\drivers\OLD41A6.tmp"
"c:\windows\system32\drivers\OLD41A9.tmp"
"c:\windows\system32\drivers\OLD41AC.tmp"
"c:\windows\system32\drivers\OLD41AF.tmp"
"c:\windows\system32\drivers\OLD41B2.tmp"
"c:\windows\system32\drivers\OLD41B5.tmp"
"c:\windows\system32\drivers\OLD41B8.tmp"
"c:\windows\system32\drivers\OLD41BB.tmp"
"c:\windows\system32\drivers\OLD41BE.tmp"
"c:\windows\system32\drivers\OLD41C1.tmp"
"c:\windows\system32\drivers\OLD41C4.tmp"
"c:\windows\system32\drivers\OLD41C7.tmp"
"c:\windows\system32\drivers\OLD41CA.tmp"
"c:\windows\system32\drivers\OLD41CD.tmp"
"c:\windows\system32\drivers\OLD41D0.tmp"
"c:\windows\system32\drivers\OLD41D3.tmp"
"c:\windows\system32\drivers\OLD41D6.tmp"
"c:\windows\system32\drivers\OLD41D9.tmp"
"c:\windows\system32\drivers\OLD41DC.tmp"
"c:\windows\system32\drivers\OLD41DF.tmp"
"c:\windows\system32\drivers\OLD41E2.tmp"
"c:\windows\system32\drivers\OLD41E5.tmp"
"c:\windows\system32\drivers\OLD41E8.tmp"
"c:\windows\system32\drivers\OLD41EB.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\OLD40D1.tmp
c:\windows\system32\drivers\OLD40D4.tmp
c:\windows\system32\drivers\OLD40D7.tmp
c:\windows\system32\drivers\OLD40DA.tmp
c:\windows\system32\drivers\OLD40DD.tmp
c:\windows\system32\drivers\OLD40E0.tmp
c:\windows\system32\drivers\OLD40E3.tmp
c:\windows\system32\drivers\OLD40E6.tmp
c:\windows\system32\drivers\OLD40E9.tmp
c:\windows\system32\drivers\OLD40EC.tmp
c:\windows\system32\drivers\OLD40EF.tmp
c:\windows\system32\drivers\OLD40F2.tmp
c:\windows\system32\drivers\OLD40F5.tmp
c:\windows\system32\drivers\OLD40F8.tmp
c:\windows\system32\drivers\OLD40FB.tmp
c:\windows\system32\drivers\OLD40FE.tmp
c:\windows\system32\drivers\OLD4101.tmp
c:\windows\system32\drivers\OLD4104.tmp
c:\windows\system32\drivers\OLD4107.tmp
c:\windows\system32\drivers\OLD410A.tmp
c:\windows\system32\drivers\OLD410D.tmp
c:\windows\system32\drivers\OLD4110.tmp
c:\windows\system32\drivers\OLD4113.tmp
c:\windows\system32\drivers\OLD4116.tmp
c:\windows\system32\drivers\OLD4119.tmp
c:\windows\system32\drivers\OLD411C.tmp
c:\windows\system32\drivers\OLD411F.tmp
c:\windows\system32\drivers\OLD4122.tmp
c:\windows\system32\drivers\OLD4125.tmp
c:\windows\system32\drivers\OLD4128.tmp
c:\windows\system32\drivers\OLD412B.tmp
c:\windows\system32\drivers\OLD412E.tmp
c:\windows\system32\drivers\OLD4131.tmp
c:\windows\system32\drivers\OLD4134.tmp
c:\windows\system32\drivers\OLD4137.tmp
