Login 
 Search | |
| |
29-Oct-2009, 01:08 AM
#16 | ||||||
| Hello djtappin,
C:\WINDOWS\system32\drivers\atapi.sys Next 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
| |
29-Oct-2009, 01:56 AM
#17 | ||||||
| Hey there, Below are the reports you requested. VirSCAN.org Scanned Report : Scanned time : 2009/06/05 00:31:50 (EDT) Scanner results: 79% Scanner(s) (30/38) found malware! File Name : 1.html File Size : 4037 byte File Type : Sendmail frozen configuration - version body bgcolor= MD5 : 4a2514195555a43458b4e087d29124be SHA1 : e96f20c01c95b12a6cf9992b1e16deaac5ca025c Online report : http://virscan.org/report/e8541b64f8...aa9dfd4d2.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.0.0.32 20090604013225 2009-06-04 2.05 Virus.Win32.Killmbr.D!IK AhnLab V3 2009.06.05.00 2009.06.05 2009-06-05 0.74 Win-Trojan/Dialer.712704.B AntiVir 8.2.0.180 7.1.4.59 2009-06-04 0.55 KIT/GhostDial.1 Antiy 2.0.18 20090604.2498051 2009-06-04 0.15 Trojan/Win32.Dialer.gvg Arcavir 2009 200906041608 2009-06-04 0.39 Dialer.Bib Authentium 5.1.1 200906041652 2009-06-04 1.18 W32/Trojan2.DOJN (Exact) AVAST! 4.7.4 090604-0 2009-06-04 0.05 Win32  ialer-1314 [Trj]AVG 8.5.286 270.12.53/2155 2009-06-05 0.37 Dialer.KNV BitDefender 7.81008.3335505 7.25811 2009-06-05 0.75 Trojan.Generic.1004008 CA (VET) 9.0.0.143 31.6.6539 2009-06-05 9.17 - ClamAV 0.95.1 9421 2009-06-05 0.18 Dialer-3765 Comodo 3.9 1259 2009-06-04 0.74 ApplicUnwnt.Win32.PornTool.Agent.fi CP Secure 1.1.0.715 2009.06.03 2009-06-03 9.97 - Dr.Web 4.44.0.9170 2009.06.05 2009-06-05 4.85 BackDoor.Pigeon.12989 F-Prot 4.4.4.56 20090604 2009-06-04 1.15 W32/Trojan2.DOJN (exact) F-Secure 5.51.6100 2009.06.05.03 2009-06-05 5.79 - Fortinet 2.81-3.117 10.466 2009-06-04 0.35 Suspicious GData 19.5615/19.353 20090605 2009-06-05 4.39 Win32 ialer-1313 [Trj] [Engine:B]ViRobot 20090604 2009.06.04 2009-06-04 0.42 - Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.11 Virus.Win32.Killmbr.D JiangMin 11.0.706 2009.06.03 2009-06-03 2.07 Trojan/Dialer.gnc Kaspersky 5.5.10 2009.06.05 2009-06-05 0.08 not-a-virus:Porn-Dialer.Win32.Agent.fi KingSoft 2009.2.5.15 2009.6.4.21 2009-06-04 0.51 Win32.Hack.ReSSDT.c.716800 McAfee 5.3.00 5636 2009-06-04 2.97 BackDoor-DSQ Microsoft 1.4701 2009.06.04 2009-06-04 4.29 Backdoor:Win32/Farfli.J mks_vir 2.01 2009.06.05 2009-06-05 3.35 - Norman 6.01.05 6.01.00 2009-06-02 4.01 W32/Dialer.DHRP Panda 9.05.01 2009.06.04 2009-06-04 1.86 - Trend Micro 8.700-1004 6.170.08 2009-06-04 0.06 TROJ_DIAL.RHB Quick Heal 10.00 2009.06.05 2009-06-05 1.37 - Rising 20.0 21.32.34.00 2009-06-04 0.99 Backdoor.Win32.Drwolf.axh Sophos 2.87.1 4.42 2009-06-05 2.44 Mal/Whybo-A Sunbelt 5170 5170 2009-06-04 0.94 Porn-Dialer.Win32.Agent.fi Symantec 1.3.0.24 20090604.002 2009-06-04 0.06 - nProtect 20090604.01 4070376 2009-06-04 5.23 Trojan/W32.Dialer.712704 The Hacker 6.3.4.3 v00340 2009-06-04 0.63 Trojan/Dialer.Agent.fi VBA32 3.12.10.6 20090604.1412 2009-06-04 1.96 Porn-Dialer.Win32.Agent.fi VirusBuster 4.5.11.10 10.107.2/1575686 2009-06-04 1.90 Dialer.Agent.IFEU VirSCAN.org Scanned Report : Scanned time : 2009/10/29 00:08:25 (EDT) Scanner results: 32% Scanner(s) (12/37) found malware! File Name : atapi.sys File Size : 96512 byte File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit MD5 : 554deb762f86770ef2fd7d80b4f68c0f SHA1 : be1fc0067855135de2a131bcdd2a258d7a213d7d Online report : http://virscan.org/report/9034b84f4b...2f335951f.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20091029023454 2009-10-29 4.37 Rootkit.Win32.TDSS!IK AhnLab V3 2009.10.29.00 2009.10.29 2009-10-29 1.00 Win-Trojan/Patched.X AntiVir 8.2.1.50 7.1.6.162 2009-10-28 0.08 - Antiy 2.0.18 20091028.3102810 2009-10-28 0.12 - Arcavir 2009 200910281552 2009-10-28 0.05 - Authentium 5.1.1 200910281538 2009-10-28 1.26 - AVAST! 