There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
adware audio bios blue screen boot bsod computer crash dell desktop driver error excel firefox freeze freezing google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem reboot recovery router screen server slow sound speakers spyware startup trojan usb video virus vista webcam windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Packed.rolex virus

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 2 of 6 1 2 345 Last »
 
Thread Tools
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
23-Jun-2009, 01:05 PM #16
I started the Kaspersky online scan at 7:30 this morning and it's 12 now, it is just sitting there and has been for quite awhile. It scaned 50132 files...., threat names, infected objects and suspicious objects are all listed at 0, but the scan never finished and not responding.....what shall I do from here??

Rosemary
Register for free to hide this ad!
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
24-Jun-2009, 06:55 AM #17
I also tried Housecall last yesterday and into the night and it doesn't run all the way through either. Could it be because it's Vista or has this virus done some major damage?
Cookiegal's Avatar
Administrator with 63,382 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
24-Jun-2009, 02:03 PM #18
Let's go back to MalwareBytes. Please locate the mbam.exe file in the C:\Program Files\Malwarebytes' Anti-Malware folder. Then right-click on the mbam.exe file and select "rename" and rename it to "puppy.exe". Then double click the puppy.ext file and see if you can get it to complete its scan.

If that doesn't work, try running the scan in safe mode.
__________________
Microsoft MVP - Consumer Security
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
24-Jun-2009, 07:58 PM #19
Malwarebytes ran all the way through in safe mode, wouldn't run all the way through in normal mode. Came up clean. I've attached the log. I still couldn't get any of the virus programs to run, but did get bitdefender to run part way through. It became unresponsive at around 50000 files scanned which is no where near complete, but did show up with an infected file in C:\Users\JasonNordeman\Shared\Disfiguring\The Goddess-Flower Of Flesh and Blood.mp.3. Says it is infected with Trojan.Wimad.Gen.1.I'll await your instructions......

Rosemary
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
25-Jun-2009, 04:38 PM #20
While waiting I tried to have avg run a scan all the way through, but it didn't scan everything, becomes unresponsive. So I started checking different parts of the computer with the avg. It found a virus in C:\Users\JasonNordeman\AppData\Local\Temp\twbcyspdwb.tmp. Can you tell me how to remove the last trojan found in the last post and this virus I just listed?

Thanks...
Rosemary
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
25-Jun-2009, 04:39 PM #21
Sorry...I forgot to tell you the Virus identified is Win32/Cryptor.
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
25-Jun-2009, 07:55 PM #22
Was just running many infected items are coming up all under these two places:

C:\Windows\System32\Skynet\Teprjvnet.dll which is showing up as infected with Packed.rolex
and
C:|Windows\System32\drivers\Skynet\Truscjspe.sys which is showing up as infected with Win32/Cryptor.

Rosemary
Cookiegal's Avatar
Administrator with 63,382 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
25-Jun-2009, 08:06 PM #23
Delete this MP3:

C:\Users\JasonNordeman\Shared\Disfiguring\The Goddess-Flower Of Flesh and Blood.mp.3

Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
    • If you use Firefox:
      • Click Firefox at the top and choose: Select All
      • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera:
      • Click Opera at the top and choose: Select All
      • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.


Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
__________________
Microsoft MVP - Consumer Security
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
26-Jun-2009, 07:01 AM #24
Ok I've attached the combofixlog and a new hijackthis log.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
26-Jun-2009, 03:38 PM #25
Here's the combolog:

ComboFix 09-06-25.01 - Jason Nordeman 06/25/2009 22:27.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1051 [GMT -4:00]
Running from: c:\users\Jason Nordeman\Desktop\Combo-Fix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETruscjspe.sys
c:\windows\system32\SKYNETeprjvnet.dll
c:\windows\system32\SKYNETiyvippqi.dat
c:\windows\system32\SKYNETlwpcaicm.dat
c:\windows\system32\SKYNETsqbnvvqg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETpctfsxno


((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-26 02:37 . 2009-06-26 02:38 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\temp
2009-06-25 12:48 . 2009-06-25 11:41 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-25 12:40 . 2009-06-25 23:31 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-25 11:43 . 2009-06-14 20:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-06-25 11:41 . 2009-06-25 11:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 11:41 . 2009-06-25 11:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-25 11:41 . 2009-06-25 11:41 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 11:41 . 2009-06-25 11:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 11:41 . 2009-06-25 11:43 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-25 11:41 . 2009-06-25 11:43 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-24 21:44 . 2009-06-24 21:52 -------- d-----w- c:\windows\BDOSCAN8
2009-06-24 20:38 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 20:38 . 2009-06-24 20:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-24 20:38 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-22 10:46 . 2009-06-22 10:46 93 ----a-w- c:\windows\system32\SKYNET.dat
2009-06-21 23:20 . 2009-06-22 22:45 117760 ----a-w- c:\users\Jason Nordeman\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREP AIR.DLL
2009-06-21 18:01 . 2009-06-21 18:01 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\Malwarebytes
2009-06-21 18:00 . 2009-06-21 18:00 -------- d-----w- c:\programdata\Malwarebytes
2009-06-13 16:39 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 16:39 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 20:34 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 20:34 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-09 22:31 . 2009-06-09 22:31 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2009-05-30 18:11 . 2009-05-30 18:27 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\W Photo Studio
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\programdata\Walgreens
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\Walgreens
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\program files\Common Files\HP
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\program files\Walgreens
2009-05-30 18:00 . 2009-05-30 18:27 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\W Photo Studio Viewer
2009-05-27 19:50 . 2009-05-27 20:05 -------- d-----w- c:\program files\Coupons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 23:18 . 2007-05-09 13:46 -------- d-----w- c:\program files\Corel
2009-06-25 23:17 . 2007-05-09 13:54 -------- d-----w- c:\program files\Google
2009-06-25 23:00 . 2009-03-16 18:29 -------- d-----w- c:\programdata\avg8
2009-06-24 20:37 . 2009-04-10 00:28 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-22 10:47 . 2007-05-14 22:59 13448 ----a-w- c:\users\Jason Nordeman\AppData\Roaming\nvModes.dat
2009-06-21 17:49 . 2007-06-26 12:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-19 16:03 . 2007-06-05 16:37 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\LimeWire
2009-06-15 13:46 . 2009-04-19 20:39 -------- d-----w- c:\program files\Dl_cats
2009-06-10 13:36 . 2009-04-20 05:29 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\DellFaxCtr
2009-05-16 16:06 . 2009-05-16 16:06 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-14 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-03 23:00 . 2007-06-05 16:37 -------- d-----w- c:\program files\LimeWire
2009-05-01 21:29 . 2007-05-15 00:03 -------- d-----w- c:\programdata\AOL
2009-04-24 16:05 . 2009-06-12 20:33 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-12 20:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-12 20:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-12 20:33 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2007-05-09 21:21 . 2007-05-09 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 20:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SCClient.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SCClient.exe.lnk
backup=c:\windows\pss\SCClient.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2996572545-135866921-4033492168-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30D18C48-2E87-4AB5-B5F5-5C5C90D409BE}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{33ECB0B3-0BA8-4AEF-A847-3DE8AB30765A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{752A2A26-7848-4B6F-95F5-99C961DD44D0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{44AC46A5-5D40-4064-96EE-72C1852EB6F8}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{40AA8754-CC61-4C37-92CC-18E467D9FF9E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CAEDFBF3-8AC1-4501-9187-7B6C3AE33A99}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2B0C8748-C298-4593-9A2C-F711CE3BF54B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{565BCD25-E083-4F79-95BE-CA8B17076CBD}"= UDP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{C63E095A-D1A0-48BC-AB5A-453C57DB18E9}"= TCP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{1BEF7C0B-FA0A-4A4A-8C3F-4D27EA4F706D}"= UDP:c:\users\Jason Nordeman\Desktop\Office, pp, excel\Shared\LimeWire\LimeWire.exe:LimeWire
"{ED31C1C4-A6AD-4BDD-95F3-FD502A945883}"= TCP:c:\users\Jason Nordeman\Desktop\Office, pp, excel\Shared\LimeWire\LimeWire.exe:LimeWire
"{E0D5481E-022F-4EF1-8E73-ECBC0F06C920}"= UDP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{981B494F-F1CE-40FB-B17C-0AFD5C540E0E}"= TCP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C4596475-1235-497F-A66C-B4D67FCAD7A9}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AF475501-7225-430C-988D-2A6E013A29B5}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1ADC034B-24D0-4A4E-8F68-68E50C690B8A}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{D4FF6448-E444-46D6-A271-BA1D2AFEA691}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{432D73F0-7642-43D9-87DC-9F68B74F2CE0}c:\\users\\jason nordeman\\desktop\\new folder (2)\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\new folder (2)\soulseek\slsk.exe:slsk.exe
"UDP Query User{FACFF2AA-A4F9-458E-95D1-F6CD1EE9F7B5}c:\\users\\jason nordeman\\desktop\\new folder (2)\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\new folder (2)\soulseek\slsk.exe:slsk.exe
"TCP Query User{322DAA30-8DA3-4C37-9C85-B5CEF9F40FE8}c:\\users\\jason nordeman\\desktop\\new folder\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\new folder\soulseek\slsk.exe:slsk.exe
"UDP Query User{9F5ED81A-1F16-4F64-AB61-F41C9897B5BD}c:\\users\\jason nordeman\\desktop\\new folder\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\new folder\soulseek\slsk.exe:slsk.exe
"TCP Query User{1751EDD1-3958-4FD3-95BD-A6B80B23B128}c:\\users\\jason nordeman\\desktop\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\soulseek\slsk.exe:slsk.exe
"UDP Query User{6A3D6779-DA09-4D53-8FC9-D81790679962}c:\\users\\jason nordeman\\desktop\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\soulseek\slsk.exe:slsk.exe
"{5612308F-E23E-41A3-8E8F-66EE85702116}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6C62D755-6B0D-433F-BEE3-477E65302824}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{93EA2948-2AC6-4714-B668-CD8E389D7EB7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7FE49F12-FD2C-44D3-B448-A0332C9DCC27}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A31D874D-C774-4C50-9B37-EFEACEDB7126}"= UDP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{53CACE5E-F6F6-43A2-9F4A-8DCE351D4777}"= TCP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{EBADB57F-E90E-40F5-84BD-6C96A9614010}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exeevice Monitor
"{F598B523-83A8-4254-896D-63C7555B199C}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exeevice Monitor
"{4D21C11A-78EA-451E-9EE6-F0972D57AB40}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{EB5045ED-A6F7-4C5F-BC2E-141F40265387}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{04133352-B104-419F-9DAC-EA90F86045E1}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{163E3D9F-747E-4609-862C-86EE434602CF}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/25/2009 7:41 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/25/2009 7:41 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 2:07 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 55024]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
R2 scManager;SafeConnect Network manager ;c:\program files\Impulse\scManager.sys servicestart --> c:\program files\Impulse\scManager.sys servicestart [?]
S3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/25/2009 7:41 AM 298776]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.wcupa.edu/exchweb/bi...ange/&reason=0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 22:38
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-26 22:42
ComboFix-quarantined-files.txt 2009-06-26 02:42

Pre-Run: 11,054,120,960 bytes free
Post-Run: 10,867,576,832 bytes free

184 --- E O F --- 2009-06-22 22:50
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
26-Jun-2009, 03:39 PM #26
And here' the new hijackthis log.....also I am getting the security warning that I'm leaving a secure website do I want to continue.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:10 AM, on 6/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jason Nordeman\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.wcupa.edu/exchweb/bi...ange/&reason=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SafeConnect Network manager (scManager) - Unknown owner - C:\Program Files\Impulse\scManager.sys servicestart (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5030 bytes
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
27-Jun-2009, 12:57 PM #27
I ran AVG, superantipsyware and malwarebytes all the way through with no viruses or trojans showing up. How do I get rid of that security warning that I'm leaving a secure website do I want to continue?

Rosemary
Cookiegal's Avatar
Administrator with 63,382 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
27-Jun-2009, 08:07 PM #28
Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
c:\windows\system32\SKYNET.dat
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


Download GMER from: http://gmer.net/index.php

Save it on your desktop and unzip it.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click Copy. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.
__________________
Microsoft MVP - Consumer Security
Cookiegal's Avatar
Administrator with 63,382 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
27-Jun-2009, 08:11 PM #29
Quote:
Originally Posted by Roe727 View Post
I ran AVG, superantipsyware and malwarebytes all the way through with no viruses or trojans showing up. How do I get rid of that security warning that I'm leaving a secure website do I want to continue?

Rosemary
Just click the box that says something to the effect of "in the future do not show this warning".
Roe727's Avatar
Senior Member with 1,013 posts.
  
Join Date: Mar 2004
28-Jun-2009, 08:28 AM #30
Ok...ran all the scans:

[B]Combofixlog:[/b]

ComboFix 09-06-26.02 - Jason Nordeman 06/27/2009 22:53.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1178 [GMT -4:00]
Running from: c:\users\Jason Nordeman\Desktop\ComboFix.exe
Command switches used :: c:\users\Jason Nordeman\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-28 02:59 . 2009-06-28 02:59 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\temp
2009-06-27 14:48 . 2009-06-27 14:48 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\data
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\quicktime
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\META-INF
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\com
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
2009-06-27 14:39 . 2009-06-27 14:39 -------- d-----w- c:\users\Jason Nordeman\AppData\Local\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
2009-06-26 02:11 . 2009-06-26 02:42 -------- d-s---w- C:\Combo-Fix
2009-06-25 12:48 . 2009-06-25 11:41 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-25 12:40 . 2009-06-27 17:00 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-25 11:43 . 2009-06-14 20:07 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-06-25 11:41 . 2009-06-25 11:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 11:41 . 2009-06-25 11:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-25 11:41 . 2009-06-25 11:41 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 11:41 . 2009-06-25 11:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 11:41 . 2009-06-25 11:43 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-25 11:41 . 2009-06-25 11:43 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-24 21:44 . 2009-06-24 21:52 -------- d-----w- c:\windows\BDOSCAN8
2009-06-22 10:46 . 2009-06-22 10:46 93 ----a-w- c:\windows\system32\SKYNET.dat
2009-06-21 18:01 . 2009-06-21 18:01 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\Malwarebytes
2009-06-21 18:00 . 2009-06-21 18:00 -------- d-----w- c:\programdata\Malwarebytes
2009-06-13 16:39 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 16:39 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 20:34 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 20:34 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-09 22:31 . 2009-06-09 22:31 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2009-05-30 18:11 . 2009-05-30 18:27 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\W Photo Studio
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\programdata\Walgreens
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\Walgreens
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\program files\Common Files\HP
2009-05-30 18:09 . 2009-05-30 18:09 -------- d-----w- c:\program files\Walgreens
2009-05-30 18:00 . 2009-05-30 18:27 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\W Photo Studio Viewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 01:12 . 2008-11-09 18:05 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\SUPERAntiSpyware.com
2009-06-28 01:12 . 2008-11-09 18:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-27 11:26 . 2009-03-16 18:29 -------- d-----w- c:\programdata\avg8
2009-06-25 23:18 . 2007-05-09 13:46 -------- d-----w- c:\program files\Corel
2009-06-25 23:17 . 2007-05-09 13:54 -------- d-----w- c:\program files\Google
2009-06-24 20:37 . 2009-04-10 00:28 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-22 10:47 . 2007-05-14 22:59 13448 ----a-w- c:\users\Jason Nordeman\AppData\Roaming\nvModes.dat
2009-06-21 17:49 . 2007-06-26 12:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-19 16:03 . 2007-06-05 16:37 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\LimeWire
2009-06-15 13:46 . 2009-04-19 20:39 -------- d-----w- c:\program files\Dl_cats
2009-06-10 13:36 . 2009-04-20 05:29 -------- d-----w- c:\users\Jason Nordeman\AppData\Roaming\DellFaxCtr
2009-05-27 20:05 . 2009-05-27 19:50 -------- d-----w- c:\program files\Coupons
2009-05-16 16:06 . 2009-05-16 16:06 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-14 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-03 23:00 . 2007-06-05 16:37 -------- d-----w- c:\program files\LimeWire
2009-05-01 21:29 . 2007-05-15 00:03 -------- d-----w- c:\programdata\AOL
2009-04-24 16:05 . 2009-06-12 20:33 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-12 20:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-12 20:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-12 20:33 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2007-05-09 21:21 . 2007-05-09 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-06-26_02.38.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-09 14:07 . 2009-06-27 11:28 45488 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-28 00:58 63858 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-05-14 22:25 . 2009-06-28 00:58 14184 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2996572545-135866921-4033492168-1000_UserData.bin
- 2009-06-26 02:26 . 2009-06-26 02:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-27 11:26 . 2009-06-28 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-27 11:26 . 2009-06-28 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-26 02:26 . 2009-06-26 02:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-05-14 22:59 . 2009-06-27 11:16 238614 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-06-28 01:03 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-26 02:34 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-26 02:34 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-28 01:03 101350 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SCClient.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SCClient.exe.lnk