c:\windows\system32\drivers\OLD413A.tmp
c:\windows\system32\drivers\OLD413D.tmp
c:\windows\system32\drivers\OLD4140.tmp
c:\windows\system32\drivers\OLD4143.tmp
c:\windows\system32\drivers\OLD4146.tmp
c:\windows\system32\drivers\OLD4149.tmp
c:\windows\system32\drivers\OLD414C.tmp
c:\windows\system32\drivers\OLD414F.tmp
c:\windows\system32\drivers\OLD4152.tmp
c:\windows\system32\drivers\OLD4155.tmp
c:\windows\system32\drivers\OLD4158.tmp
c:\windows\system32\drivers\OLD415B.tmp
c:\windows\system32\drivers\OLD415E.tmp
c:\windows\system32\drivers\OLD4161.tmp
c:\windows\system32\drivers\OLD4164.tmp
c:\windows\system32\drivers\OLD4167.tmp
c:\windows\system32\drivers\OLD416A.tmp
c:\windows\system32\drivers\OLD416D.tmp
c:\windows\system32\drivers\OLD4170.tmp
c:\windows\system32\drivers\OLD4173.tmp
c:\windows\system32\drivers\OLD4176.tmp
c:\windows\system32\drivers\OLD4179.tmp
c:\windows\system32\drivers\OLD417C.tmp
c:\windows\system32\drivers\OLD417F.tmp
c:\windows\system32\drivers\OLD4182.tmp
c:\windows\system32\drivers\OLD4185.tmp
c:\windows\system32\drivers\OLD4188.tmp
c:\windows\system32\drivers\OLD418B.tmp
c:\windows\system32\drivers\OLD418E.tmp
c:\windows\system32\drivers\OLD4191.tmp
c:\windows\system32\drivers\OLD4194.tmp
c:\windows\system32\drivers\OLD4197.tmp
c:\windows\system32\drivers\OLD419A.tmp
c:\windows\system32\drivers\OLD419D.tmp
c:\windows\system32\drivers\OLD41A0.tmp
c:\windows\system32\drivers\OLD41A3.tmp
c:\windows\system32\drivers\OLD41A6.tmp
c:\windows\system32\drivers\OLD41A9.tmp
c:\windows\system32\drivers\OLD41AC.tmp
c:\windows\system32\drivers\OLD41AF.tmp
c:\windows\system32\drivers\OLD41B2.tmp
c:\windows\system32\drivers\OLD41B5.tmp
c:\windows\system32\drivers\OLD41B8.tmp
c:\windows\system32\drivers\OLD41BB.tmp
c:\windows\system32\drivers\OLD41BE.tmp
c:\windows\system32\drivers\OLD41C1.tmp
c:\windows\system32\drivers\OLD41C4.tmp
c:\windows\system32\drivers\OLD41C7.tmp
c:\windows\system32\drivers\OLD41CA.tmp
c:\windows\system32\drivers\OLD41CD.tmp
c:\windows\system32\drivers\OLD41D0.tmp
c:\windows\system32\drivers\OLD41D3.tmp
c:\windows\system32\drivers\OLD41D6.tmp
c:\windows\system32\drivers\OLD41D9.tmp
c:\windows\system32\drivers\OLD41DC.tmp
c:\windows\system32\drivers\OLD41DF.tmp
c:\windows\system32\drivers\OLD41E2.tmp
c:\windows\system32\drivers\OLD41E5.tmp
c:\windows\system32\drivers\OLD41E8.tmp
c:\windows\system32\drivers\OLD41EB.tmp

.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-09-02 21:34 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-02 21:34 . 2008-04-13 18:40 96512 ----a-w- C:\atapi.sys
2010-08-28 15:32 . 2010-08-28 15:32 -------- d-----w- c:\documents and settings\Administrator.BRIAN\Local Settings\Application Data\Symantec
2010-08-13 12:16 . 2010-08-14 03:11 -------- d-----w- c:\windows\system32\MpEngineStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 00:15 . 2010-01-22 00:45 -------- d-----w- c:\program files\PlaySushi
2010-09-02 00:15 . 2009-08-04 02:49 -------- d-----w- c:\program files\iWin Games
2010-09-01 03:13 . 2006-06-03 20:15 -------- d-----w- c:\documents and settings\BRIAN WEBB\Application Data\Wildfire
2010-09-01 00:46 . 2009-07-16 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-28 15:34 . 2010-04-10 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 12:22 . 2010-08-27 12:22 96512 ----a-w- c:\windows\system32\drivers\OLD40CE.tmp
2010-08-27 12:22 . 2010-08-27 12:22 96512 ----a-w- c:\windows\system32\drivers\OLD40CB.tmp
2010-08-27 12:22 . 2010-08-27 12:22 96512 ----a-w- c:\windows\system32\drivers\OLD40C8.tmp
2010-08-27 12:22 . 2010-08-27 12:22 96512 ----a-w- c:\windows\system32\drivers\OLD40C5.tmp
2010-08-27 12:22 . 2010-08-27 12:22 96512 ----a-w- c:\windows\system32\drivers\OLD40C2.tmp
2010-08-27 12:22 . 2010-08-27 12:22 96512 ----a-w- c:\windows\system32\drivers\OLD40BF.tmp
2010-08-27 12:22 . 2010-08-27 12:22 96512 ----a-w- c:\windows\system32\drivers\OLD40BC.tmp
2010-08-27 12:21 . 2010-08-27 12:22 96512 ----a-w- c:\windows\system32\drivers\OLD40B9.tmp
2010-08-27 12:21 . 2010-08-27 12:21 96512 ----a-w- c:\windows\system32\drivers\OLD40B6.tmp
2010-08-27 12:21 . 2010-08-27 12:21 96512 ----a-w- c:\windows\system32\drivers\OLD40B3.tmp
2010-08-27 12:21 . 2010-08-27 12:21 96512 ----a-w- c:\windows\system32\drivers\OLD40B0.tmp
2010-08-27 12:21 . 2010-08-27 12:21 96512 ----a-w- c:\windows\system32\drivers\OLD40AD.tmp
2010-08-27 12:21 . 2010-08-27 12:21 96512 ----a-w- c:\windows\system32\drivers\OLD40AA.tmp
2010-08-27 12:21 . 2010-08-27 12:21 96512 ----a-w- c:\windows\system32\drivers\OLD40A7.tmp
2010-08-27 12:21 . 2010-08-27 12:21 96512 ----a-w- c:\windows\system32\drivers\OLD40A4.tmp
2010-08-27 12:21 . 2010-08-27 12:21 96512 ----a-w- c:\windows\system32\drivers\OLD40A1.tmp
2010-08-27 12:21 . 2010-08-27 12:21 96512 ----a-w- c:\windows\system32\drivers\OLD409E.tmp
2010-08-27 12:21 . 2010-08-27 12:21 96512 ----a-w- c:\windows\system32\drivers\OLD409B.tmp
2010-08-27 12:20 . 2010-08-27 12:21 96512 ----a-w- c:\windows\system32\drivers\OLD4098.tmp
2010-08-27 12:20 . 2010-08-27 12:20 96512 ----a-w- c:\windows\system32\drivers\OLD4095.tmp
2010-08-27 12:20 . 2010-08-27 12:20 96512 ----a-w- c:\windows\system32\drivers\OLD4092.tmp
2010-08-27 12:20 . 2010-08-27 12:20 96512 ----a-w- c:\windows\system32\drivers\OLD408F.tmp
2010-08-27 12:20 . 2010-08-27 12:20 96512 ----a-w- c:\windows\system32\drivers\OLD408C.tmp
2010-08-27 12:20 . 2010-08-27 12:20 96512 ----a-w- c:\windows\system32\drivers\OLD4089.tmp
2010-08-27 12:20 . 2010-08-27 12:20 96512 ----a-w- c:\windows\system32\drivers\OLD4086.tmp
2010-08-27 12:20 . 2010-08-27 12:20 96512 ----a-w- c:\windows\system32\drivers\OLD4083.tmp
2010-08-27 12:20 . 2010-08-27 12:20 96512 ----a-w- c:\windows\system32\drivers\OLD4080.tmp
2010-08-27 12:20 . 2010-08-27 12:20 96512 ----a-w- c:\windows\system32\drivers\OLD407D.tmp
2010-08-27 12:20 . 2010-08-27 12:20 96512 ----a-w- c:\windows\system32\drivers\OLD407A.tmp
2010-08-27 12:19 . 2010-08-27 12:20 96512 ----a-w- c:\windows\system32\drivers\OLD4077.tmp
2010-08-27 12:19 . 2010-08-27 12:19 96512 ----a-w- c:\windows\system32\drivers\OLD4074.tmp
2010-08-27 12:19 . 2010-08-27 12:19 96512 ----a-w- c:\windows\system32\drivers\OLD4071.tmp
2010-08-27 12:19 . 2010-08-27 12:19 96512 ----a-w- c:\windows\system32\drivers\OLD406E.tmp
2010-08-27 12:19 . 2010-08-27 12:19 96512 ----a-w- c:\windows\system32\drivers\OLD406B.tmp
2010-08-27 12:19 . 2010-08-27 12:19 96512 ----a-w- c:\windows\system32\drivers\OLD4068.tmp
2010-08-27 12:19 . 2010-08-27 12:19 96512 ----a-w- c:\windows\system32\drivers\OLD4065.tmp
2010-08-27 12:19 . 2010-08-27 12:19 96512 ----a-w- c:\windows\system32\drivers\OLD4062.tmp
2010-08-27 12:19 . 2010-08-27 12:19 96512 ----a-w- c:\windows\system32\drivers\OLD405F.tmp
2010-08-27 12:19 . 2010-08-27 12:19 96512 ----a-w- c:\windows\system32\drivers\OLD405C.tmp
2010-08-27 12:19 . 2010-08-27 12:19 96512 ----a-w- c:\windows\system32\drivers\OLD4059.tmp
2010-08-27 12:18 . 2010-08-27 12:19 96512 ----a-w- c:\windows\system32\drivers\OLD4056.tmp
2010-08-27 12:18 . 2010-08-27 12:18 96512 ----a-w- c:\windows\system32\drivers\OLD4053.tmp
2010-08-27 12:18 . 2010-08-27 12:18 96512 ----a-w- c:\windows\system32\drivers\OLD4050.tmp
2010-08-27 12:18 . 2010-08-27 12:18 96512 ----a-w- c:\windows\system32\drivers\OLD404D.tmp
2010-08-27 12:18 . 2010-08-27 12:18 96512 ----a-w- c:\windows\system32\drivers\OLD404A.tmp
2010-08-27 12:18 . 2010-08-27 12:18 96512 ----a-w- c:\windows\system32\drivers\OLD4047.tmp
2010-08-27 12:18 . 2010-08-27 12:18 96512 ----a-w- c:\windows\system32\drivers\OLD4044.tmp
2010-08-27 12:18 . 2010-08-27 12:18 96512 ----a-w- c:\windows\system32\drivers\OLD4041.tmp
2010-08-27 12:18 . 2010-08-27 12:18 96512 ----a-w- c:\windows\system32\drivers\OLD403E.tmp
2010-08-27 12:18 . 2010-08-27 12:18 96512 ----a-w- c:\windows\system32\drivers\OLD403B.tmp
2010-08-27 12:18 . 2010-08-27 12:18 96512 ----a-w- c:\windows\system32\drivers\OLD4038.tmp
2010-08-27 12:17 . 2010-08-27 12:18 96512 ----a-w- c:\windows\system32\drivers\OLD4035.tmp
2010-08-27 12:17 . 2010-08-27 12:17 96512 ----a-w- c:\windows\system32\drivers\OLD4032.tmp
2010-08-27 12:17 . 2010-08-27 12:17 96512 ----a-w- c:\windows\system32\drivers\OLD402F.tmp
2010-08-27 12:17 . 2010-08-27 12:17 96512 ----a-w- c:\windows\system32\drivers\OLD402C.tmp
2010-08-27 12:17 . 2010-08-27 12:17 96512 ----a-w- c:\windows\system32\drivers\OLD4029.tmp
2010-08-27 12:17 . 2010-08-27 12:17 96512 ----a-w- c:\windows\system32\drivers\OLD4026.tmp
2010-08-27 12:17 . 2010-08-27 12:17 96512 ----a-w- c:\windows\system32\drivers\OLD4023.tmp
2010-08-27 12:17 . 2010-08-27 12:17 96512 ----a-w- c:\windows\system32\drivers\OLD4020.tmp
2010-08-27 12:17 . 2010-08-27 12:17 96512 ----a-w- c:\windows\system32\drivers\OLD401D.tmp
2010-08-27 12:17 . 2010-08-27 12:17 96512 ----a-w- c:\windows\system32\drivers\OLD401A.tmp
2010-08-27 12:17 . 2010-08-27 12:17 96512 ----a-w- c:\windows\system32\drivers\OLD4017.tmp
2010-08-27 12:16 . 2010-08-27 12:17 96512 ----a-w- c:\windows\system32\drivers\OLD4014.tmp
2010-08-27 12:16 . 2010-08-27 12:16 96512 ----a-w- c:\windows\system32\drivers\OLD4011.tmp
2010-08-27 12:16 . 2010-08-27 12:16 96512 ----a-w- c:\windows\system32\drivers\OLD400E.tmp
2010-08-27 12:16 . 2010-08-27 12:16 96512 ----a-w- c:\windows\system32\drivers\OLD400B.tmp
2010-08-27 12:16 . 2010-08-27 12:16 96512 ----a-w- c:\windows\system32\drivers\OLD4008.tmp
2010-08-27 12:16 . 2010-08-27 12:16 96512 ----a-w- c:\windows\system32\drivers\OLD4005.tmp
2010-08-27 12:16 . 2010-08-27 12:16 96512 ----a-w- c:\windows\system32\drivers\OLD4002.tmp
2010-08-27 12:16 . 2010-08-27 12:16 96512 ----a-w- c:\windows\system32\drivers\OLD3FFF.tmp
2010-08-27 12:16 . 2010-08-27 12:16 96512 ----a-w- c:\windows\system32\drivers\OLD3FFC.tmp
2010-08-27 12:16 . 2010-08-27 12:16 96512 ----a-w- c:\windows\system32\drivers\OLD3FF9.tmp
2010-08-27 12:16 . 2010-08-27 12:16 96512 ----a-w- c:\windows\system32\drivers\OLD3FF6.tmp
2010-08-27 12:15 . 2010-08-27 12:16 96512 ----a-w- c:\windows\system32\drivers\OLD3FF3.tmp
2010-08-27 12:15 . 2010-08-27 12:15 96512 ----a-w- c:\windows\system32\drivers\OLD3FF0.tmp
2010-08-27 12:15 . 2010-08-27 12:15 96512 ----a-w- c:\windows\system32\drivers\OLD3FED.tmp
2010-08-27 12:15 . 2010-08-27 12:15 96512 ----a-w- c:\windows\system32\drivers\OLD3FEA.tmp
2010-08-27 12:15 . 2010-08-27 12:15 96512 ----a-w- c:\windows\system32\drivers\OLD3FE7.tmp
2010-08-27 12:15 . 2010-08-27 12:15 96512 ----a-w- c:\windows\system32\drivers\OLD3FE4.tmp
2010-08-27 12:15 . 2010-08-27 12:15 96512 ----a-w- c:\windows\system32\drivers\OLD3FE1.tmp
2010-08-27 12:15 . 2010-08-27 12:15 96512 ----a-w- c:\windows\system32\drivers\OLD3FDE.tmp
2010-08-27 12:15 . 2010-08-27 12:15 96512 ----a-w- c:\windows\system32\drivers\OLD3FDB.tmp
2010-08-27 12:15 . 2010-08-27 12:15 96512 ----a-w- c:\windows\system32\drivers\OLD3FD8.tmp
2010-08-27 12:15 . 2010-08-27 12:15 96512 ----a-w- c:\windows\system32\drivers\OLD3FD5.tmp
2010-08-27 12:14 . 2010-08-27 12:15 96512 ----a-w- c:\windows\system32\drivers\OLD3FD2.tmp
2010-08-27 12:14 . 2010-08-27 12:14 96512 ----a-w- c:\windows\system32\drivers\OLD3FCF.tmp
2010-08-27 12:14 . 2010-08-27 12:14 96512 ----a-w- c:\windows\system32\drivers\OLD3FCC.tmp
2010-08-27 12:14 . 2010-08-27 12:14 96512 ----a-w- c:\windows\system32\drivers\OLD3FC9.tmp
2010-08-27 12:14 . 2010-08-27 12:14 96512 ----a-w- c:\windows\system32\drivers\OLD3FC6.tmp
2010-08-27 12:14 . 2010-08-27 12:14 96512 ----a-w- c:\windows\system32\drivers\OLD3FC3.tmp
2010-08-27 12:14 . 2010-08-27 12:14 96512 ----a-w- c:\windows\system32\drivers\OLD3FC0.tmp
2010-08-27 12:14 . 2010-08-27 12:14 96512 ----a-w- c:\windows\system32\drivers\OLD3FBD.tmp
2010-08-27 12:14 . 2010-08-27 12:14 96512 ----a-w- c:\windows\system32\drivers\OLD3FBA.tmp
2010-08-27 12:14 . 2010-08-27 12:14 96512 ----a-w- c:\windows\system32\drivers\OLD3FB7.tmp
2010-08-27 12:14 . 2010-08-27 12:14 96512 ----a-w- c:\windows\system32\drivers\OLD3FB4.tmp
2008-03-19 16:26 . 2008-03-05 14:58 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-02 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-08-19 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
backup=c:\windows\pss\dlbcserv.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=c:\windows\pss\SideACT!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BRIAN WEBB^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\BRIAN WEBB\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^BRIAN WEBB^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\BRIAN WEBB\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-07 12:23 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2002-04-11 01:03 368706 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-18 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-12 01:31 722256 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 12:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 21:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 14:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 13:50 53248 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-09-14 13:50 131072 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Radio365Agent]
2006-12-19 22:55 884736 ----a-w- c:\progra~1\Live365\Radio365\Radio365TrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-10-02 12:24 222728 ----a-w- c:\program files\Real\realplayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2001-10-03 14:09 4247552 -c--a-w- c:\program files\Alcatel\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 22:48 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
2004-07-25 18:45 1277952 -c--a-w- c:\program files\Support.com\BellSouth\hcenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-02 12:24 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\GameTap\\bin\\release\\gametap.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\My Games\\Red Ace Squadron\\ras.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\SymEFA.sys [4/28/2010 8:42 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\BHDrvx86.sys [4/28/2010 8:42 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NAV\1008000.029\cchpx86.sys [4/28/2010 8:40 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100901.003\IDSXpx86.sys [9/2/2010 8:36 PM 331640]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [7/9/2009 4:21 PM 78104]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\DRIVERS\MrtRate.sys [5/25/2005 9:11 AM 34916]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [4/28/2010 8:41 PM 117640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/22/2007 1:00 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/26/2010 4:00 AM 102448]
S2 gupdate1ca06755eda3c02;Google Update Service (gupdate1ca06755eda3c02);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 srserviceShellHWDetection;System Restore Service srserviceShellHWDetection;c:\windows\system32\ACTMOVIEe.exe srv --> c:\windows\system32\ACTMOVIEe.exe srv [?]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-19 17:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: aflac.com\my
Trusted Zone: turbotax.com
DPF: {4635A474-9AA7-4467-8FA5-FAF329CB593C} - hxxps://ssl5.dealerups.com/v8/DealerUps.cab
DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - hxxp://www.surveys.com/promptcast/Installs/SURVEYS.COM%20PROMPTCAST%20SETUP.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 23:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
Completion time: 2010-09-04 00:00:57
ComboFix-quarantined-files.txt 2010-09-04 04:00
ComboFix2.txt 2010-09-04 01:03
ComboFix3.txt 2010-09-03 23:30
ComboFix4.txt 2010-09-02 00:41

Pre-Run: 40,122,560,512 bytes free
Post-Run: 40,104,263,680 bytes free

- - End Of File - - F36F2BE51AFCF1F97EE83A22B40E49C9

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 03 September 2010 - 11:31 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
CODE
:filefind
C:\windows\system32\drivers\OLD*.tmp
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 spyderwebb

spyderwebb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
    •  
  • Local time:04:52 PM

Posted 04 September 2010 - 08:41 AM

The systemlook program finished without any problems. Below you'll find the report of the results.

SystemLook 04.09.10 by jpshortstuff
Log created at 09:06 on 04/09/2010 by BRIAN WEBB
Administrator - Elevation successful

========== filefind ==========

Searching for "C:\windows\system32\drivers\OLD*.tmp"
No files found.

-= EOF =-

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 04 September 2010 - 12:55 PM

Hello

I think there was a mistake in my script please try this

]
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
CODE
:filefind
OLD*.tmp
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·