4.7.4 091028-0 2009-10-28 0.01 Win32:Patched-LF [Trj] AVG 8.5.288 270.14.37/2466 2009-10-29 0.32 Rootkit-Pakes.U BitDefender 7.81008.4468145 7.28630 2009-10-29 3.89 - CA (VET) 35.1.0 7087 2009-10-27 4.82 - ClamAV 0.95.2 9958 2009-10-29 0.02 - Comodo 3.12 2764 2009-10-29 0.92 - CP Secure 1.3.0.5 2009.10.29 2009-10-29 0.07 - Dr.Web 4.44.0.9170 2009.10.28 2009-10-28 6.11 BackDoor.Tdss.565 F-Prot 4.4.4.56 20091028 2009-10-28 1.18 - F-Secure 7.02.73807 2009.10.28.20 2009-10-28 0.10 Rootkit.Win32.TDSS.u [AVP] Fortinet 2.81-3.120 10.997 2009-10-28 0.22 - GData 19.8625/19.526 20091029 2009-10-29 7.06 Rootkit.Win32.TDSS.u [Engine:A] ViRobot 20091028 2009.10.28 2009-10-28 0.96 - Ikarus T3.1.01.72 2009.10.29.74310 2009-10-29 4.25 Rootkit.Win32.TDSS JiangMin 11.0.800 2009.10.26 2009-10-26 5.75 Rootkit.TDSS.ctt Kaspersky 5.5.10 2009.10.29 2009-10-29 0.07 Rootkit.Win32.TDSS.u KingSoft 2009.2.5.15 2009.10.28.21 2009-10-28 0.67 - McAfee 5.3.00 5785 2009-10-28 3.38 - Microsoft 1.5202 2009.10.28 2009-10-28 6.51 Virus:Win32/Alureon.A Norman 6.01.09 6.01.00 2009-10-28 4.01 - Panda 9.05.01 2009.10.28 2009-10-28 2.01 - Trend Micro 8.700-1004 6.584.01 2009-10-28 0.03 - Quick Heal 10.00 2009.10.29 2009-10-29 1.22 - Rising 20.0 21.53.30.00 2009-10-29 0.82 - Sophos 3.00.1 4.46 2009-10-29 2.77 - Sunbelt 5472 5472 2009-10-27 1.68 - Symantec 1.3.0.24 20091028.006 2009-10-28 0.25 - nProtect 20091028.01 6034135 2009-10-28 9.19 Trojan/W32.Rootkit.96512 The Hacker 6.5.0.2 v00056 2009-10-28 1.01 - VBA32 3.12.10.11 20091027.1255 2009-10-27 1.93 - VirusBuster 4.5.11.10 10.112.82/2011851 2009-10-28 2.51 - ComboFix 09-10-28.01 - Administrator 10/29/2009 0:34.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.764 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5975bd5c-48db7cf3.zip" "c:\program files\Adobe\Flash\install.js" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5975bd5c-48db7cf3.zip c:\program files\Adobe\Flash\install.js . ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 ))))))))))))))))))))))))))))))) . 2009-10-29 04:28 . 2009-10-29 04:29 -------- d-----w- C:\Combo-Fix 2009-10-28 02:07 . 2009-10-28 02:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-10-26 14:50 . 2009-10-26 14:50 4011 ----a-w- c:\windows\unins000.dat 2009-10-26 14:50 . 2009-10-26 14:49 667914 ----a-w- c:\windows\unins000.exe 2009-10-23 00:35 . 2009-10-23 00:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Flock 2009-10-23 00:35 . 2009-10-23 00:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Flock 2009-10-23 00:35 . 2009-10-28 22:34 -------- d-----w- c:\program files\Flock 2009-10-21 18:14 . 2009-10-21 18:14 -------- d-----w- c:\program files\Apple Software Update 2009-10-20 23:57 . 2009-10-21 00:10 -------- d-----w- c:\program files\Registry Easy 2009-10-20 19:25 . 2009-10-20 19:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Auslogics 2009-10-20 19:25 . 2009-10-20 19:25 -------- d-----w- c:\program files\Auslogics 2009-10-12 22:10 . 2009-10-29 04:03 -------- d-----w- c:\program files\The Logo Creator v5 2009-10-12 20:53 . 2009-10-12 20:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-12 20:53 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-12 20:53 . 2009-10-28 03:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-12 20:53 . 2009-10-12 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-12 20:53 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-12 06:07 . 2009-10-12 06:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar 2009-10-12 06:06 . 2009-10-28 16:12 -------- d-----w- C:\$AVG8.VAULT$ 2009-10-12 06:04 . 2009-10-12 06:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-12 06:04 . 2009-10-12 06:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-10-12 06:04 . 2009-10-12 06:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-12 06:04 . 2009-10-12 06:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-10-12 06:03 . 2009-10-28 13:58 -------- d-----w- c:\windows\system32\drivers\Avg 2009-10-12 06:03 . 2009-10-12 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-10-12 06:03 . 2009-10-12 06:03 -------- d-----w- c:\program files\AVG 2009-10-12 06:03 . 2009-10-12 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-10-12 05:57 . 2009-10-12 05:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8 2009-10-12 03:45 . 2009-10-12 03:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software 2009-10-11 19:53 . 2009-10-11 19:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Screaming Bee 2009-10-11 19:51 . 2009-10-11 19:51 -------- d-----w- c:\program files\Screaming Bee 2009-10-11 02:27 . 2009-10-11 04:31 -------- d-----w- c:\program files\IEHelper.dll Removal Tool 2009-10-09 19:14 . 2009-10-12 21:34 -------- d-----w- c:\program files\pahimw 2009-10-07 22:24 . 2009-10-07 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-10-07 22:23 . 2009-10-07 22:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-29 04:33 . 2009-04-03 21:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype 2009-10-28 22:10 . 2009-01-03 19:28 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-28 22:07 . 2009-08-04 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-10-28 01:28 . 2006-11-02 21:56 -------- d-----w- c:\program files\DGAGENT 2009-10-24 06:18 . 2006-10-18 14:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2009-10-23 04:01 . 2009-06-13 22:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2009-10-22 15:39 . 2006-12-19 01:36 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-22 15:38 . 2006-12-19 01:43 69232 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-21 18:17 . 2009-02-22 19:04 -------- d-----w- c:\program files\QuickTime 2009-10-21 18:15 . 2007-09-28 01:27 -------- d-----w- c:\program files\Common Files\Apple 2009-10-20 04:36 . 2009-08-11 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-20 04:33 . 2009-08-11 22:44 -------- d-----w- c:\program files\Microsoft Works 2009-10-18 00:03 . 2009-08-11 22:26 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-10-12 05:52 . 2007-02-05 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-12 05:49 . 2007-02-05 20:23 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-12 05:49 . 2007-02-05 20:23 -------- d-----w- c:\program files\Symantec 2009-10-11 21:43 . 2009-08-05 13:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2009-09-21 19:45 . 2009-04-03 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-09-21 19:18 . 2009-09-21 19:18 -------- d-----w- c:\program files\HSHSetup Utility 2009-09-21 19:08 . 2007-09-26 13:41 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-21 16:56 . 2009-08-09 02:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM 2009-09-20 06:35 . 2009-09-20 06:11 -------- d-----w- c:\program files\DivX 2009-09-18 06:23 . 2009-09-18 06:21 -------- d-----w- c:\program files\iTunes 2009-09-18 06:23 . 2009-09-18 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-18 06:22 . 2009-09-18 06:22 -------- d-----w- c:\program files\iPod 2009-09-15 03:58 . 2006-09-18 16:52 -------- d-----w- c:\program files\Java 2009-09-15 03:52 . 2009-09-15 00:03 266 ----a-w- C:\CCAMigration.bat 2009-09-14 23:27 . 2009-09-14 23:27 -------- d-----w- c:\program files\PowerHost 2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-09 01:38 . 2009-09-09 01:38 -------- d-----w- c:\program files\Arise 2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-31 04:55 . 2006-09-18 16:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-31 04:54 . 2006-12-03 21:26 -------- d-----w- c:\program files\Yahoo! 2009-08-31 04:54 . 2006-09-18 16:59 -------- d-----w- c:\program files\Modem Helper 2009-08-31 04:53 . 2006-09-18 16:56 -------- d-----w- c:\program files\Dell 2009-08-30 23:17 . 2009-06-16 18:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Audacity 2009-08-29 07:36 . 2004-08-11 22:00 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2009-02-08 19:04 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2004-08-11 22:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-28 05:30 . 2009-08-28 05:31 724992 ----a-w- c:\windows\iun6002.exe 2009-08-27 21:11 . 2009-08-14 17:40 9264 ----a-w- c:\windows\system32\msqtvcap.dat 2009-08-26 08:00 . 2004-08-11 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-09 02:00 . 2009-08-09 02:00 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-08-06 23:24 . 2004-08-11 22:12 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-08-11 22:12 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-08-11 22:12 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2004-08-11 22:12 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2004-08-11 22:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-08-11 22:12 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2009-09-21 17:44 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 23:23 . 2009-09-21 17:44 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 23:23 . 2004-08-11 22:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 13:24 . 2009-08-05 13:23 18015723 ----a-w- C:\vlc-1.0.1-win32.exe 2009-08-05 09:01 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13 . 2004-08-11 22:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-04 03:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe 2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe . ((((((((((((((((((((((((((((( SnapShot@2009-10-28_01.30.39 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-28 22:17 . 2009-10-28 22:17 16384 c:\windows\Temp\Perflib_Perfdata_eec.dat + 2009-10-29 04:44 . 2009-10-29 04:44 16384 c:\windows\Temp\Perflib_Perfdata_e78.dat + 2009-10-29 04:42 . 2009-10-29 04:42 16384 c:\windows\Temp\Perflib_Perfdata_698.dat + 2006-10-17 19:01 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe + 2009-10-28 22:10 . 2009-10-28 22:10 149280 c:\windows\system32\javaws.exe + 2009-10-28 22:10 . 2009-10-28 22:10 145184 c:\windows\system32\javaw.exe + 2009-10-28 22:10 . 2009-10-28 22:10 145184 c:\windows\system32\java.exe - 2006-10-17 18:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll + 2006-10-17 18:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll + 2007-05-10 12:02 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll - 2007-05-10 12:02 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll + 2009-10-28 05:03 . 2009-10-28 05:03 817152 c:\windows\Installer\8f2bb.msi + 2009-10-28 22:10 . 2009-10-28 22:10 537600 c:\windows\Installer\24209f.msi - 2009-07-29 13:02 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB972260-IE7\update\update.exe + 2009-07-29 13:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260-IE7\update\update.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "EPHD User"="c:\program files\GuardianEdge Technologies\EP Hard Disk\User\LaunchEPHD.exe" [2006-08-02 73728] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152] "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-28 149280] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-18 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-12 06:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ 'autocheck autochk *' [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGAPIM on.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGBUSM on.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGFSMo n.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGRoot .sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGRule .sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DGServ ice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Documents and Settings\\Administrator\\CCA8.0\\winvnc.exe"= "g:\\Skype.exe"= R0 DGRoot;DGRoot;c:\windows\system32\drivers\DGRoot.sys [9/6/2006 10:48 PM 72960] R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafsprot.sys [4/27/2005 1:46 PM 11456] R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [5/15/2006 6:15 PM 90016] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/12/2009 2:04 AM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/12/2009 2:04 AM 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/12/2009 2:03 AM 297752] R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [8/28/2009 12:47 AM 16400] R2 EphdXlatService;EphdXlatService;c:\program files\GuardianEdge Technologies\EP Hard Disk\User\DISrv.exe [8/2/2006 4:46 PM 192512] R2 MSSQL$VPINSTANCE;SQL Server (VPINSTANCE);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/14/2005 5:51 AM 28768528] R2 PCG Protect;PCG Protect;c:\program files\GuardianEdge Technologies\EP Hard Disk\User\PCGProt.exe [8/2/2006 4:47 PM 61440] S2 DGService;Usage History Monitor;c:\program files\DGAGENT\DGService.exe [9/6/2006 10:43 PM 65536] S3 DGAPIMon;DGAPIMon;c:\windows\system32\drivers\DGAPIMon.sys [9/6/2006 10:44 PM 69248] S3 DGBusMon;DGBusMon;c:\windows\system32\drivers\DGBUSMon.sys [9/6/2006 10:44 PM 22016] S3 DGFSMon;DGFSMon;c:\windows\system32\drivers\DGFSMon.sys [9/6/2006 10:44 PM 44800] S3 DGRule;DGRule;c:\windows\system32\drivers\DGRule.sys [9/6/2006 10:43 PM 63488] S3 DGTDIMon;DGTDIMon;c:\windows\system32\drivers\DGTDIMon.sys [9/6/2006 10:44 PM 106880] S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\drivers\PTDWBus.sys [3/13/2008 11:16 PM 27392] S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\drivers\PTDWMdm.sys [3/13/2008 11:16 PM 41728] S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTDWVsp.sys [3/13/2008 11:16 PM 39808] S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\system32\drivers\PWCTLDRV.sys [3/13/2008 11:16 PM 5888] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\DRIVERS\pwi_bus.sys --> c:\windows\system32\DRIVERS\pwi_bus.sys [?] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\DRIVERS\pwi_mdfl.sys --> c:\windows\system32\DRIVERS\pwi_mdfl.sys [?] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\DRIVERS\pwi_mdm.sys --> c:\windows\system32\DRIVERS\pwi_mdm.sys [?] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\DRIVERS\pwi_oflt.sys --> c:\windows\system32\DRIVERS\pwi_oflt.sys [?] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\pwi_serd.sys --> c:\windows\system32\DRIVERS\pwi_serd.sys [?] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 1:19 PM 23064] --- Other Services/Drivers In Memory --- *Deregistered* - ephdlink *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-10-29 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07] 2009-10-29 c:\windows\Tasks\User_Feed_Synchronization-{A0D8ADA2-222F-44FA-A9F6-F1DF13D80536}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 22:36] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-29 00:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3788) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\combo-fix2902c\CF28242.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\program files\Apoint\HidFind.exe c:\program files\Apoint\Apntex.exe c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\combo-fix2902c\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-29 0:51 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-29 04:50 ComboFix2.txt 2009-10-28 01:36 Pre-Run: 6,599,766,016 bytes free Post-Run: 6,708,240,384 bytes free - - End Of File - - B956A486D6185F052FF56D7E3E093897 |
29-Oct-2009, 03:18 AM
#18 | ||||||
| Hello djtappin, Please delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix, and download a new version of Combofix. Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop ---------------------------------------------------------------------------------------------------------- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. ---------------------------------------------------------------------------------------------------------- Open notepad and copy/paste the text in the quotebox below into it: Quote:
Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt Please post that here for further review. Next Download GMER from here Unzip it to the desktop. **Caution** These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst. Open the program and click on the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’. Click on Scan. When the scan has run click Copy and paste the results (if any) into this thread. So when you return please post
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
29-Oct-2009, 08:27 PM
#21 | ||||||
|
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
29-Oct-2009, 11:40 PM
#23 | ||||||
| Hello djtappin, Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2
Next 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: Quote:
Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review. So when you return please post
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
30-Oct-2009, 01:04 AM
#25 | ||||||
| Hello djtappin, 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: Quote:
Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
30-Oct-2009, 02:16 AM
#27 | ||||||
|
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
30-Oct-2009, 06:46 PM
#29 | ||||||
|
__________________ Manners are the basis of a civilised society and make everyone's lives just a little happier. They cost nothing but they are worth so much. |
 |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 03:55 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile