Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware.Packer found different dates different AV


  • Please log in to reply
10 replies to this topic

#1 flipper1515

flipper1515

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 27 November 2011 - 03:49 AM

In July I had couple other viruses found but were eliminated with no reoccurance. About 2 months later Malwarebytes found Malware.Packer on system. Did a search and discovered it was a common false positive. Disregarded finding and it didn't occur again. Over the last couple of weeks system has been having major issues from excessive hard drive usage, slow browser, constantly freezing, and high network usage when nothing is being done on internet. Tried to disable WiFi to stop network access and froze each time until I turned off radio via external switch. Tried numerous defrag runs and eliminated page file as it was seriously fragmented and not needed. Then modified startup programs and rebooted in Safe mode. Now System Protector finding Malware.Packer in registry. Both SuperAntiSpyware, Malewarebytes, and Norton are all negative. Looking for help to make sure system is now completely clean.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Flipper1515 at 2:32:40 on 2011-11-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.1101 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\program files\advanced system optimizer 3\memoryoptimizer.exe
C:\Documents and Settings\Flipper1515\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Flipper1515\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Flipper1515\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Flipper1515\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Flipper1515\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Flipper1515\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uStart Page = about:blank
uDefault_Page_URL = hxxp://lenovo.live.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - Updater For XFIN_PORTAL
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\documents and settings\flipper1515\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Advanced System Optimizer - Memory Optimizer] "c:\program files\advanced system optimizer 3\memoryoptimizer.exe" -startup
mRun: [TpShocks] TpShocks.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SystemProtector] "c:\program files\advanced system optimizer 3\SystemProtector.exe" /autorun
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: medfinders.com\ec
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229870305921
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_8.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{61D1212F-98A0-45CC-99AF-431217C69A46} : DhcpNameServer = 192.168.2.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\15.0.874.121\npchrome_frame.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\flipper1515\application data\mozilla\firefox\profiles\wtmpa7av.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn_2011_7_2_3\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\all users\application data\white sky, inc\id vault\xpcom3\components\IdVault.XPCOM3.dll
FF - plugin: c:\documents and settings\flipper1515\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\flipper1515\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\flipper1515\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\flipper1515\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\flipper1515\application data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-3-21 25968]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-11-13 14776]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-7-14 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-7-14 744568]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111027.001\BHDrvx86.sys [2011-11-1 818808]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-3-21 13680]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-6-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-7-14 136312]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-1 116608]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [2011-1-16 239928]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-3-21 292200]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2011-11-18 63048]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-3-21 41320]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-12 366152]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-7-14 130008]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-3-21 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-5-16 143360]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-3-21 99328]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-2-19 64440]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-12-5 520192]
R3 ADASPROT;SYSTWEAKASO;c:\program files\advanced system optimizer 3\adasprot32.sys [2011-1-16 6656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-25 106104]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2008-3-18 20480]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20111124.030\IDSXpx86.sys [2011-11-24 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-12 22216]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20111125.019\NAVENG.SYS [2011-11-25 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20111125.019\NAVEX15.SYS [2011-11-25 1576312]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-3-21 6609920]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S1 MpKsl0542ea04;MpKsl0542ea04; [x]
S1 MpKsl0aeab2fe;MpKsl0aeab2fe; [x]
S1 MpKsl34df18e7;MpKsl34df18e7; [x]
S1 MpKsl52334834;MpKsl52334834; [x]
S1 MpKsl7379c712;MpKsl7379c712; [x]
S1 MpKsl7c487d03;MpKsl7c487d03; [x]
S1 MpKsl8c127b81;MpKsl8c127b81; [x]
S1 MpKsl8f83aee9;MpKsl8f83aee9; [x]
S1 MpKsla91e6c71;MpKsla91e6c71; [x]
S1 MpKslb11cc9e2;MpKslb11cc9e2; [x]
S1 MpKsledc3be3b;MpKsledc3be3b; [x]
S1 MpKslf7c87dde;MpKslf7c87dde; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-3-21 45496]
S3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2008-12-4 72448]
S3 DigimHID;DigimHID;c:\windows\system32\drivers\DigimHID.SYS [2010-3-28 5248]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-4-30 14336]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys --> c:\windows\system32\drivers\pppop.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 12872]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-12-20 1245064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-27 04:43:45 28752 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ecc76cc-f186-475f-8e77-f2142f539b33}\MpKsl48f3a279.sys
2011-11-27 04:42:09 28752 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5ecc76cc-f186-475f-8e77-f2142f539b33}\MpKsl38ba3253.sys
2011-11-14 00:11:38 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-11-14 00:11:37 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-11-14 00:11:37 -------- dc----w- c:\documents and settings\flipper1515\application data\IObit
2011-11-14 00:11:14 -------- dc----w- c:\program files\IObit
2011-11-05 16:55:35 -------- dc----w- c:\documents and settings\flipper1515\application data\Southwest Airlines
.
==================== Find3M ====================
.
2011-11-27 02:53:38 2604 ----a-w- c:\windows\system32\ASOROSet.bin
2011-10-30 23:34:25 60 -c--a-w- c:\windows\wpd99.drv
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-02 15:23:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 2:34:21.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,673 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 AM

Posted 01 December 2011 - 06:06 PM

hi,

Your post is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#3 flipper1515

flipper1515
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 01 December 2011 - 09:54 PM

Hi,

Yes I would still like help in verifying that all malware was completely removed.

Thanks.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,673 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 AM

Posted 02 December 2011 - 07:05 PM

Now System Protector finding Malware.Packer in registry

Sounds like a scareware product, Did you download/install System Protector yourself?

How Can I Reduce My Risk to Malware?


#5 flipper1515

flipper1515
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 02 December 2011 - 10:33 PM

Yes I installed System Protector myself. It is the antivirus component of Advanced System Optimizer 3 software package by Systweak.

The registry key that it showed having the Malware.Packer was the Startup.ini and it appeared right after I modified the startup programs.

#6 shelf life

shelf life

  • Malware Response Team
  • 2,673 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 AM

Posted 03 December 2011 - 09:06 AM

Sounds like a false positive since you had just modified startup programs. You also have Malwarebytes and Superantispyware. That System Optimizer may be ok but I dont put a whole lot of faith in software that claims to do a dozen or so different things.
We can get a closer look for malware with Combofix. There is a guide to read first, read through the guide then apply the directions on your own machine. Post the log:

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#7 flipper1515

flipper1515
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 03 December 2011 - 07:47 PM

Ran ComboFix. Here's the log.


ComboFix 11-12-03.01 - Flipper1515 12/03/2011 18:41:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.1813 [GMT -5:00]
Running from: c:\documents and settings\Flipper1515\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Flipper1515\g2mdlhlpx.exe
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\windows\EventSystem.log
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\ijl11.dll
c:\windows\system32\usmt\migwiz_a.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-12-04 00:36 . 2011-12-04 00:36 28752 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5ECC76CC-F186-475F-8E77-F2142F539B33}\MpKsl238897b7.sys
2011-12-04 00:35 . 2011-12-04 00:35 56200 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5ECC76CC-F186-475F-8E77-F2142F539B33}\offreg.dll
2011-12-03 01:42 . 2011-12-03 01:42 -------- dc----w- C:\N360_BACKUP
2011-12-02 00:38 . 2011-03-22 00:39 331384 ----a-w- c:\windows\system32\drivers\N360\0501000.01D\symtdiv.sys
2011-12-02 00:38 . 2011-03-22 00:39 369784 ----a-w- c:\windows\system32\drivers\N360\0501000.01D\symtdi.sys
2011-12-02 00:38 . 2011-03-22 00:39 296568 ----a-w- c:\windows\system32\drivers\N360\0501000.01D\symnets.sys
2011-12-02 00:38 . 2011-03-15 02:31 744568 ----a-w- c:\windows\system32\drivers\N360\0501000.01D\symefa.sys
2011-12-02 00:38 . 2011-03-31 03:00 50168 ----a-w- c:\windows\system32\drivers\N360\0501000.01D\srtspx.sys
2011-12-02 00:38 . 2011-01-27 06:47 340088 ----a-w- c:\windows\system32\drivers\N360\0501000.01D\symds.sys
2011-12-02 00:38 . 2011-03-31 03:00 516216 ----a-w- c:\windows\system32\drivers\N360\0501000.01D\srtsp.sys
2011-12-02 00:38 . 2010-11-16 01:45 136312 ----a-r- c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys
2011-12-02 00:20 . 2011-12-02 00:39 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-02 00:20 . 2011-12-02 00:39 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-02 00:20 . 2011-12-02 00:39 -------- dc----w- c:\program files\Symantec
2011-12-02 00:18 . 2011-12-02 00:18 -------- dc----w- c:\program files\Norton Security Suite
2011-12-02 00:17 . 2011-12-02 00:17 -------- dc----w- c:\program files\NortonInstaller
2011-12-01 22:00 . 2011-12-01 22:00 -------- dc----w- c:\documents and settings\Flipper1515\Application Data\Tific
2011-12-01 22:00 . 2011-12-01 22:00 -------- dc----w- c:\documents and settings\Flipper1515\Local Settings\Application Data\Symantec
2011-11-27 04:43 . 2011-11-27 04:43 28752 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5ECC76CC-F186-475F-8E77-F2142F539B33}\MpKsl48f3a279.sys
2011-11-27 04:42 . 2011-11-27 04:42 28752 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5ECC76CC-F186-475F-8E77-F2142F539B33}\MpKsl38ba3253.sys
2011-11-19 17:21 . 2011-11-19 17:21 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\ID Vault
2011-11-19 17:21 . 2011-11-19 17:21 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ID Vault
2011-11-14 00:11 . 2011-08-19 21:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-11-14 00:11 . 2011-11-14 00:11 -------- dc----w- c:\documents and settings\Flipper1515\Application Data\IObit
2011-11-14 00:11 . 2010-11-26 23:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-11-14 00:11 . 2011-11-14 00:11 -------- dc----w- c:\program files\IObit
2011-11-05 16:55 . 2011-11-05 16:55 -------- dc----w- c:\documents and settings\Flipper1515\Application Data\Southwest Airlines
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2006-04-30 07:10 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2011-10-27 20:13 6668624 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5ECC76CC-F186-475F-8E77-F2142F539B33}\mpengine.dll
2011-10-07 03:48 . 2011-09-20 14:21 6668624 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-02 15:23 . 2011-05-18 20:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-04-30 06:55 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-04-30 06:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2006-04-30 06:55 1858944 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-11 4617600]
"Advanced System Optimizer - Memory Optimizer"="c:\program files\advanced system optimizer 3\memoryoptimizer.exe" [2010-10-05 157496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-07-02 337256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-07 162328]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-08-20 172032]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-02 43960]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-02-18 1044480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SystemProtector"="c:\program files\Advanced System Optimizer 3\SystemProtector.exe" [2010-10-05 10000184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-07 14:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 23:41 100104 -c--a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe\0sasnative32
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Constant Guard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
backup=c:\windows\pss\Constant Guard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Flipper1515^Start Menu^Programs^Startup^DING!.lnk]
backup=c:\windows\pss\DING!.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Flipper1515^Start Menu^Programs^Startup^jConnect 4.4.lnk]
path=c:\documents and settings\Flipper1515\Start Menu\Programs\Startup\jConnect 4.4.lnk
backup=c:\windows\pss\jConnect 4.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2009-09-04 00:06 436800 -c--a-w- c:\progra~1\THINKV~1\AMSG\Amsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22 59240 -c--a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2011-04-19 05:39 208896 -c----w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher]
2008-01-04 23:29 16384 -c----w- c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-08-19 17:25 1589208 -c--a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-11-30 02:36 2872632 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-19 00:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
2009-12-01 12:39 256576 -c----w- c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-12-07 01:03 141848 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN]
2010-07-28 21:33 1485208 -c--a-w- c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2 4.4]
2008-10-07 21:53 95744 -c--a-w- c:\program files\j2 Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2009-07-23 13:11 124248 -c----w- c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2009-07-23 13:11 185688 -c----w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2008-09-14 22:38 648488 ------w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-07 01:03 137752 ------w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
2011-04-19 05:39 759144 -c----w- c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 03:38 421888 -c----w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2010-03-26 14:08 62312 -c----w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
2007-01-10 02:28 868352 -c--a-w- c:\program files\ThinkPad\Utilities\TpKmapAp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2007-11-06 19:27 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Flipper1515\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [3/21/2011 6:40 PM 25968]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [11/13/2011 7:11 PM 14776]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/21/2010 4:24 PM 691696]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [12/1/2011 7:38 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [12/1/2011 7:38 PM 744568]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [6/16/2010 6:44 PM 20592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111123.001\BHDrvx86.sys [11/23/2011 11:08 PM 819320]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [3/21/2011 5:44 PM 13680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [6/23/2009 11:01 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [12/1/2011 7:38 PM 136312]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 6:47 PM 12560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/2/2011 5:06 PM 106104]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [3/18/2008 3:23 PM 20480]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111202.001\IDSXpx86.sys [12/3/2011 12:08 PM 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/12/2011 6:02 PM 22216]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [3/21/2011 6:04 PM 6609920]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 5:59 PM 30336]
S1 MpKsl0542ea04;MpKsl0542ea04; [x]
S1 MpKsl0aeab2fe;MpKsl0aeab2fe; [x]
S1 MpKsl34df18e7;MpKsl34df18e7; [x]
S1 MpKsl52334834;MpKsl52334834; [x]
S1 MpKsl7379c712;MpKsl7379c712; [x]
S1 MpKsl7c487d03;MpKsl7c487d03; [x]
S1 MpKsl8c127b81;MpKsl8c127b81; [x]
S1 MpKsl8f83aee9;MpKsl8f83aee9; [x]
S1 MpKsla91e6c71;MpKsla91e6c71; [x]
S1 MpKslb11cc9e2;MpKslb11cc9e2; [x]
S1 MpKsledc3be3b;MpKsledc3be3b; [x]
S1 MpKslf7c87dde;MpKslf7c87dde; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [12/4/2008 8:46 PM 72448]
S3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [1/16/2011 5:13 PM 6656]
S3 DigimHID;DigimHID;c:\windows\system32\drivers\DigimHID.SYS [3/28/2010 2:24 PM 5248]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 10:08 AM 174336]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop.sys --> c:\windows\system32\DRIVERS\pppop.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 12872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2011-12-03 c:\windows\Tasks\ASO-AntiSpyware.job
- c:\program files\Advanced System Optimizer 3\systemprotector.exe [2011-01-16 23:59]
.
2011-11-20 c:\windows\Tasks\ASO-Driver Updater.job
- c:\program files\Advanced System Optimizer 3\DriverUpdater.exe [2011-01-16 23:59]
.
2011-11-29 c:\windows\Tasks\ASO-PrivacyProtector.job
- c:\program files\Advanced System Optimizer 3\PrivacyProtector.exe [2011-01-16 23:59]
.
2011-12-01 c:\windows\Tasks\ASO-RegistryCleaner.job
- c:\program files\Advanced System Optimizer 3\RegClean.exe [2011-01-16 23:59]
.
2011-12-03 c:\windows\Tasks\ASO-RegistryOptimizer.job
- c:\program files\Advanced System Optimizer 3\RegistryOptimizer.exe [2011-01-16 23:59]
.
2011-11-30 c:\windows\Tasks\ASO-SystemCleaner.job
- c:\program files\Advanced System Optimizer 3\SystemCleaner.exe [2011-01-16 23:59]
.
2011-09-20 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2011-12-03 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2011-11-27 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2011-11-27 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 00:19]
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 00:19]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3329047255-3826718644-1960584976-1008Core.job
- c:\documents and settings\Flipper1515\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-04 00:46]
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3329047255-3826718644-1960584976-1008UA.job
- c:\documents and settings\Flipper1515\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-04 00:46]
.
2011-12-03 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-12-05 05:39]
.
2011-12-04 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-10-17 13:29]
.
2011-12-03 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-11-14 15:35]
.
2011-12-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3e0ccac1-2b18-42e0-9ac8-efb0c6ac8f8f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-05 20:43]
.
2011-12-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8911af7f-672c-47d8-851e-18b337e1d7ab.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-05 20:43]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: medfinders.com\ec
TCP: DhcpNameServer = 192.168.2.1
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_8.CAB
FF - ProfilePath - c:\documents and settings\Flipper1515\Application Data\Mozilla\Firefox\Profiles\wtmpa7av.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_2_3
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Flipper1515\Application Data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ISUSPM - c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe
MSConfigStartUp-MyScript InkRetriever - C:/Program Files/Vision Objects/MyScript Studio/MyScript_GenericInkRetriever.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-03 19:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Flipper1515\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Flipper1515\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Flipper1515\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Flipper1515\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
- - - - - - - > 'lsass.exe'(1004)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(4400)
c:\windows\system32\WININET.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\SUPERAntiSpyware\SASCORE.EXE
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\ThinkPad\Utilities\DOZESVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Lenovo\Communications Utility\CAMMUTE.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe
c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\TpShocks.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-03 19:43:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-04 00:43
.
Pre-Run: 8,627,126,272 bytes free
Post-Run: 9,269,989,376 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A547316A24D7E267FDF8CC609B8554FC

Attached Files

  • Attached File  log.txt   30.31KB   0 downloads


#8 flipper1515

flipper1515
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 03 December 2011 - 09:26 PM

I just restarted my system after posting the ComboFix log and the following came up:

Advanced System Protector by Systweak started scanning as normal and found:
13 infections within a few minutes in the registry.
RogueProgram WinAntiVirus-Pro 6 infections
RogueProgram MS-Antispyware 3 infections
Malware.Goldun 1 infection
Malware (general components). 3 infections

None of these have been found with SuperAntiSpyware or Malwarebytes ever. In regular and safe mode. I also havent had any of the typical symptoms of WinAntivirusPro.

None of the programs saw these before running ComboFix.

#9 flipper1515

flipper1515
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 03 December 2011 - 09:27 PM

I have been seeing a lot of CPU usage by svchost and winlogon recently though.

#10 flipper1515

flipper1515
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 03 December 2011 - 11:52 PM

Looking at the results from the Advanced System Protector scan I wonder if any of what it says is accurate. I have listed below the Malware it found and the corresponding entries it says are suspicious. The file ID'd as a keylogger is the log file created by ComboFix. Also I did a search for some of the files these Malware install and none were found, plus Malwarebytes, Norton, and SuperAntiSpyware are all negative.

RogueProgram.WinAntiVirus-Pro-2006
hkey_classes_root\*\shellex\contextmenuhandlers\shellextension
hkey_classes_root\directory\shellex\contextmenuhandlers\shellextension
hkey_classes_root\drive\shellex\contextmenuhandlers\shellextension
hkey_local_machine\software\classes\*\shellex\contextmenuhandlers\shellextension
hkey_local_machine\software\classes\directory\shellex\contextmenuhandlers\shellextension
hkey_local_machine\software\classes\drive\shellex\contextmenuhandlers\shellextension

RogueProgram.MS-Antispyware-2009
hkey_current_user\software\microsoft\windows\currentversion\drivers
hkey_current_user\software\microsoft\windows\currentversion\drivers\video
hkey_current_user\software\microsoft\windows\currentversion\drivers\video\options

Malware.goldun
hkey_local_machine\software\microsoft\windows nt\currentversion\windows\requiresignedappinit_dlls

Malware (General Components)
hkey_current_user\software\microsoft\security center\antivirusdisablenotify
hkey_current_user\software\microsoft\security center\updatesdisablenotify
hkey_current_user\software\wget

keylogger.personal.keylogger.1
c:\documents and settings\flipper1515\recent\log.txt.lnk
c:\documents and settings\flipper1515\desktop\log.txt

#11 shelf life

shelf life

  • Malware Response Team
  • 2,673 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:24 AM

Posted 04 December 2011 - 10:19 AM

hi,

Really i think you should deactivate or disable the Advanced System Protector component thats running. Looks like its just full of false positives as you found out, You have Malwarebytes and superantispyware which are well known and widely used.
I dont mean to bash your software but I can tell you that the memory optimizers and registry cleaners are useless and not recommended.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users