backup=c:\windows\pss\SCClient.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2996572545-135866921-4033492168-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{30D18C48-2E87-4AB5-B5F5-5C5C90D409BE}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{33ECB0B3-0BA8-4AEF-A847-3DE8AB30765A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{752A2A26-7848-4B6F-95F5-99C961DD44D0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{44AC46A5-5D40-4064-96EE-72C1852EB6F8}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{40AA8754-CC61-4C37-92CC-18E467D9FF9E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CAEDFBF3-8AC1-4501-9187-7B6C3AE33A99}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2B0C8748-C298-4593-9A2C-F711CE3BF54B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{565BCD25-E083-4F79-95BE-CA8B17076CBD}"= UDP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{C63E095A-D1A0-48BC-AB5A-453C57DB18E9}"= TCP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{1BEF7C0B-FA0A-4A4A-8C3F-4D27EA4F706D}"= UDP:c:\users\Jason Nordeman\Desktop\Office, pp, excel\Shared\LimeWire\LimeWire.exe:LimeWire
"{ED31C1C4-A6AD-4BDD-95F3-FD502A945883}"= TCP:c:\users\Jason Nordeman\Desktop\Office, pp, excel\Shared\LimeWire\LimeWire.exe:LimeWire
"{E0D5481E-022F-4EF1-8E73-ECBC0F06C920}"= UDP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"{981B494F-F1CE-40FB-B17C-0AFD5C540E0E}"= TCP:c:\users\Jason Nordeman\Desktop\Shared\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C4596475-1235-497F-A66C-B4D67FCAD7A9}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AF475501-7225-430C-988D-2A6E013A29B5}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1ADC034B-24D0-4A4E-8F68-68E50C690B8A}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{D4FF6448-E444-46D6-A271-BA1D2AFEA691}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{432D73F0-7642-43D9-87DC-9F68B74F2CE0}c:\\users\\jason nordeman\\desktop\\new folder (2)\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\new folder (2)\soulseek\slsk.exe:slsk.exe
"UDP Query User{FACFF2AA-A4F9-458E-95D1-F6CD1EE9F7B5}c:\\users\\jason nordeman\\desktop\\new folder (2)\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\new folder (2)\soulseek\slsk.exe:slsk.exe
"TCP Query User{322DAA30-8DA3-4C37-9C85-B5CEF9F40FE8}c:\\users\\jason nordeman\\desktop\\new folder\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\new folder\soulseek\slsk.exe:slsk.exe
"UDP Query User{9F5ED81A-1F16-4F64-AB61-F41C9897B5BD}c:\\users\\jason nordeman\\desktop\\new folder\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\new folder\soulseek\slsk.exe:slsk.exe
"TCP Query User{1751EDD1-3958-4FD3-95BD-A6B80B23B128}c:\\users\\jason nordeman\\desktop\\soulseek\\slsk.exe"= UDP:c:\users\jason nordeman\desktop\soulseek\slsk.exe:slsk.exe
"UDP Query User{6A3D6779-DA09-4D53-8FC9-D81790679962}c:\\users\\jason nordeman\\desktop\\soulseek\\slsk.exe"= TCP:c:\users\jason nordeman\desktop\soulseek\slsk.exe:slsk.exe
"{5612308F-E23E-41A3-8E8F-66EE85702116}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6C62D755-6B0D-433F-BEE3-477E65302824}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{93EA2948-2AC6-4714-B668-CD8E389D7EB7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7FE49F12-FD2C-44D3-B448-A0332C9DCC27}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A31D874D-C774-4C50-9B37-EFEACEDB7126}"= UDP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{53CACE5E-F6F6-43A2-9F4A-8DCE351D4777}"= TCP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{EBADB57F-E90E-40F5-84BD-6C96A9614010}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exeevice Monitor
"{F598B523-83A8-4254-896D-63C7555B199C}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exeevice Monitor
"{4D21C11A-78EA-451E-9EE6-F0972D57AB40}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{EB5045ED-A6F7-4C5F-BC2E-141F40265387}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{04133352-B104-419F-9DAC-EA90F86045E1}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{163E3D9F-747E-4609-862C-86EE434602CF}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/25/2009 7:41 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/25/2009 7:41 AM 108552]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
R2 scManager;SafeConnect Network manager ;c:\program files\Impulse\scManager.sys servicestart --> c:\program files\Impulse\scManager.sys servicestart [?]
R3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/25/2009 7:41 AM 298776]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.wcupa.edu/exchweb/bi...ange/&reason=0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 22:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\JASONN~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-28 23:03
ComboFix-quarantined-files.txt 2009-06-28 03:03
ComboFix2.txt 2009-06-28 02:42
ComboFix3.txt 2009-06-28 01:27
ComboFix4.txt 2009-06-26 02:42

Pre-Run: 11,697,897,472 bytes free
Post-Run: 11,605,618,688 bytes free

192 --- E O F --- 2009-06-22 22:50

Hijackthislog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:22 PM, on 6/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jason Nordeman\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.wcupa.edu/exchweb/bi...ange/&reason=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SafeConnect Network manager (scManager) - Unknown owner - C:\Program Files\Impulse\scManager.sys servicestart (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5000 bytes


GMERlog:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-28 07:53:47
Windows 6.0.6001 Service Pack 1


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Closed Thread Bookmark and Share
Page 2 of 6 1 2 345 Last »

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 08:37 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.