TR/Crypt.CFI.Gen - possibly removed, but not sure?

View previous topic View next topic Go down

TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 11th August 2009, 12:32 am

First of all, thanks so much for this forum! I came across it after spending 12+ hours trying to remove this virus, so I appreciate all the help I can get!

I ran Avira AntiVir and it discovered the TR/Crypt.CFI.Gen virus in my Windows Temp files. It quarantined and deleted 3000+ files, and I did another full system scan just to be sure everything was gone. The 2nd scan showed no infected files. I ran Malwarebytes in addition to this, and both of these were run while the computer was in safe mode.

I took the computer out of safe mode and everything seems okay, but I hear that this one is hard to get rid of, so I wanted to make sure there is nothing I have missed. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:25 PM, on 8/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
c:\program files\avira\antivir desktop\avcenter.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lisa and Spencer\My Documents\Downloads\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: rebound Toolbar - {a740c0da-d880-40c5-bade-401f208cd221} - C:\Program Files\rebound\tbrebo.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: rebound Toolbar - {a740c0da-d880-40c5-bade-401f208cd221} - C:\Program Files\rebound\tbrebo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: rebound Toolbar - {a740c0da-d880-40c5-bade-401f208cd221} - C:\Program Files\rebound\tbrebo.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [First Principle Group] C:\Program Files\First Principle Group\fpg.exe /s
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

Rest of log in next post...

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 11th August 2009, 12:32 am

O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Save Flash - [You must be registered and logged in to see this link.] Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Save YouTube Video - [You must be registered and logged in to see this link.] Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {050A3800-6C03-48A5-A6D7-14CCF18A700D} - [You must be registered and logged in to see this link.]
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - [You must be registered and logged in to see this link.]
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - [You must be registered and logged in to see this link.]
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - [You must be registered and logged in to see this link.]
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - [You must be registered and logged in to see this link.]
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - [You must be registered and logged in to see this link.]
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 20166 bytes

Thank you!

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by Belahzur on 11th August 2009, 12:40 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 11th August 2009, 1:12 am

Here's the log:

Malwarebytes' Anti-Malware 1.40
Database version: 2588
Windows 5.1.2600 Service Pack 3

8/10/2009 9:11:08 PM
mbam-log-2009-08-10 (21-11-08).txt

Scan type: Quick Scan
Objects scanned: 122396
Time elapsed: 22 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by Belahzur on 11th August 2009, 1:15 am

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 11th August 2009, 1:58 am

GMER 1.0.15.15020 [5sk91vhe.exe] - [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-10 21:57:27
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT F7BE0086 ZwCreateKey
SSDT F7BE007C ZwCreateThread
SSDT F7BE008B ZwDeleteKey
SSDT F7BE0095 ZwDeleteValueKey
SSDT F7BE009A ZwLoadKey
SSDT F7BE0068 ZwOpenProcess
SSDT F7BE006D ZwOpenThread
SSDT F7BE00A4 ZwReplaceKey
SSDT F7BE009F ZwRestoreKey
SSDT F7BE0090 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA71B0B0]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1980] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

Continued...

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 11th August 2009, 1:58 am

.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2280] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\system32\SearchIndexer.exe[2964] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3320] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
UPX1 C:\Documents and Settings\Lisa and Spencer\My Documents\Downloads\winlogon.exe[4024] C:\Documents and Settings\Lisa and Spencer\My Documents\Downloads\winlogon.exe entry point in "UPX1" section [0x00542830]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- EOF - GMER 1.0.15 ----

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by Belahzur on 11th August 2009, 2:05 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 11th August 2009, 9:57 pm

ComboFix 09-08-10.06 - Lisa and Spencer 08/11/2009 17:46.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.501 [GMT -4:00]
Running from: c:\documents and settings\Lisa and Spencer\My Documents\Downloads\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1943396740-922688218-2570226465-500
c:\recycler\S-1-5-21-3130912762-1197673133-3227797629-500
c:\recycler\S-1-5-21-3343316742-2148322770-1124579904-500
c:\recycler\S-1-5-21-3857898825-1240537017-2335725951-500
c:\recycler\S-1-5-21-3911284701-1955947087-2787658810-500
c:\windows\Installer\1bed383.msp
c:\windows\Installer\21125c0.msi
c:\windows\Installer\WinRMSrv.msi
c:\windows\kb913800.exe
c:\windows\setup.exe
c:\windows\system32\setup.ini

.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-10 01:03 . 2009-08-11 21:33 117760 ----a-w- c:\documents and settings\Lisa and Spencer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-10 01:03 . 2009-08-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 01:03 . 2009-08-10 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-10 01:03 . 2009-08-10 01:03 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\SUPERAntiSpyware.com
2009-08-10 00:58 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 00:58 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-10 00:58 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-10 00:58 . 2009-08-10 00:58 -------- d-----w- c:\program files\Avira
2009-08-10 00:58 . 2009-08-10 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-10 00:53 . 2009-08-10 00:53 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\Malwarebytes
2009-08-10 00:53 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 00:53 . 2009-08-10 00:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 00:53 . 2009-08-10 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 00:53 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 00:28 . 2009-08-10 00:28 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-09 18:24 . 2009-08-09 18:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-09 18:09 . 2009-08-09 18:09 -------- d-----w- c:\program files\Alwil Software
2009-08-09 17:51 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-09 17:51 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-09 17:51 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-09 17:51 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-08-09 17:51 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-09 17:07 . 2009-08-09 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-09 16:58 . 2009-08-09 16:58 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\AVG8
2009-08-09 13:09 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 18:34 . 2009-08-08 18:34 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-08-08 18:34 . 2009-08-08 18:34 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-08-08 18:34 . 2009-08-08 18:34 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-08 18:34 . 2009-08-08 18:34 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-08-08 18:25 . 2009-08-08 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 18:25 . 2009-08-08 18:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-05 20:14 . 2009-08-05 20:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\rebound
2009-07-30 00:20 . 2009-07-30 00:20 -------- d-----w- c:\program files\Conduit
2009-07-30 00:20 . 2009-07-30 00:20 -------- d-----w- c:\documents and settings\Lisa and Spencer\Local Settings\Application Data\Conduit
2009-07-30 00:20 . 2009-07-30 00:22 -------- d-----w- c:\documents and settings\Lisa and Spencer\Local Settings\Application Data\rebound
2009-07-30 00:20 . 2009-07-30 00:20 -------- d-----w- c:\program files\rebound
2009-07-28 00:05 . 2009-08-07 22:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 20:45 . 2009-07-18 20:45 -------- d-----w- c:\program files\Microsoft
2009-07-18 20:41 . 2009-07-18 20:41 152576 ----a-w- c:\documents and settings\Lisa and Spencer\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-18 17:26 . 2009-08-01 00:26 -------- d-----w- c:\documents and settings\Lisa and Spencer\Local Settings\Application Data\Temp
2009-07-15 20:23 . 2009-07-15 20:23 -------- d-----w- c:\program files\iPod
2009-07-15 20:23 . 2009-07-15 20:23 -------- d-----w- c:\program files\iTunes
2009-07-15 20:16 . 2009-07-15 20:16 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-14 12:11 . 2009-07-14 12:16 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 10:36 . 2008-07-01 16:01 -------- d-----w- c:\program files\LogMeIn
2009-08-10 23:54 . 2007-02-18 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-10 21:47 . 2009-04-17 21:55 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\NCH Swift Sound
2009-08-10 21:47 . 2007-12-25 17:07 -------- d-----w- c:\program files\VIDEOzilla
2009-08-10 21:44 . 2007-09-26 00:54 -------- d-----w- c:\program files\Citrix
2009-08-10 21:43 . 2006-09-14 20:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-10 21:41 . 2008-04-05 13:38 -------- d-----w- c:\program files\Coupons
2009-08-10 01:02 . 2008-12-26 23:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-10 00:45 . 2007-04-06 02:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-10 00:30 . 2006-09-14 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-09 20:32 . 2009-04-17 21:23 -------- d-----w- c:\program files\WildVoice Studio
2009-08-08 20:07 . 2007-10-05 10:28 -------- d-----w- c:\program files\Monitor Calibration Wizard
2009-08-08 20:06 . 2006-08-10 09:41 -------- d-----w- c:\program files\Sony
2009-08-08 20:06 . 2006-08-10 08:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 20:05 . 2007-12-28 02:05 -------- d-----w- c:\program files\Photo Viewer
2009-08-08 18:16 . 2006-08-10 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-08-01 12:52 . 2008-11-22 13:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-01 12:50 . 2008-11-08 12:58 38208 ----a-w- c:\documents and settings\Lisa and Spencer\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-08-01 00:21 . 2008-12-08 01:50 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\uTorrent
2009-07-30 23:44 . 2008-10-11 01:47 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\gtk-2.0
2009-07-18 20:43 . 2008-09-23 22:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-15 20:23 . 2008-03-15 15:12 -------- d-----w- c:\program files\Common Files\Apple
2009-07-15 17:20 . 2007-11-11 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-15 16:59 . 2007-03-03 01:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-14 12:12 . 2007-02-18 16:48 -------- d-----w- c:\program files\Google
2009-07-08 21:56 . 2009-07-08 21:56 -------- d-----w- c:\program files\TweetDeck
2009-07-08 00:09 . 2009-04-10 14:15 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\Dimdim
2009-07-08 00:07 . 2009-07-08 00:07 -------- d-----w- c:\program files\Dimdim
2009-07-08 00:06 . 2009-04-10 14:15 1951744 ----a-w- c:\documents and settings\Lisa and Spencer\Dimdim.msi
2009-07-08 00:06 . 2009-04-10 14:15 100232 ----a-w- c:\documents and settings\Lisa and Spencer\DimdimSetup.exe
2009-07-06 10:57 . 2006-09-14 20:29 102976 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 17:09 . 2006-08-10 07:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-21 16:14 . 2009-06-21 15:46 -------- d-----w- c:\program files\blueMarine
2009-06-21 15:52 . 2009-06-21 15:52 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\blueMarine
2009-06-17 12:42 . 2009-06-17 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-06-17 12:41 . 2009-06-17 12:41 -------- d-----w- c:\program files\Pando Networks
2009-06-16 14:36 . 2006-08-10 07:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-08-10 07:32 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 10:47 . 2006-09-14 20:11 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 19:27 . 2008-09-22 23:17 -------- d-----w- c:\program files\yWriter4
2009-06-15 19:13 . 2009-05-21 20:25 66 ----a-w- c:\documents and settings\Lisa and Spencer\Application Data\isfree4_1.tmp
2009-06-15 17:57 . 2007-02-18 16:58 -------- d-----w- c:\program files\Lavasoft
2009-06-15 17:54 . 2009-06-15 17:54 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\Lavasoft
2009-06-05 22:24 . 2009-06-05 22:25 55480 ----a-w- c:\windows\Fonts\Typist Regular.ttf
2009-06-05 15:42 . 2009-03-14 15:05 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2008-03-15 15:13 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2006-08-10 07:32 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 20:28 . 2009-05-25 20:28 27885920 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-05-25 20:27 . 2009-05-25 20:27 4830032 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagPlugin.exe
2009-05-25 04:24 . 2008-05-27 02:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-21 13:38 . 2009-05-21 13:32 928 ----a-w- c:\documents and settings\Lisa and Spencer\Application Data\isfree4_0.tmp
2008-09-24 02:37 . 2008-09-24 02:36 1452592 ----a-w- c:\program files\yWriter412dicts-5.0.zip
2009-01-12 15:48 . 2009-01-12 15:48 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-01-12 15:48 . 2009-01-12 15:48 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-01-12 15:48 . 2009-01-12 15:48 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-01-12 15:48 . 2009-01-12 15:48 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-01-26 20:59 . 2007-05-06 23:49 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-01-10 16:30 . 2007-05-06 23:49 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2002-07-31 23:55 . 2007-04-23 23:36 108 -csh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a740c0da-d880-40c5-bade-401f208cd221}"= "c:\program files\rebound\tbrebo.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{a740c0da-d880-40c5-bade-401f208cd221}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a740c0da-d880-40c5-bade-401f208cd221}]
2009-07-15 14:09 2224152 ----a-w- c:\program files\rebound\tbrebo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a740c0da-d880-40c5-bade-401f208cd221}"= "c:\program files\rebound\tbrebo.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{a740c0da-d880-40c5-bade-401f208cd221}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A740C0DA-D880-40C5-BADE-401F208CD221}"= "c:\program files\rebound\tbrebo.dll" [2009-07-15 2224152]

Continued...

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 11th August 2009, 9:58 pm

[HKEY_CLASSES_ROOT\clsid\{a740c0da-d880-40c5-bade-401f208cd221}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"Google Update"="c:\documents and settings\Lisa and Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-05-07 380928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-18 148888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]

c:\documents and settings\Lisa and Spencer\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 00:09 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56495:TCP"= 56495:TCP:Pando Media Booster
"56495:UDP"= 56495:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/9/2009 8:58 PM 108289]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/28/2008 3:31 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [7/1/2008 12:01 PM 47640]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/10/2006 3:33 AM 226304]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2008 7:44 PM 18560]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-08-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-18 16:29]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe
HKLM-Run-First Principle Group - c:\program files\First Principle Group\fpg.exe


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search - ?p=ZKxdm011YYUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save Flash - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Save YouTube Video - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: campuscruiser.com\prod
Trusted Zone: ptk.org\www
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: {050A3800-6C03-48A5-A6D7-14CCF18A700D} - [You must be registered and logged in to see this link.]
DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - [You must be registered and logged in to see this link.]
DPF: {297DE2B6-509A-4B36-93C5-A65276606900} - [You must be registered and logged in to see this link.]
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - [You must be registered and logged in to see this link.]
DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Lisa and Spencer\Application Data\Mozilla\Firefox\Profiles\eqo4es27.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Lisa and Spencer\Application Data\Mozilla\Firefox\Profiles\eqo4es27.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Lisa and Spencer\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07030901.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-11 17:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-08-11 17:55
ComboFix-quarantined-files.txt 2009-08-11 21:55

Pre-Run: 29,848,387,584 bytes free
Post-Run: 31,037,337,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

299 --- E O F --- 2009-08-11 00:44

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by Belahzur on 12th August 2009, 5:08 pm

Hello.

Now open a new notepad file.
Input this into the notepad file:

DDS::
uStart Page = [You must be registered and logged in to see this link.]

Firefox::
FF - ProfilePath - c:\documents and settings\Lisa and Spencer\Application Data\Mozilla\Firefox\Profiles\eqo4es27.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 13th August 2009, 1:43 am

ComboFix 09-08-10.06 - Lisa and Spencer 08/12/2009 21:30.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.382 [GMT -4:00]
Running from: c:\documents and settings\Lisa and Spencer\My Documents\Downloads\Combo-Fix.exe
Command switches used :: c:\documents and settings\Lisa and Spencer\My Documents\Downloads\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-10 01:03 . 2009-08-13 01:24 117760 ----a-w- c:\documents and settings\Lisa and Spencer\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-10 01:03 . 2009-08-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 01:03 . 2009-08-10 01:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-10 01:03 . 2009-08-10 01:03 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\SUPERAntiSpyware.com
2009-08-10 00:58 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 00:58 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-10 00:58 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-10 00:58 . 2009-08-10 00:58 -------- d-----w- c:\program files\Avira
2009-08-10 00:58 . 2009-08-10 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-10 00:53 . 2009-08-10 00:53 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\Malwarebytes
2009-08-10 00:53 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 00:53 . 2009-08-10 00:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 00:53 . 2009-08-10 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 00:53 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 00:28 . 2009-08-10 00:28 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-09 18:24 . 2009-08-09 18:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-09 18:09 . 2009-08-09 18:09 -------- d-----w- c:\program files\Alwil Software
2009-08-09 17:51 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-09 17:51 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-09 17:51 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-09 17:51 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-08-09 17:51 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-09 17:07 . 2009-08-09 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-09 16:58 . 2009-08-09 16:58 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\AVG8
2009-08-09 13:09 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 18:34 . 2009-08-08 18:34 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-08-08 18:34 . 2009-08-08 18:34 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-08-08 18:34 . 2009-08-08 18:34 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-08 18:34 . 2009-08-08 18:34 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-08-08 18:25 . 2009-08-08 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 18:25 . 2009-08-08 18:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-05 20:14 . 2009-08-05 20:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\rebound
2009-07-30 00:20 . 2009-07-30 00:20 -------- d-----w- c:\program files\Conduit
2009-07-30 00:20 . 2009-07-30 00:20 -------- d-----w- c:\documents and settings\Lisa and Spencer\Local Settings\Application Data\Conduit
2009-07-30 00:20 . 2009-07-30 00:22 -------- d-----w- c:\documents and settings\Lisa and Spencer\Local Settings\Application Data\rebound
2009-07-30 00:20 . 2009-07-30 00:20 -------- d-----w- c:\program files\rebound
2009-07-28 00:05 . 2009-08-07 22:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 20:45 . 2009-07-18 20:45 -------- d-----w- c:\program files\Microsoft
2009-07-18 20:41 . 2009-07-18 20:41 152576 ----a-w- c:\documents and settings\Lisa and Spencer\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-18 17:26 . 2009-08-01 00:26 -------- d-----w- c:\documents and settings\Lisa and Spencer\Local Settings\Application Data\Temp
2009-07-15 20:23 . 2009-07-15 20:23 -------- d-----w- c:\program files\iPod
2009-07-15 20:23 . 2009-07-15 20:23 -------- d-----w- c:\program files\iTunes
2009-07-15 20:16 . 2009-07-15 20:16 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-14 12:11 . 2009-07-14 12:16 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 01:38 . 2009-08-13 01:38 459130 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescript.dll
2009-08-12 10:26 . 2008-07-01 16:01 -------- d-----w- c:\program files\LogMeIn
2009-08-12 02:15 . 2007-02-18 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-10 21:47 . 2009-04-17 21:55 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\NCH Swift Sound
2009-08-10 21:47 . 2007-12-25 17:07 -------- d-----w- c:\program files\VIDEOzilla
2009-08-10 21:44 . 2007-09-26 00:54 -------- d-----w- c:\program files\Citrix
2009-08-10 21:43 . 2006-09-14 20:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-10 21:41 . 2008-04-05 13:38 -------- d-----w- c:\program files\Coupons
2009-08-10 01:02 . 2008-12-26 23:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-10 00:45 . 2007-04-06 02:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-10 00:30 . 2006-09-14 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-09 20:32 . 2009-04-17 21:23 -------- d-----w- c:\program files\WildVoice Studio
2009-08-08 20:07 . 2007-10-05 10:28 -------- d-----w- c:\program files\Monitor Calibration Wizard
2009-08-08 20:06 . 2006-08-10 09:41 -------- d-----w- c:\program files\Sony
2009-08-08 20:06 . 2006-08-10 08:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 20:05 . 2007-12-28 02:05 -------- d-----w- c:\program files\Photo Viewer
2009-08-08 18:16 . 2006-08-10 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-08-01 12:52 . 2008-11-22 13:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-01 12:50 . 2008-11-08 12:58 38208 ----a-w- c:\documents and settings\Lisa and Spencer\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-08-01 00:21 . 2008-12-08 01:50 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\uTorrent
2009-07-30 23:44 . 2008-10-11 01:47 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\gtk-2.0
2009-07-18 20:43 . 2008-09-23 22:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-15 20:23 . 2008-03-15 15:12 -------- d-----w- c:\program files\Common Files\Apple
2009-07-15 17:20 . 2007-11-11 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-15 16:59 . 2007-03-03 01:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-14 12:12 . 2007-02-18 16:48 -------- d-----w- c:\program files\Google
2009-07-08 21:56 . 2009-07-08 21:56 -------- d-----w- c:\program files\TweetDeck
2009-07-08 00:09 . 2009-04-10 14:15 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\Dimdim
2009-07-08 00:07 . 2009-07-08 00:07 -------- d-----w- c:\program files\Dimdim
2009-07-08 00:06 . 2009-04-10 14:15 1951744 ----a-w- c:\documents and settings\Lisa and Spencer\Dimdim.msi
2009-07-08 00:06 . 2009-04-10 14:15 100232 ----a-w- c:\documents and settings\Lisa and Spencer\DimdimSetup.exe
2009-07-06 10:57 . 2006-09-14 20:29 102976 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 17:09 . 2006-08-10 07:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-21 16:14 . 2009-06-21 15:46 -------- d-----w- c:\program files\blueMarine
2009-06-21 15:52 . 2009-06-21 15:52 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\blueMarine
2009-06-17 12:42 . 2009-06-17 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-06-17 12:41 . 2009-06-17 12:41 -------- d-----w- c:\program files\Pando Networks
2009-06-16 14:36 . 2006-08-10 07:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-08-10 07:32 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 10:47 . 2006-09-14 20:11 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 19:27 . 2008-09-22 23:17 -------- d-----w- c:\program files\yWriter4
2009-06-15 19:13 . 2009-05-21 20:25 66 ----a-w- c:\documents and settings\Lisa and Spencer\Application Data\isfree4_1.tmp
2009-06-15 17:57 . 2007-02-18 16:58 -------- d-----w- c:\program files\Lavasoft
2009-06-15 17:54 . 2009-06-15 17:54 -------- d-----w- c:\documents and settings\Lisa and Spencer\Application Data\Lavasoft
2009-06-05 22:24 . 2009-06-05 22:25 55480 ----a-w- c:\windows\Fonts\Typist Regular.ttf
2009-06-05 15:42 . 2009-03-14 15:05 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2008-03-15 15:13 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2006-08-10 07:32 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 20:28 . 2009-05-25 20:28 27885920 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe
2009-05-25 20:27 . 2009-05-25 20:27 4830032 ----a-w- c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagPlugin.exe
2009-05-25 04:24 . 2008-05-27 02:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-21 13:38 . 2009-05-21 13:32 928 ----a-w- c:\documents and settings\Lisa and Spencer\Application Data\isfree4_0.tmp
2008-09-24 02:37 . 2008-09-24 02:36 1452592 ----a-w- c:\program files\yWriter412dicts-5.0.zip
2009-01-12 15:48 . 2009-01-12 15:48 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-01-12 15:48 . 2009-01-12 15:48 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-01-12 15:48 . 2009-01-12 15:48 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-01-12 15:48 . 2009-01-12 15:48 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-01-26 20:59 . 2007-05-06 23:49 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-01-10 16:30 . 2007-05-06 23:49 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2002-07-31 23:55 . 2007-04-23 23:36 108 -csh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 01:22 . 2009-08-13 01:22 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

Continued...

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 13th August 2009, 1:43 am

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a740c0da-d880-40c5-bade-401f208cd221}"= "c:\program files\rebound\tbrebo.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{a740c0da-d880-40c5-bade-401f208cd221}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a740c0da-d880-40c5-bade-401f208cd221}]
2009-07-15 14:09 2224152 ----a-w- c:\program files\rebound\tbrebo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a740c0da-d880-40c5-bade-401f208cd221}"= "c:\program files\rebound\tbrebo.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{a740c0da-d880-40c5-bade-401f208cd221}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A740C0DA-D880-40C5-BADE-401F208CD221}"= "c:\program files\rebound\tbrebo.dll" [2009-07-15 2224152]

[HKEY_CLASSES_ROOT\clsid\{a740c0da-d880-40c5-bade-401f208cd221}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"Google Update"="c:\documents and settings\Lisa and Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-05-07 380928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-18 148888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]

c:\documents and settings\Lisa and Spencer\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 00:09 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56495:TCP"= 56495:TCP:Pando Media Booster
"56495:UDP"= 56495:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/9/2009 8:58 PM 108289]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/28/2008 3:31 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [7/1/2008 12:01 PM 47640]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 5:43 PM 31896]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/10/2006 3:33 AM 226304]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2008 7:44 PM 18560]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-18 16:29]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search - ?p=ZKxdm011YYUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save Flash - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Save YouTube Video - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: campuscruiser.com\prod
Trusted Zone: ptk.org\www
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: {050A3800-6C03-48A5-A6D7-14CCF18A700D} - [You must be registered and logged in to see this link.]
DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - [You must be registered and logged in to see this link.]
DPF: {297DE2B6-509A-4B36-93C5-A65276606900} - [You must be registered and logged in to see this link.]
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - [You must be registered and logged in to see this link.]
DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Lisa and Spencer\Application Data\Mozilla\Firefox\Profiles\eqo4es27.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Lisa and Spencer\Application Data\Mozilla\Firefox\Profiles\eqo4es27.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Lisa and Spencer\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07030901.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-12 21:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\VESWinlogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(5452)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-08-13 21:41
ComboFix-quarantined-files.txt 2009-08-13 01:41
ComboFix2.txt 2009-08-11 21:55

Pre-Run: 31,056,388,096 bytes free
Post-Run: 30,985,678,848 bytes free

286 --- E O F --- 2009-08-11 00:44

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by Belahzur on 13th August 2009, 4:29 pm

Hello.
Delete this folder in bold:

c:\program files\Conduit

Post a new Hijack This log please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 13th August 2009, 9:51 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:16 PM, on 8/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lisa and Spencer\My Documents\Downloads\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: rebound Toolbar - {a740c0da-d880-40c5-bade-401f208cd221} - C:\Program Files\rebound\tbrebo.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: rebound Toolbar - {a740c0da-d880-40c5-bade-401f208cd221} - C:\Program Files\rebound\tbrebo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: rebound Toolbar - {a740c0da-d880-40c5-bade-401f208cd221} - C:\Program Files\rebound\tbrebo.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]

Continued...

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 13th August 2009, 9:52 pm

O8 - Extra context menu item: Save Flash - [You must be registered and logged in to see this link.] Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Save YouTube Video - [You must be registered and logged in to see this link.] Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {050A3800-6C03-48A5-A6D7-14CCF18A700D} - [You must be registered and logged in to see this link.]
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - [You must be registered and logged in to see this link.]
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - [You must be registered and logged in to see this link.]
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - [You must be registered and logged in to see this link.]
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - [You must be registered and logged in to see this link.]
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - [You must be registered and logged in to see this link.]
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 18699 bytes

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by Belahzur on 14th August 2009, 6:29 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS


  • Press "Fix Checked"
  • Close Hijack This.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 15th August 2009, 1:42 am

I did the above and it's still not back to normal. Sometimes the mouse "catches", like it freezes and then starts moving again. When I try to play video, the sound and picture freezes or stalls, then resumes playing. I've run Antivir again and it shows no viruses. Is there something else that could be causing this?

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by Origin on 15th August 2009, 6:10 pm

Please download [You must be registered and logged in to see this link.]

  • Next run the file; *Note: If running vista right click and select run as administrator
  • Once opened, navigate to the log tab and select all the areas including the hidden objects only box and click on the create log button
  • A scan will start and then a window will pop up with two options, select scan all drives
  • Once finished it will give you a location where it was saved, navigate to that place usually the desktop, and open the log, post all the contents of the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 15th August 2009, 9:41 pm

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 812
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 888
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 932
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 944
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1136
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1212
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1252
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PID: 1312
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PID: 1536
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1736
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1784
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1792
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 2024
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 204
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 256
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 360
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 396
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 460
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehrecvr.exe
PID: 512
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehSched.exe
PID: 628
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1164
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1400
Hidden: No
Window Visible: No

Name: C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PID: 1644
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PID: 1780
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\ramaint.exe
PID: 1960
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LogMeIn.exe
PID: 440
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PID: 496
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 676
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe
PID: 748
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Motive\McciCMService.exe
PID: 764
Hidden: No
Window Visible: No

Name: C:\Program Files\Apoint\Apoint.exe
PID: 1272
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehtray.exe
PID: 1556
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PID: 2092
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 2152
Hidden: No
Window Visible: No

Name: C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PID: 2176
Hidden: No
Window Visible: No

Name: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PID: 2308
Hidden: No
Window Visible: No

Name: C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PID: 2364
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PID: 2388
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 2424
Hidden: No
Window Visible: No

Name: C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PID: 2484
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2692
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PID: 2700
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2760
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PID: 2888
Hidden: No
Window Visible: No

Name: C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PID: 2956
Hidden: No
Window Visible: No

Name: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PID: 3008
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PID: 3092
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 3452
Hidden: No
Window Visible: No

Name: C:\Program Files\Apoint\ApntEx.exe
PID: 3460
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehmsas.exe
PID: 3508
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 3560
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 3600
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 3716
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PID: 3744
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 3760
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe
PID: 3792
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\searchindexer.exe
PID: 3828
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PID: 3836
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 3884
Hidden: No
Window Visible: No

Name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PID: 4088
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 120
Hidden: No
Window Visible: No

Name: C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PID: 132
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 2572
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxext.exe
PID: 2676
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 1636
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PID: 560
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PID: 664
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 2604
Hidden: No
Window Visible: No

Continued...

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 15th August 2009, 9:42 pm

Name: C:\WINDOWS\system32\alg.exe
PID: 1712
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PID: 612
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PID: 5384
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PID: 5512
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PID: 4292
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Lisa and Spencer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PID: 1320
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\searchprotocolhost.exe
PID: 1032
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\searchfilterhost.exe
PID: 6116
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Lisa and Spencer\My Documents\Downloads\SysProt.exe
PID: 5540
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Lisa and Spencer\My Documents\Downloads\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A93E9000
Module End: A93F4000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7A3E000
Module End: F7A40000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F794E000
Module End: F7951000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F740F000
Module End: F743D000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7A40000
Module End: F7A42000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F73FE000
Module End: F740F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F753E000
Module End: F7548000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F754E000
Module End: F755E000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F755E000
Module End: F756C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F7952000
Module End: F7955000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F7956000
Module End: F795A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7B06000
Module End: F7B07000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F77BE000
Module End: F77C5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pcmcia.sys
Service Name: Pcmcia
Module Base: F73E0000
Module End: F73FE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F756E000
Module End: F7579000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F73C1000
Module End: F73E0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPIEC.sys
Service Name: ACPIEC
Module Base: F795A000
Module End: F795D000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Service Name: ---
Module Base: F7B07000
Module End: F7B08000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F77C6000
Module End: F77CB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F757E000
Module End: F758B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F73A9000
Module End: F73C1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F758E000
Module End: F7597000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F759E000
Module End: F75AB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F7389000
Module End: F73A9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7377000
Module End: F7389000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F75AE000
Module End: F75B7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7360000
Module End: F7377000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F72D3000
Module End: F7360000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F72A6000
Module End: F72D3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F728C000
Module End: F72A6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F764E000
Module End: F7657000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F7254000
Module End: F7258000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Service Name: ialm
Module Base: F68C3000
Module End: F69E0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F68AF000
Module End: F68C3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F6887000
Module End: F68AF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\yk51x86.sys
Service Name: yukonwxp
Module Base: F684B000
Module End: F6887000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
Service Name: NETw3x32
Module Base: F66AA000
Module End: F684B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F78CE000
Module End: F78D4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6686000
Module End: F66AA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F78D6000
Module End: F78DE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F765E000
Module End: F766E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ti21sony.sys
Service Name: ti21sony
Module Base: F6649000
Module End: F6686000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SonyNC.sys
Service Name: SNC
Module Base: F78E6000
Module End: F78EC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F766E000
Module End: F767B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F78EE000
Module End: F78F4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Service Name: ApfiltrService
Module Base: F662F000
Module End: F6649000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F78F6000
Module End: F78FC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F768E000
Module End: F769E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F769E000
Module End: F76AD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F660C000
Module End: F662F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F76AE000
Module End: F76B8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\tosrfcom.sys
Service Name: Tosrfcom
Module Base: F76BE000
Module End: F76CE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dfmirage.sys
Service Name: dfmirage
Module Base: F76CE000
Module End: F76DA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\lmimirr.sys
Service Name: lmimirr
Module Base: F7BA8000
Module End: F7BA9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7BA9000
Module End: F7BAA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F76DE000
Module End: F76EB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7244000
Module End: F7247000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F65F5000
Module End: F660C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F76EE000
Module End: F76F9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F76FE000
Module End: F770A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F7906000
Module End: F790B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F65E4000
Module End: F65F5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F770E000
Module End: F7717000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F790E000
Module End: F7913000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7916000
Module End: F791B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F65B4000
Module End: F65E4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F771E000
Module End: F7728000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7A80000
Module End: F7A82000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6556000
Module End: F65B4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F6AE7000
Module End: F6AEB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tosporte.sys
Service Name: tosporte
Module Base: F772E000
Module End: F773A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F773E000
Module End: F7748000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: AAB28000
Module End: AAF69000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: AAB04000
Module End: AAB28000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F776E000
Module End: F777D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
Service Name: HSFHWAZL
Module Base: AAAD1000
Module End: AAB04000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Service Name: HSF_DPV
Module Base: AA9DF000
Module End: AAAD1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: AA92D000
Module End: AA9DF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F7926000
Module End: F792E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F777E000
Module End: F778D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7A86000
Module End: F7A88000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7A88000
Module End: F7A8A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7C40000
Module End: F7C41000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7A8A000
Module End: F7A8C000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F7946000
Module End: F794C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7A8C000
Module End: F7A8E000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7A8E000
Module End: F7A90000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F77D6000
Module End: F77DB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F77F6000
Module End: F77FE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F7A0E000
Module End: F7A11000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AA8D2000
Module End: AA8E5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: AA879000
Module End: AA8D2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: AA851000
Module End: AA879000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: AA82B000
Module End: AA851000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: AA809000
Module End: AA82B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F778E000
Module End: F7797000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F779E000
Module End: F77A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: F77FE000
Module End: F7804000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Service Name: SASKUTIL
Module Base: AA744000
Module End: AA769000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F7806000
Module End: F780C000
Hidden: No

Continued...

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by plumdearly on 15th August 2009, 9:43 pm

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: AA719000
Module End: AA744000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F77AE000
Module End: F77BD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AA681000
Module End: AA6F1000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F6A70000
Module End: F6A7B000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Service Name: eeCtrl
Module Base: AA61E000
Module End: AA681000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\DMICall.sys
Service Name: DMICall
Module Base: F7C4D000
Module End: F7C4E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: AA602000
Module End: AA61E000
Hidden: No

Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Service Name: avgio
Module Base: F7A92000
Module End: F7A94000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: usbstor
Module Base: F780E000
Module End: F7815000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F75DE000
Module End: F75EE000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AA5EA000
Module End: AA602000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7ABC000
Module End: F7ABE000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F652E000
Module End: F6531000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F7876000
Module End: F787B000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7C37000
Module End: F7C38000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: AA496000
Module End: AA4AA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: F78C6000
Module End: F78CB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Service Name: s24trans
Module Base: AA48E000
Module End: AA492000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: AA42A000
Module End: AA42E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: AA121000
Module End: AA14E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Aspi32.SYS
Service Name: Aspi32
Module Base: AA162000
Module End: AA166000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A9FF4000
Module End: AA009000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: AA1E6000
Module End: AA1F5000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
Service Name: CdaD10BA
Module Base: AA11D000
Module End: AA120000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A9DAB000
Module End: A9DEC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A9C19000
Module End: A9C6B000
Hidden: No

Module Name: \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
Service Name: LMIInfo
Module Base: F7AEA000
Module End: F7AEC000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Service Name: LMIRfsDriver
Module Base: A9CDB000
Module End: A9CE5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: A9BF9000
Module End: A9BFD000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Service Name: symlcbrd
Module Base: F7816000
Module End: F781C000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Service Name: SASENUM
Module Base: F791E000
Module End: F7923000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
Service Name: ---
Module Base: F7B00000
Module End: F7B02000
Hidden: Yes

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A8A25000
Module End: A8A49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A89AA000
Module End: A89D5000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F7C5048E
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: F7C50484
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F7C50493
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: F7C5049D
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadKey
Address: F7C504A2
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: F7C50470
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: F7C50475
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwReplaceKey
Address: F7C504AC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: F7C504A7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F7C50498
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: AA74D0B0
Driver Base: AA744000
Driver End: AA769000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: LISA.GATEWAY.2WIRE.NET:2377
Remote Address: APP01-07.LOGMEIN.COM:HTTPS
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: ESTABLISHED

Local Address: LISA.GATEWAY.2WIRE.NET:1388
Remote Address: YW-IN-F100.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
State: CLOSE_WAIT

Local Address: LISA.GATEWAY.2WIRE.NET:1385
Remote Address: YW-IN-F99.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
State: CLOSE_WAIT

Local Address: LISA.GATEWAY.2WIRE.NET:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LISA:27015
Remote Address: LOCALHOST:1033
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: LISA:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: LISA:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: LISA:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: LISA:2002
Remote Address: LOCALHOST:1034
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: ESTABLISHED

Local Address: LISA:1044
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: LISA:1034
Remote Address: LOCALHOST:2002
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
State: ESTABLISHED

Local Address: LISA:1033
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: LISA:51493
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
State: LISTENING

Local Address: LISA:10243
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Windows Media Player\wmpnetwk.exe
State: LISTENING

Local Address: LISA:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: LISA:2002
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\LogMeIn\x86\LogMeIn.exe
State: LISTENING

Local Address: LISA:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LISA:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: LISA.GATEWAY.2WIRE.NET:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LISA.GATEWAY.2WIRE.NET:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LISA.GATEWAY.2WIRE.NET:1900
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
State: NA

Local Address: LISA.GATEWAY.2WIRE.NET:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LISA.GATEWAY.2WIRE.NET:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LISA.GATEWAY.2WIRE.NET:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LISA:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LISA:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LISA:64527
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LISA:51493
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
State: NA

Local Address: LISA:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: LISA:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA

Local Address: LISA:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LISA:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: LISA:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Lisa and Spencer\Application Data\uTorrent\Sigur_Ros_Međ suđ iŽ eyrum viđ spilum endalaust_320kb.torrent
Status: Hidden

Object: C:\Documents and Settings\Lisa and Spencer\My Documents\My Music\Alice_In_Chains-Discography-(21CD)-h8me\Alice_In_Chains-Music_Bank_Boxset-(3CD)-1999-h8me\Alice_In_Chains-Music_Bank_Boxset-(Disc_1)-1999-h8me\10-alice_in_chains-sea_of_sorrow_(unreleased_de
Status: Hidden

Object: C:\Documents and Settings\Lisa and Spencer\My Documents\My Music\Alice_In_Chains-Discography-(21CD)-h8me\Alice_In_Chains-Music_Bank_Boxset-(3CD)-1999-h8me\Alice_In_Chains-Music_Bank_Boxset-(Disc_1)-1999-h8me\15-alice_in_chains-rooster_(unreleased_demo)-h8
Status: Hidden

Object: C:\Documents and Settings\Lisa and Spencer\My Documents\My Music\Sigur_Ros_Međ suđ iŽ eyrum viđ spilum endalaust_320kb
Status: Hidden

plumdearly
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-08-11
OS OS : Windows XP
Points Points : 26780
# Likes # Likes : 0

View user profile

Back to top Go down

Re: TR/Crypt.CFI.Gen - possibly removed, but not sure?

Post by Belahzur on 15th August 2009, 11:53 pm

Hello.
Log looks okay aside from a hidden item in your uTorrent folder.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum