pc antispyware

View previous topic View next topic Go down

Re: pc antispyware

Post by chugaz77 on Sat 15 Aug - 0:32

I'm about to run combo fix on my comp.
how do i do the:
Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


Also too, is the CFScript.txt above specific to one's computer or is it a global fix?

if my desktop appears to be blocked... the only way i'm able to get around doning anything on my comp is by using the ctrl+alt+del and running new tasks
thanks in advance

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by Origin on Sat 15 Aug - 17:57

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by chugaz77 on Sat 15 Aug - 19:14

Thanks for the response, I ran the software listed above, it went through a quick scan and found two trojans (I had not been able to run the program before, so some progress has been made). I logged back on after a "restart". My desktop is still empty, and my task bar is still missing. I'm running the software again, and it looks like the computer is clean of viruses. If you look at the beginning of this thread, that is exactly what Iím experiencing.

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by Belahzur on Sat 15 Aug - 20:30

Okay, looks like explorer might not be loading. Can you open Task Manager even though the Desktop is blank?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pc antispyware

Post by chugaz77 on Sat 15 Aug - 20:35

I can't do anything on the desktop. it is as if it was locked. the only way i can do stuff is by using the Ctrl+alt-del. If i do click Ctrl+alt-del, i'm able to run the Task Manager.

I ran the combo fix and got a log. would that help you? if so, how do i post a file?
Thanks again.


Last edited by chugaz77 on Sat 15 Aug - 22:36; edited 1 time in total

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by Belahzur on Tue 18 Aug - 20:44

If you have a Combofix log from this machine, please post it.

P.S. PM'd you.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Combo Fix Log Part 1

Post by chugaz77 on Tue 18 Aug - 20:54

ComboFix 09-08-10.06 - Administrator 08/15/2009 20:05.6.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1082 [GMT -5:00]
Running from: c:\documents and settings\Administrator.EC29D2D7ECFE48B\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-16 00:12 . 2009-08-16 00:12 -------- d-----w- c:\documents and settings\Administrator.EC29D2D7ECFE48B\Application Data\Malwarebytes
2009-08-15 18:45 . 2009-08-15 18:45 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 18:45 . 2009-08-15 18:45 -------- d-----w- c:\program files\MSBuild
2009-08-15 18:45 . 2009-08-15 18:45 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 18:44 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 18:44 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 18:44 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 18:44 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 18:44 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 18:44 . 2009-08-15 18:44 -------- d-----w- C:\37e52f2c1fcccf9c75135f8db3c99ad6
2009-08-15 18:44 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 18:44 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 18:43 . 2009-08-15 18:59 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-15 00:00 . 2009-08-15 00:00 -------- d--h--w- c:\windows\$hf_mig$
2009-08-14 03:31 . 2009-08-14 03:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-08-14 03:09 . 2009-08-14 03:09 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-14 02:43 . 2009-08-14 02:42 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-14 02:33 . 2009-08-14 02:33 -------- d-----w- c:\program files\NortonInstaller
2009-08-14 01:14 . 2009-08-14 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2009-08-14 00:56 . 2009-08-14 00:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-14 00:52 . 2009-08-14 00:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-14 00:51 . 2005-06-14 19:42 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 03:37 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 03:01 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 03:01 . 2009-08-16 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 03:01 . 2009-08-12 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-12 03:01 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 02:08 . 2009-08-12 02:08 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-12 01:59 . 2008-10-29 01:23 425984 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-12 01:59 . 2008-10-29 00:40 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-08-12 01:59 . 2008-10-29 00:40 3107788 ----a-w- c:\windows\system32\ativvaxx.dat
2009-08-12 01:59 . 2008-10-29 00:40 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2009-08-12 01:59 . 2008-10-29 00:19 44032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-12 01:59 . 2008-10-29 00:18 253952 ----a-w- c:\windows\system32\atiok3x2.dll
2009-08-12 01:59 . 2008-10-29 00:25 48640 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-12 01:46 . 2009-08-12 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2009-08-12 01:40 . 2009-08-12 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-08-12 01:36 . 2009-08-12 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-12 01:34 . 2009-08-12 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-12 01:24 . 2009-08-12 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware
2009-08-12 01:23 . 2009-08-12 01:46 -------- d-----w- c:\program files\ParetoLogic
2009-08-12 01:23 . 2009-08-12 01:36 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-08-11 04:29 . 2009-08-11 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-08-11 04:29 . 2009-08-12 01:58 -------- d-----w- c:\program files\RegCure
2009-08-11 03:39 . 2009-08-11 15:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-08-10 02:41 . 2009-08-10 02:54 -------- d-----w- c:\program files\Uniblue
2009-08-09 20:00 . 2009-08-09 20:00 -------- d--h--w- c:\windows\PIF
2009-08-09 00:48 . 2009-08-09 00:48 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-08 21:06 . 2009-08-08 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-08-08 21:06 . 2009-08-14 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-08 21:06 . 2009-08-14 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-08 21:04 . 2009-08-08 21:04 -------- d-----w- c:\documents and settings\All Users\Symantec Temporary Files
2009-08-08 19:57 . 2009-08-08 19:57 18076 ----a-w- c:\program files\Common Files\jesefacyzo.vbs
2009-08-08 19:13 . 2009-08-08 19:13 12960 ----a-w- c:\program files\Common Files\icozax.vbs
2009-08-08 19:09 . 2009-08-08 19:09 18169 ----a-w- c:\program files\Common Files\yqyheqewaq.bin
2009-08-08 19:09 . 2009-08-08 19:09 15153 ----a-w- c:\program files\Common Files\newokupi.dat
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-07-17 16:51 . 2009-07-17 16:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 00:44 . 2005-06-13 19:00 407040 ----a-w- c:\windows\system32\netlogon.dll
2009-08-14 03:14 . 2005-06-14 19:48 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-14 02:43 . 2005-10-27 00:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-12 03:42 . 2005-06-14 18:58 -------- d-----w- c:\program files\Java
2009-08-12 03:38 . 2008-12-06 13:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-12 01:39 . 2005-12-05 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-08-11 04:00 . 2008-12-02 03:02 20480 ----a-w- c:\windows\rmlluf32.dll
2009-08-09 00:49 . 2008-12-06 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-09 00:48 . 2008-12-06 04:50 -------- d-----w- c:\program files\NOS
2009-08-08 19:57 . 2009-08-08 19:57 18419 ----a-w- c:\program files\Common Files\amunax.ban
2009-08-08 19:57 . 2009-08-08 19:57 15388 ----a-w- c:\program files\Common Files\ifuk.dl
2009-08-08 19:18 . 2005-12-05 00:04 -------- d-----w- c:\program files\Real
2009-08-08 19:18 . 2005-12-05 00:04 -------- d-----w- c:\program files\Common Files\Real
2009-08-08 19:13 . 2009-08-08 19:13 10092 ----a-w- c:\program files\Common Files\xivi._sy
2009-08-08 18:45 . 2009-08-08 18:45 13751 ----a-w- c:\program files\Common Files\ofigym.db
2009-08-05 09:01 . 2005-06-13 19:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-06-13 19:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 21:21 . 2005-06-14 19:48 -------- d-----w- c:\program files\Google
2009-07-15 21:18 . 2009-07-15 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-14 04:43 . 2005-06-13 19:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-07 02:27 . 2009-07-07 02:27 -------- d-----w- c:\program files\MSECache
2009-07-03 17:09 . 2005-06-13 19:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-20 17:28 . 2009-06-20 17:28 -------- d-----w- c:\program files\iTunes
2009-06-20 17:28 . 2006-07-20 02:49 -------- d-----w- c:\program files\iPod
2009-06-20 17:28 . 2007-08-16 01:35 -------- d-----w- c:\program files\Common Files\Apple
2009-06-20 17:25 . 2009-03-22 15:40 -------- d-----w- c:\program files\QuickTime
2009-06-20 17:16 . 2009-06-20 17:16 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-16 14:36 . 2005-06-13 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-06-13 19:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2005-06-13 19:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2005-06-13 19:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2005-06-13 19:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2005-06-13 19:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 16:42 . 2009-06-20 17:20 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 16:42 . 2009-06-20 17:20 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 19:09 . 2005-06-13 19:00 1291264 ----a-w- c:\windows\system32\quartz.dll
1997-06-23 09:00 . 1997-06-23 09:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 18:06 . 1997-06-23 18:06 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 18:06 . 1997-06-23 18:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 18:06 . 1997-06-23 18:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

Combo Fix Part 2

Post by chugaz77 on Tue 18 Aug - 20:55

------- Sigcheck -------

[-] 2008-04-14 00:12 1033728 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe


c:\windows\system32\appmgmts.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot_2009-08-15_19.29.17 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2005-03-21 99480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-04-28 260896]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1171131538\ee\AOLSoftware.exe" [2006-09-26 50736]
"SsAAD.exe"="c:\progra~1\sony\SONICS~1\SsAAD.exe" [2005-01-25 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-02 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-11-29 2748928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-4 156784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SpySubtract.lnk - c:\program files\InterMute\SpySubtract\SpySub.exe [2005-10-26 1187840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=ma_cmidn.dll
"midi2"=evolusbn.dll
"midi3"=evolusbn.dll
"midi4"=evolusbn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 6:47 AM 98304]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 5:40 AM 118784]
S2 UnoInstallerService;Uno Installer;c:\program files\M-Audio Uno\UnoInst.exe [12/6/2008 6:44 PM 106496]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\drivers\atinysxx.sys [7/23/2006 2:01 PM 79360]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\drivers\atinyvxx.sys [7/23/2006 2:01 PM 174592]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\drivers\atinyuxx.sys [7/23/2006 2:01 PM 64512]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\drivers\ATIUTD.sys [7/23/2006 2:01 PM 38912]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;c:\windows\system32\drivers\evolusb.sys [12/6/2008 6:44 PM 21984]
S3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [12/16/2008 5:22 PM 79649]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\drivers\atinyttx.sys [7/23/2006 2:01 PM 13824]
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 17:34]

2009-08-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]

2009-08-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 21:18]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 21:19]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 21:19]

2009-08-12 c:\windows\Tasks\ParetoLogic Anti-Spyware.job
- c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2009-08-05 14:58]

2009-08-12 c:\windows\Tasks\ParetoLogic Privacy Controls_{8ADF83AE-86ED-11DE-AB8C-00038A000015}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2008-11-25 16:29]

2009-08-15 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]

2009-08-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]

2009-08-12 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS\Pareto_Update.exe [2009-08-05 18:39]

2009-08-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-08-15 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-08-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-15 20:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-16 20:11
ComboFix-quarantined-files.txt 2009-08-16 01:11
ComboFix2.txt 2009-08-15 23:45
ComboFix3.txt 2009-08-15 19:30
ComboFix4.txt 2009-08-15 01:18
ComboFix5.txt 2009-08-16 01:04

Pre-Run: 61,449,240,576 bytes free
Post-Run: 61,531,062,272 bytes free

245 --- E O F --- 2009-08-15 18:53

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by Belahzur on Wed 19 Aug - 0:04

Submit a file for analysis.

  1. Please visit this website: [You must be registered and logged in to see this link.]
  2. Press the "Browse" button and locate the following file in bold:
    C:\WINDOWS\explorer.exe
  3. Press the "Submit File button to submit the file for analysis.
  4. Allow it to be scanned, it could take a few minutes depending on server load.
  5. Copy and paste the result back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pc antispyware

Post by chugaz77 on Wed 19 Aug - 0:59

There are three exporer files under c:\windows
Exporer.PIF
Exporer.SCF
Exporer.EXE
The first two are clean according to the scanners. The EXE file (which is about 1 meg in size according to the browser), comes back as an empty file (under upload status).
I should mention that i logged on using safe mode.

Before getting this virus, my account was the administrator, after getting the virus, a lot of permissions were taken away. After i did a safe mode boot, i noticed that there was an Administrator account that does not show up when i do a normal boot.
With that said, even under administrator mode, when i double click on the exporer.exe file, it tells me that the access is denied.

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by Belahzur on Wed 19 Aug - 19:24

Hello.
That administrator account that has appeared isn't something caused by malware. In XP, there's the main admin acc, and your account.

The administrator is hidden from sight in normal mode to stop people messing around it it. [if people could see it, how many more machines would be broken by now? LMBO or ROFL ]

Can you upload this file for a scan

c:\windows\ServicePackFiles\i386\explorer.exe

I want to see if that one is clean.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pc antispyware

Post by chugaz77 on Thu 20 Aug - 0:57

Hello,
c:\windows\ServicePackFiles\i386\explorer.exe

"Found nothing" on all scanners

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by Belahzur on Thu 20 Aug - 19:35

Now open a new notepad file.
Input this into the notepad file:

FCopy::
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe
c:\documents and settings\Administrator.EC29D2D7ECFE48B\Desktop\appmgmts.dll | c:\windows\system32\appmgmts.dll

File::
c:\program files\Common Files\jesefacyzo.vbs
c:\program files\Common Files\icozax.vbs
c:\program files\Common Files\yqyheqewaq.bin
c:\program files\Common Files\newokupi.dat
c:\program files\Common Files\xivi._sy
c:\program files\Common Files\ofigym.db

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: pc antispyware

Post by chugaz77 on Sat 22 Aug - 14:17

Hey, Thanks!!! Thank You!

That seemed to get rid of most of the problem.

I got my desktop back!!!
I still get some problems on some of the software that i have installed. For example, when i try to run iTunes, a dialog box comes up saying...

"Problem with shorcut
This action is only valid for products that are currently installed"

Here is the latest log from combofix...
Thanks again (almost there)

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by chugaz77 on Sat 22 Aug - 14:19

ComboFix 09-08-20.02 - Administrator 08/20/2009 22:29.8.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1292 [GMT -5:00]
Running from: c:\documents and settings\Administrator.EC29D2D7ECFE48B\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.EC29D2D7ECFE48B\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\program files\Common Files\icozax.vbs"
"c:\program files\Common Files\jesefacyzo.vbs"
"c:\program files\Common Files\newokupi.dat"
"c:\program files\Common Files\ofigym.db"
"c:\program files\Common Files\xivi._sy"
"c:\program files\Common Files\yqyheqewaq.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\icozax.vbs
c:\program files\Common Files\jesefacyzo.vbs
c:\program files\Common Files\newokupi.dat
c:\program files\Common Files\ofigym.db
c:\program files\Common Files\xivi._sy
c:\program files\Common Files\yqyheqewaq.bin

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-19 00:38 . 2009-08-19 00:38 2855 ----a-w- c:\windows\explorer.PIF
2009-08-16 01:13 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\Administrator.EC29D2D7ECFE48B\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-08-16 00:12 . 2009-08-16 00:12 -------- d-----w- c:\documents and settings\Administrator.EC29D2D7ECFE48B\Application Data\Malwarebytes
2009-08-15 18:45 . 2009-08-15 18:45 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-15 18:45 . 2009-08-15 18:45 -------- d-----w- c:\program files\MSBuild
2009-08-15 18:45 . 2009-08-15 18:45 -------- d-----w- c:\program files\Reference Assemblies
2009-08-15 18:44 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-15 18:44 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-15 18:44 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-15 18:44 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-15 18:44 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-15 18:44 . 2009-08-15 18:44 -------- d-----w- C:\37e52f2c1fcccf9c75135f8db3c99ad6
2009-08-15 18:44 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-15 18:44 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-15 18:43 . 2009-08-15 18:59 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-15 00:00 . 2009-08-15 00:00 -------- d--h--w- c:\windows\$hf_mig$
2009-08-14 03:31 . 2009-08-14 03:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-08-14 03:09 . 2009-08-14 03:09 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-14 02:43 . 2009-08-14 02:42 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-14 02:33 . 2009-08-14 02:33 -------- d-----w- c:\program files\NortonInstaller
2009-08-14 01:14 . 2009-08-14 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2009-08-14 00:56 . 2009-08-14 00:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-14 00:52 . 2009-08-14 00:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-14 00:51 . 2005-06-14 19:42 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 03:37 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 03:01 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 03:01 . 2009-08-16 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 03:01 . 2009-08-12 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-12 03:01 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 02:08 . 2009-08-12 02:08 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-12 01:59 . 2008-10-29 01:23 425984 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-12 01:59 . 2008-10-29 00:40 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-08-12 01:59 . 2008-10-29 00:40 3107788 ----a-w- c:\windows\system32\ativvaxx.dat
2009-08-12 01:59 . 2008-10-29 00:40 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2009-08-12 01:59 . 2008-10-29 00:19 44032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-12 01:59 . 2008-10-29 00:18 253952 ----a-w- c:\windows\system32\atiok3x2.dll
2009-08-12 01:59 . 2008-10-29 00:25 48640 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-12 01:46 . 2009-08-12 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2009-08-12 01:40 . 2009-08-12 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-08-12 01:36 . 2009-08-12 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-12 01:34 . 2009-08-12 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-08-12 01:24 . 2009-08-12 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware
2009-08-12 01:23 . 2009-08-12 01:46 -------- d-----w- c:\program files\ParetoLogic
2009-08-12 01:23 . 2009-08-12 01:36 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-08-11 04:29 . 2009-08-11 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-08-11 04:29 . 2009-08-12 01:58 -------- d-----w- c:\program files\RegCure
2009-08-11 03:39 . 2009-08-11 15:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-08-10 02:41 . 2009-08-10 02:54 -------- d-----w- c:\program files\Uniblue
2009-08-09 20:00 . 2009-08-09 20:00 -------- d--h--w- c:\windows\PIF
2009-08-09 00:48 . 2009-08-09 00:48 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-08 21:06 . 2009-08-08 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-08-08 21:06 . 2009-08-14 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-08 21:06 . 2009-08-14 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-08 21:04 . 2009-08-08 21:04 -------- d-----w- c:\documents and settings\All Users\Symantec Temporary Files
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-15 00:44 . 2005-06-13 19:00 407040 ----a-w- c:\windows\system32\netlogon.dll
2009-08-14 03:14 . 2005-06-14 19:48 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-14 02:43 . 2005-10-27 00:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-12 03:42 . 2005-06-14 18:58 -------- d-----w- c:\program files\Java
2009-08-12 03:38 . 2008-12-06 13:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-12 01:39 . 2005-12-05 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-08-11 04:00 . 2008-12-02 03:02 20480 ----a-w- c:\windows\rmlluf32.dll
2009-08-09 00:49 . 2008-12-06 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-09 00:48 . 2008-12-06 04:50 -------- d-----w- c:\program files\NOS
2009-08-08 19:57 . 2009-08-08 19:57 18419 ----a-w- c:\program files\Common Files\amunax.ban
2009-08-08 19:57 . 2009-08-08 19:57 15388 ----a-w- c:\program files\Common Files\ifuk.dl
2009-08-08 19:18 . 2005-12-05 00:04 -------- d-----w- c:\program files\Real
2009-08-08 19:18 . 2005-12-05 00:04 -------- d-----w- c:\program files\Common Files\Real
2009-08-05 09:01 . 2005-06-13 19:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-06-13 19:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 21:21 . 2005-06-14 19:48 -------- d-----w- c:\program files\Google
2009-07-15 21:18 . 2009-07-15 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-14 04:43 . 2005-06-13 19:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-07 02:27 . 2009-07-07 02:27 -------- d-----w- c:\program files\MSECache
2009-07-03 17:09 . 2005-06-13 19:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-20 17:16 . 2009-06-20 17:16 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-16 14:36 . 2005-06-13 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-06-13 19:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2005-06-13 19:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2005-06-13 19:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2005-06-13 19:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2005-06-13 19:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 16:42 . 2009-06-20 17:20 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 16:42 . 2009-06-20 17:20 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 19:09 . 2005-06-13 19:00 1291264 ----a-w- c:\windows\system32\quartz.dll
1997-06-23 09:00 . 1997-06-23 09:00 123664 --sha-w- c:\windows\system32\Msjint35.dll
1997-06-23 18:06 . 1997-06-23 18:06 24848 --sha-w- c:\windows\system32\Msjter35.dll
1997-06-23 18:06 . 1997-06-23 18:06 252176 --sha-w- c:\windows\system32\Msrd2x35.dll
1997-06-23 18:06 . 1997-06-23 18:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-15_19.29.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-10-04 02:06 . 2009-06-11 03:14 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-10-04 02:06 . 2009-08-21 03:04 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-10-04 02:06 . 2009-08-21 03:04 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-10-04 02:06 . 2009-06-11 03:14 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-10-04 02:06 . 2009-08-21 03:04 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-10-04 02:06 . 2009-06-11 03:14 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2006-10-04 02:06 . 2009-08-21 03:04 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-10-04 02:06 . 2009-06-11 03:14 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-10-04 02:06 . 2009-08-21 03:04 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-10-04 02:06 . 2009-06-11 03:14 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-10-04 02:06 . 2009-06-11 03:14 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-10-04 02:06 . 2009-08-21 03:04 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-10-04 02:06 . 2009-06-11 03:14 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-10-04 02:06 . 2009-08-21 03:04 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-10-04 02:06 . 2009-06-11 03:14 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-10-04 02:06 . 2009-08-21 03:04 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-10-04 02:06 . 2009-06-11 03:14 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-10-04 02:06 . 2009-08-21 03:04 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2006-10-04 02:06 . 2009-06-11 03:14 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2006-10-04 02:06 . 2009-08-21 03:04 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-10-04 02:06 . 2009-06-11 03:14 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2006-10-04 02:06 . 2009-08-21 03:04 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-07-20 17:03 . 2009-07-20 17:03 16465408 c:\windows\Installer\23948.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

ComboFix second part of log

Post by chugaz77 on Sat 22 Aug - 14:20

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2005-03-21 99480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-04-28 260896]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1171131538\ee\AOLSoftware.exe" [2006-09-26 50736]
"SsAAD.exe"="c:\progra~1\sony\SONICS~1\SsAAD.exe" [2005-01-25 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-02 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-11-29 2748928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-12-4 156784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SpySubtract.lnk - c:\program files\InterMute\SpySubtract\SpySub.exe [2005-10-26 1187840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=ma_cmidn.dll
"midi2"=evolusbn.dll
"midi3"=evolusbn.dll
"midi4"=evolusbn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 6:47 AM 98304]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 5:40 AM 118784]
S2 UnoInstallerService;Uno Installer;c:\program files\M-Audio Uno\UnoInst.exe [12/6/2008 6:44 PM 106496]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\drivers\atinysxx.sys [7/23/2006 2:01 PM 79360]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\drivers\atinyvxx.sys [7/23/2006 2:01 PM 174592]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\drivers\atinyuxx.sys [7/23/2006 2:01 PM 64512]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\drivers\ATIUTD.sys [7/23/2006 2:01 PM 38912]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;c:\windows\system32\drivers\evolusb.sys [12/6/2008 6:44 PM 21984]
S3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [12/16/2008 5:22 PM 79649]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\drivers\atinyttx.sys [7/23/2006 2:01 PM 13824]
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 17:34]

2009-08-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]

2009-08-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 21:18]

2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 21:19]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 21:19]

2009-08-12 c:\windows\Tasks\ParetoLogic Anti-Spyware.job
- c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2009-08-05 14:58]

2009-08-12 c:\windows\Tasks\ParetoLogic Privacy Controls_{8ADF83AE-86ED-11DE-AB8C-00038A000015}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2008-11-25 16:29]

2009-08-15 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]

2009-08-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]

2009-08-12 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS\Pareto_Update.exe [2009-08-05 18:39]

2009-08-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-08-21 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-08-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-20 22:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2401486418-478724150-597275819-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,8a,73,0c,7e,8c,50,42,b1,3e,1e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,8a,73,0c,7e,8c,50,42,b1,3e,1e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-21 22:34
ComboFix-quarantined-files.txt 2009-08-21 03:34
ComboFix2.txt 2009-08-21 03:20
ComboFix3.txt 2009-08-16 01:11
ComboFix4.txt 2009-08-15 23:45
ComboFix5.txt 2009-08-21 03:28

Pre-Run: 61,770,547,200 bytes free
Post-Run: 61,709,266,944 bytes free

281 --- E O F --- 2009-08-21 03:04

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by Origin on Sat 22 Aug - 17:42

Can you run another Malwarebytes scan and post the results back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by chugaz77 on Sat 22 Aug - 21:17

alwarebytes' Anti-Malware 1.40
Database version: 2631
Windows 5.1.2600 Service Pack 3 (Safe Mode)

8/22/2009 4:11:58 PM
mbam-log-2009-08-22 (16-11-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 317049
Time elapsed: 33 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by Origin on Tue 25 Aug - 15:28

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: pc antispyware

Post by chugaz77 on Tue 25 Aug - 17:21

i have not used that computer yet. since it is not 100%, i don't want it to get messed up again.
Thanks for the help, i will try the tool from above...
I'll let you know how it goes...

chugaz77
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-08-14
OS OS : XP, Vista
Points Points : 26748
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum