Welcome to GeekPolice!
HomeRapid Antivirus Infection and other garbage
Page 1 of 2 • 1, 2 
- mrmccleve
Novice
-
OS : Windows XP Pro
Posts : 6
Rubies : 3213
Likes : 0 
mrmccleve on 7th December 2008, 6:14 pm
My computer has been infected with the Rapid Antivirus bug and other problems have been showing up too. There are a couple of web link shortcuts that automatically appear on the desktop no matter how many times I delete them. These links are to porn sites.
I had a firewall on. I had Symantec Antivirus with all the current updates running. I had all Windows updates installed. I am not sure how the Rapid Antivirus bug got on the computer or these other problems. My son was on the computer for a short while. Maybe something happened then.
Anyway, I did some searching for ways to get rid of the Rapid Antivirus bug and followed some instructions that included doing a file search and deleting files I found. Checking for any running processes via the Windows Task Manager and deleting any associated with the Rapid Antivirus bug. Also, I did a search in the Registry Keys and deleted a couple of keys that the instructions said were related to it.
But, the problems don't go away. Usually, soon after I start the computer a bubble pops up over in the System Tray that says, "Attention! Low Performance!" and then goes on to explain that there may be a malware infection. This message sometimes says other problems, but essentially lead to the same recommendation that I need to scan for malware. I have not followed any of those instructions.
I will also get a window pop-up saying that "Excessive SMTP email traffic has been detected. Probable spambot infection. Do you wish to scan for spambot type malware now? (recommended)" This comes with a Yes and a No choice. The "Close Dialog Box" red X in the upper right hand corner is dimmed and not functioning. I have ignored this window, not checking either Yes or No, but the window won't go away. This window also remains as the top most window at all times.
My Symantec Antivirus does scan and find problems, such as a "Backdoor..." virus, but it won't get rid of it. It just leaves it alone.
I have downloaded, installed, and run "Hijack This" on the computer. Here is a copy of the log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:45 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiconf.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Michael\Desktop\Hijack(GP)This.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6514 bytes
Thanks for your help. The second part of the required files will follow in a 2nd post, as requested.
Michael
Email removed for users safety and privacy - Belahzur
I had a firewall on. I had Symantec Antivirus with all the current updates running. I had all Windows updates installed. I am not sure how the Rapid Antivirus bug got on the computer or these other problems. My son was on the computer for a short while. Maybe something happened then.
Anyway, I did some searching for ways to get rid of the Rapid Antivirus bug and followed some instructions that included doing a file search and deleting files I found. Checking for any running processes via the Windows Task Manager and deleting any associated with the Rapid Antivirus bug. Also, I did a search in the Registry Keys and deleted a couple of keys that the instructions said were related to it.
But, the problems don't go away. Usually, soon after I start the computer a bubble pops up over in the System Tray that says, "Attention! Low Performance!" and then goes on to explain that there may be a malware infection. This message sometimes says other problems, but essentially lead to the same recommendation that I need to scan for malware. I have not followed any of those instructions.
I will also get a window pop-up saying that "Excessive SMTP email traffic has been detected. Probable spambot infection. Do you wish to scan for spambot type malware now? (recommended)" This comes with a Yes and a No choice. The "Close Dialog Box" red X in the upper right hand corner is dimmed and not functioning. I have ignored this window, not checking either Yes or No, but the window won't go away. This window also remains as the top most window at all times.
My Symantec Antivirus does scan and find problems, such as a "Backdoor..." virus, but it won't get rid of it. It just leaves it alone.
I have downloaded, installed, and run "Hijack This" on the computer. Here is a copy of the log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:45 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiconf.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Michael\Desktop\Hijack(GP)This.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6514 bytes
Thanks for your help. The second part of the required files will follow in a 2nd post, as requested.
Michael
Email removed for users safety and privacy - Belahzur
- mrmccleveNovice
-
OS : Windows XP Pro
Posts : 6
Rubies : 3213
Likes : 0 -
mrmccleve on 7th December 2008, 6:16 pm
Here is the Uninstall List from Hijack This:
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9
Blue CoatŪ K9 Web Protection 4.0.284
Broadcom 440x 10/100 Integrated Controller
Cisco Systems VPN Client 5.0.01.0600
Conexant HDA D330 MDC V.92 Modem
Dell Resource CD
Dell Touchpad
Dell Wireless WLAN Card Utility
GameTap Web Player
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
IntelliSonic Speech Enhancement
Jewelry Designer Manager Pro
LiveUpdate 3.2 (Symantec Corporation)
Microsoft Access 2000 SR-1 Runtime
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
NVIDIA Drivers
Pdf995
PowerDVD 5.7
QuickSet
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SigmaTel Audio
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Symantec AntiVirus
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3
Thanks,
Michael
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9
Blue CoatŪ K9 Web Protection 4.0.284
Broadcom 440x 10/100 Integrated Controller
Cisco Systems VPN Client 5.0.01.0600
Conexant HDA D330 MDC V.92 Modem
Dell Resource CD
Dell Touchpad
Dell Wireless WLAN Card Utility
GameTap Web Player
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
IntelliSonic Speech Enhancement
Jewelry Designer Manager Pro
LiveUpdate 3.2 (Symantec Corporation)
Microsoft Access 2000 SR-1 Runtime
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
NVIDIA Drivers
Pdf995
PowerDVD 5.7
QuickSet
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SigmaTel Audio
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Symantec AntiVirus
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3
Thanks,
Michael
- Belahzur
Site Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218010
Likes : 18 -
Belahzur on 7th December 2008, 6:17 pm
Hello.
I have removed your email adress from your post for your safety and privacy.
Delete this file in bold:
C:\windows\system32\msiconf.exe
I have removed your email adress from your post for your safety and privacy.
- Open HijackThis
- Choose "Do a system scan only"
- Check the boxes in front of these lines:
O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe - Press "Fix Checked"
- Close Hijack This.
Delete this file in bold:
C:\windows\system32\msiconf.exe
- Download combofix from here, use the top links - combofix.exe
- Double click on ComboFix.exe.
- Follow the prompts. NOTE:
- ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan. - The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
- Allow ComboFix to download the Recovery Console.
- Accept the End-User License Agreement.
- The Recovery Console will be installed.
- You will this next prompt that asks if you want to continue the malware scan, select yes
- Allow combofix to run
- Post C:\combofix.txt back here.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- mrmccleveNovice
-
OS : Windows XP Pro
Posts : 6
Rubies : 3213
Likes : 0 -
mrmccleve on 7th December 2008, 6:33 pm
ComboFix 08-12-06.06 - Michael 2008-12-07 13:28:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1473 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSStkdv.log
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-07 13:00 . 2008-12-07 13:00 46,640 --a------ c:\windows\system32\msln.exe
2008-12-07 12:56 . 2008-12-07 12:58 d-------- c:\program files\Blue Coat K9 Web Protection
2008-12-06 21:40 . 2008-12-06 21:40 d-------- c:\documents and settings\admin
2008-12-06 21:16 . 2008-12-06 21:16 0 --a------ c:\windows\vpc32.INI
2008-12-06 21:01 . 2008-12-06 21:01 d-------- c:\documents and settings\Michael\Application Data\s_5849_MTF8fHx8MTF8fHwxMjQxMjQxMzQwfA_
2008-12-06 13:18 . 2008-12-06 13:18 d-------- c:\documents and settings\All Users\Application Data\Musicnotes
2008-12-05 18:57 . 2008-12-05 18:57 d-------- c:\documents and settings\Michael\Application Data\CyberLink
2008-12-04 19:31 . 2008-12-04 19:31 d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-12-04 17:18 . 2008-12-04 17:18 d-------- c:\program files\GameTap Web Player
2008-12-04 17:17 . 2008-12-04 18:33 d-------- c:\documents and settings\All Users\Application Data\GameTap Web Player
2008-12-02 12:11 . 2001-05-12 12:39 393,216 --a------ c:\windows\system32\DBPix.ocx
2008-12-02 12:11 . 2003-12-19 14:21 204,800 --a------ c:\windows\system32\SagekeySecurity.ocx
2008-12-02 12:11 . 2003-12-17 10:52 57,344 --a------ c:\windows\system32\sagekey6.dll
2008-12-02 12:10 . 2008-12-02 12:10 d-------- c:\program files\Snapshot Viewer
2008-12-02 12:10 . 2008-12-02 12:11 d-------- c:\program files\Jewelry Designer Manager
2008-12-02 12:10 . 1998-09-16 22:20 393,216 --a------ c:\windows\system32\MSRDO20.DLL
2008-12-02 12:10 . 1998-09-16 22:20 151,552 --a------ c:\windows\system32\RDOCURS.DLL
2008-12-02 12:10 . 1998-08-09 11:07 94,208 --a------ c:\windows\system32\MSSTKPRP.DLL
2008-12-02 12:10 . 1999-03-03 12:05 81,920 --a------ c:\windows\system32\MDT2FW95.DLL
2008-12-02 12:10 . 1998-04-03 19:12 68,080 --a------ c:\windows\system32\DIMM.DLL
2008-12-02 12:10 . 1999-01-22 11:46 65,536 --a------ c:\windows\system32\MSRTEDIT.DLL
2008-12-02 12:10 . 1998-06-17 03:08 53,248 --a------ c:\windows\system32\MFC42ENU.DLL
2008-12-02 12:10 . 1998-08-31 15:05 32,768 --a------ c:\windows\system32\hlinkprx.dll
2008-12-02 12:10 . 1997-08-19 00:00 31,744 --a------ c:\windows\system32\hlp95en.dll
2008-12-02 12:10 . 1998-03-13 18:22 20,080 --a------ c:\windows\system32\WINSSPI.DLL
2008-12-02 11:13 . 2008-12-02 11:13 d-------- c:\documents and settings\All Users\Application Data\espionServerData
2008-12-02 09:15 . 2008-12-02 09:15 d-------- c:\documents and settings\Michael\Application Data\pdf995
2008-12-02 09:15 . 2008-12-02 09:15 28 --a------ c:\windows\pdf995.ini
2008-12-02 09:09 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-02 09:09 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-02 09:09 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-02 09:07 . 2008-12-02 09:08 d-------- c:\program files\pdf995
2008-12-02 09:07 . 2008-12-02 18:14 d-------- c:\documents and settings\All Users\Application Data\pdf995
2008-12-02 09:07 . 2008-12-02 09:07 249,856 --a------ c:\windows\system32\pdfmona.dll
2008-12-02 09:07 . 2008-12-02 09:07 51,716 --a------ c:\windows\system32\pdf995mon.dll
2008-12-02 09:07 . 2008-12-02 18:14 59 --a------ c:\windows\wpd99.drv
2008-11-25 17:06 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2008-11-25 17:05 . 2008-11-25 17:05 d-------- c:\program files\Microsoft Works
2008-11-25 17:00 . 2008-11-25 17:04 d-------- c:\windows\SHELLNEW
2008-11-25 16:59 . 2008-12-03 08:14 d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-25 16:58 . 2008-11-25 16:58 dr-h----- C:\MSOCache
2008-11-25 16:50 . 2008-11-25 16:50 d-------- c:\windows\Internet Logs
2008-11-25 16:49 . 2008-11-25 16:49 d-------- c:\program files\Common Files\Deterministic Networks
2008-11-25 16:49 . 2008-11-25 16:49 d-------- c:\program files\Cisco Systems
2008-11-25 16:49 . 2007-01-31 13:45 127,376 --a------ c:\windows\system32\drivers\dne2000.sys
2008-11-25 16:49 . 2007-01-31 13:45 101,904 --a------ c:\windows\system32\dneinobj.dll
2008-11-25 16:48 . 2008-11-25 16:50 1,594 --a------ c:\windows\VPNInstall.MIF
2008-11-25 16:41 . 2008-11-25 16:46 d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 16:41 . 2008-11-25 16:54 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 16:40 . 2008-11-25 16:40 d-------- c:\program files\Common Files\Adobe AIR
2008-11-25 16:40 . 2008-11-25 16:40 0 --a------ c:\windows\nsreg.dat
2008-11-25 16:39 . 2008-12-02 08:40 d-------- c:\program files\Common Files\Adobe
2008-11-25 16:32 . 2008-11-25 16:32 110,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-25 16:32 . 2008-11-25 16:32 48,768 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-25 16:32 . 2008-11-25 16:32 8,014 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-25 16:32 . 2008-11-25 16:32 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-25 16:31 . 2008-12-07 12:58 d-------- c:\program files\Symantec AntiVirus
2008-11-25 16:31 . 2008-11-25 16:32 d-------- c:\program files\Symantec
2008-11-25 16:31 . 2008-11-25 16:32 d-------- c:\program files\Common Files\Symantec Shared
2008-11-25 16:31 . 2008-11-25 16:31 d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-25 16:21 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-25 16:21 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-25 16:21 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-25 16:21 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-25 16:21 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-25 16:21 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-25 16:21 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-25 16:21 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-25 16:21 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-25 15:20 . 2008-11-25 15:20 d-------- c:\windows\system32\scripting
2008-11-25 15:18 . 2008-11-25 15:18 d-------- c:\windows\ServicePackFiles
2008-11-25 15:18 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-11-25 15:14 . 2006-12-29 00:31 19,569 --a------ c:\windows\002874_.tmp
2008-11-25 15:08 . 2008-11-25 15:08 d-------- c:\program files\CyberLink
2008-11-25 14:52 . 2008-11-25 14:52 d-------- c:\windows\system32\vmm32
2008-11-25 14:52 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-25 14:52 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-25 14:52 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-25 14:52 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-25 14:51 . 2008-11-25 14:51 d--hs---- c:\documents and settings\Michael\UserData
2008-11-25 14:51 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-25 14:51 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-25 14:51 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-25 14:51 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-25 14:50 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-25 14:48 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-25 14:48 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-25 14:46 . 2008-11-25 14:46 d-------- c:\program files\DIFX
2008-11-25 14:46 . 2004-09-03 10:00 90,112 --a------ c:\windows\system32\snymsico.dll
2008-11-25 14:46 . 2006-11-14 19:42 43,520 --a------ c:\windows\system32\drivers\rimsptsk.sys
2008-11-25 14:46 . 2006-11-14 17:35 37,376 --a------ c:\windows\system32\drivers\rixdptsk.sys
2008-11-25 14:46 . 2006-11-15 00:16 32,256 --a------ c:\windows\system32\drivers\rimmptsk.sys
2008-11-25 14:46 . 2005-05-06 19:06 16,480 --a------ c:\windows\system32\rixdicon.dll
2008-11-25 14:45 . 2008-11-25 14:47 d-------- c:\program files\Dell
2008-11-25 14:45 . 2008-11-25 14:45 d-------- c:\documents and settings\Michael\Application Data\InstallShield
2008-11-25 14:45 . 2008-11-25 14:45 d-------- c:\documents and settings\Michael\Application Data\Dell
2008-11-25 14:45 . 2005-08-12 17:50 16,128 --a------ c:\windows\system32\drivers\APPDRV.SYS
2008-11-25 14:43 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-25 14:40 . 2008-11-25 14:40 d-------- c:\program files\Synaptics
2008-11-25 14:40 . 2007-10-26 13:57 216,800 --a------ c:\windows\system32\drivers\SynTP.sys
2008-11-25 14:40 . 2007-10-26 14:01 196,608 --a------ c:\windows\system32\SynCtrl.dll
2008-11-25 14:40 . 2007-10-26 14:01 163,840 --a------ c:\windows\system32\SynCOM.dll
2008-11-25 14:40 . 2007-10-26 14:09 147,456 --a------ c:\windows\system32\SynTPAPI.dll
2008-11-25 14:40 . 2007-10-26 14:38 110,592 --a------ c:\windows\system32\SynTPCo4.dll
2008-11-25 14:39 . 2008-11-25 14:39 d-------- c:\program files\Intel
2008-11-25 14:39 . 2008-11-25 14:39 d-------- C:\Intel
2008-11-25 14:28 . 2008-11-25 14:28 d-------- c:\program files\CONEXANT
2008-11-25 14:28 . 2007-08-02 17:35 989,952 -ra------ c:\windows\system32\drivers\HSF_DPV.sys
2008-11-25 14:28 . 2007-08-02 17:34 731,136 -ra------ c:\windows\system32\drivers\HSF_CNXT.sys
2008-11-25 14:28 . 2007-07-24 15:08 217,088 -ra------ c:\windows\system32\UCI32M21.dll
2008-11-25 14:28 . 2007-08-02 17:34 211,200 -ra------ c:\windows\system32\drivers\HSFHWAZL.sys
2008-11-25 14:28 . 2006-06-19 14:26 94,208 -ra------ c:\windows\system32\mdmxsdk.dll
2008-11-25 14:28 . 2006-06-19 14:26 12,672 -ra------ c:\windows\system32\drivers\mdmxsdk.sys
2008-11-25 14:22 . 2008-04-14 00:15 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2008-11-25 14:22 . 2007-09-06 14:04 143,891 --a------ c:\windows\system32\drivers\del1028.cty
2008-11-25 14:22 . 2008-04-13 22:09 142,592 --a------ c:\windows\system32\drivers\aec.sys
2008-11-25 14:22 . 2008-04-14 00:47 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1473 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSStkdv.log
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-07 13:00 . 2008-12-07 13:00 46,640 --a------ c:\windows\system32\msln.exe
2008-12-07 12:56 . 2008-12-07 12:58
2008-12-06 21:40 . 2008-12-06 21:40
2008-12-06 21:16 . 2008-12-06 21:16 0 --a------ c:\windows\vpc32.INI
2008-12-06 21:01 . 2008-12-06 21:01
2008-12-06 13:18 . 2008-12-06 13:18
2008-12-05 18:57 . 2008-12-05 18:57
2008-12-04 19:31 . 2008-12-04 19:31
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-12-04 17:18 . 2008-12-04 17:18
2008-12-04 17:17 . 2008-12-04 18:33
2008-12-02 12:11 . 2001-05-12 12:39 393,216 --a------ c:\windows\system32\DBPix.ocx
2008-12-02 12:11 . 2003-12-19 14:21 204,800 --a------ c:\windows\system32\SagekeySecurity.ocx
2008-12-02 12:11 . 2003-12-17 10:52 57,344 --a------ c:\windows\system32\sagekey6.dll
2008-12-02 12:10 . 2008-12-02 12:10
2008-12-02 12:10 . 2008-12-02 12:11
2008-12-02 12:10 . 1998-09-16 22:20 393,216 --a------ c:\windows\system32\MSRDO20.DLL
2008-12-02 12:10 . 1998-09-16 22:20 151,552 --a------ c:\windows\system32\RDOCURS.DLL
2008-12-02 12:10 . 1998-08-09 11:07 94,208 --a------ c:\windows\system32\MSSTKPRP.DLL
2008-12-02 12:10 . 1999-03-03 12:05 81,920 --a------ c:\windows\system32\MDT2FW95.DLL
2008-12-02 12:10 . 1998-04-03 19:12 68,080 --a------ c:\windows\system32\DIMM.DLL
2008-12-02 12:10 . 1999-01-22 11:46 65,536 --a------ c:\windows\system32\MSRTEDIT.DLL
2008-12-02 12:10 . 1998-06-17 03:08 53,248 --a------ c:\windows\system32\MFC42ENU.DLL
2008-12-02 12:10 . 1998-08-31 15:05 32,768 --a------ c:\windows\system32\hlinkprx.dll
2008-12-02 12:10 . 1997-08-19 00:00 31,744 --a------ c:\windows\system32\hlp95en.dll
2008-12-02 12:10 . 1998-03-13 18:22 20,080 --a------ c:\windows\system32\WINSSPI.DLL
2008-12-02 11:13 . 2008-12-02 11:13
2008-12-02 09:15 . 2008-12-02 09:15
2008-12-02 09:15 . 2008-12-02 09:15 28 --a------ c:\windows\pdf995.ini
2008-12-02 09:09 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-02 09:09 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-02 09:09 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-02 09:07 . 2008-12-02 09:08
2008-12-02 09:07 . 2008-12-02 18:14
2008-12-02 09:07 . 2008-12-02 09:07 249,856 --a------ c:\windows\system32\pdfmona.dll
2008-12-02 09:07 . 2008-12-02 09:07 51,716 --a------ c:\windows\system32\pdf995mon.dll
2008-12-02 09:07 . 2008-12-02 18:14 59 --a------ c:\windows\wpd99.drv
2008-11-25 17:06 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2008-11-25 17:05 . 2008-11-25 17:05
2008-11-25 17:00 . 2008-11-25 17:04
2008-11-25 16:59 . 2008-12-03 08:14
2008-11-25 16:58 . 2008-11-25 16:58
2008-11-25 16:50 . 2008-11-25 16:50
2008-11-25 16:49 . 2008-11-25 16:49
2008-11-25 16:49 . 2008-11-25 16:49
2008-11-25 16:49 . 2007-01-31 13:45 127,376 --a------ c:\windows\system32\drivers\dne2000.sys
2008-11-25 16:49 . 2007-01-31 13:45 101,904 --a------ c:\windows\system32\dneinobj.dll
2008-11-25 16:48 . 2008-11-25 16:50 1,594 --a------ c:\windows\VPNInstall.MIF
2008-11-25 16:41 . 2008-11-25 16:46
2008-11-25 16:41 . 2008-11-25 16:54
2008-11-25 16:40 . 2008-11-25 16:40
2008-11-25 16:40 . 2008-11-25 16:40 0 --a------ c:\windows\nsreg.dat
2008-11-25 16:39 . 2008-12-02 08:40
2008-11-25 16:32 . 2008-11-25 16:32 110,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-25 16:32 . 2008-11-25 16:32 48,768 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-25 16:32 . 2008-11-25 16:32 8,014 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-25 16:32 . 2008-11-25 16:32 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-25 16:31 . 2008-12-07 12:58
2008-11-25 16:31 . 2008-11-25 16:32
2008-11-25 16:31 . 2008-11-25 16:32
2008-11-25 16:31 . 2008-11-25 16:31
2008-11-25 16:21 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-25 16:21 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-25 16:21 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-25 16:21 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-25 16:21 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-25 16:21 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-25 16:21 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-25 16:21 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-25 16:21 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-25 15:20 . 2008-11-25 15:20
2008-11-25 15:18 . 2008-11-25 15:18
2008-11-25 15:18 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-11-25 15:14 . 2006-12-29 00:31 19,569 --a------ c:\windows\002874_.tmp
2008-11-25 15:08 . 2008-11-25 15:08
2008-11-25 14:52 . 2008-11-25 14:52
2008-11-25 14:52 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-25 14:52 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-25 14:52 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-25 14:52 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-25 14:51 . 2008-11-25 14:51
2008-11-25 14:51 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-25 14:51 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-25 14:51 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-25 14:51 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-25 14:50 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-25 14:48 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-25 14:48 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-25 14:46 . 2008-11-25 14:46
2008-11-25 14:46 . 2004-09-03 10:00 90,112 --a------ c:\windows\system32\snymsico.dll
2008-11-25 14:46 . 2006-11-14 19:42 43,520 --a------ c:\windows\system32\drivers\rimsptsk.sys
2008-11-25 14:46 . 2006-11-14 17:35 37,376 --a------ c:\windows\system32\drivers\rixdptsk.sys
2008-11-25 14:46 . 2006-11-15 00:16 32,256 --a------ c:\windows\system32\drivers\rimmptsk.sys
2008-11-25 14:46 . 2005-05-06 19:06 16,480 --a------ c:\windows\system32\rixdicon.dll
2008-11-25 14:45 . 2008-11-25 14:47
2008-11-25 14:45 . 2008-11-25 14:45
2008-11-25 14:45 . 2008-11-25 14:45
2008-11-25 14:45 . 2005-08-12 17:50 16,128 --a------ c:\windows\system32\drivers\APPDRV.SYS
2008-11-25 14:43 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-25 14:40 . 2008-11-25 14:40
2008-11-25 14:40 . 2007-10-26 13:57 216,800 --a------ c:\windows\system32\drivers\SynTP.sys
2008-11-25 14:40 . 2007-10-26 14:01 196,608 --a------ c:\windows\system32\SynCtrl.dll
2008-11-25 14:40 . 2007-10-26 14:01 163,840 --a------ c:\windows\system32\SynCOM.dll
2008-11-25 14:40 . 2007-10-26 14:09 147,456 --a------ c:\windows\system32\SynTPAPI.dll
2008-11-25 14:40 . 2007-10-26 14:38 110,592 --a------ c:\windows\system32\SynTPCo4.dll
2008-11-25 14:39 . 2008-11-25 14:39
2008-11-25 14:39 . 2008-11-25 14:39
2008-11-25 14:28 . 2008-11-25 14:28
2008-11-25 14:28 . 2007-08-02 17:35 989,952 -ra------ c:\windows\system32\drivers\HSF_DPV.sys
2008-11-25 14:28 . 2007-08-02 17:34 731,136 -ra------ c:\windows\system32\drivers\HSF_CNXT.sys
2008-11-25 14:28 . 2007-07-24 15:08 217,088 -ra------ c:\windows\system32\UCI32M21.dll
2008-11-25 14:28 . 2007-08-02 17:34 211,200 -ra------ c:\windows\system32\drivers\HSFHWAZL.sys
2008-11-25 14:28 . 2006-06-19 14:26 94,208 -ra------ c:\windows\system32\mdmxsdk.dll
2008-11-25 14:28 . 2006-06-19 14:26 12,672 -ra------ c:\windows\system32\drivers\mdmxsdk.sys
2008-11-25 14:22 . 2008-04-14 00:15 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2008-11-25 14:22 . 2007-09-06 14:04 143,891 --a------ c:\windows\system32\drivers\del1028.cty
2008-11-25 14:22 . 2008-04-13 22:09 142,592 --a------ c:\windows\system32\drivers\aec.sys
2008-11-25 14:22 . 2008-04-14 00:47 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
- mrmccleveNovice
-
OS : Windows XP Pro
Posts : 6
Rubies : 3213
Likes : 0 -
mrmccleve on 7th December 2008, 6:34 pm
This is the 2nd half of the ComboFix.txt log
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 13:35 20,640 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-12-02 13:35 109,568 ------w c:\windows\system32\pxinsi64.exe
2008-12-02 13:35 108,544 ------w c:\windows\system32\pxcpyi64.exe
2008-11-25 18:50 --------- d-----w c:\program files\microsoft frontpage
2008-11-21 22:08 72,992 ----a-w c:\windows\system32\drivers\bckd.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"nwiz"="nwiz.exe" [2007-11-17 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-11-17 c:\windows\system32\nvhotkey.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-11-25 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2008-11-21 72992]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2008-11-21 1078560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-25 99376]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2007-10-07 116664]
*Newly Created Service* - BCKD
*Newly Created Service* - BCKWFS
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\updater.csv - c:\windows\Downloaded Program Files\GameTapWebUpdater.dll
O16 -: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}
hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
c:\windows\Downloaded Program Files\GameTapWebUpdater.inf
FireFox -: Profile - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\0a74hedd.default\
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 13:29:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-07 13:30:26
ComboFix-quarantined-files.txt 2008-12-07 18:30:23
Pre-Run: 137,145,839,616 bytes free
Post-Run: 137,418,952,704 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
230 --- E O F --- 2008-12-03 13:14:23
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 13:35 20,640 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-12-02 13:35 109,568 ------w c:\windows\system32\pxinsi64.exe
2008-12-02 13:35 108,544 ------w c:\windows\system32\pxcpyi64.exe
2008-11-25 18:50 --------- d-----w c:\program files\microsoft frontpage
2008-11-21 22:08 72,992 ----a-w c:\windows\system32\drivers\bckd.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"nwiz"="nwiz.exe" [2007-11-17 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-11-17 c:\windows\system32\nvhotkey.dll]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-11-25 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2008-11-21 72992]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2008-11-21 1078560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-25 99376]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2007-10-07 116664]
*Newly Created Service* - BCKD
*Newly Created Service* - BCKWFS
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\updater.csv - c:\windows\Downloaded Program Files\GameTapWebUpdater.dll
O16 -: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}
hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
c:\windows\Downloaded Program Files\GameTapWebUpdater.inf
FireFox -: Profile - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\0a74hedd.default\
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 13:29:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-07 13:30:26
ComboFix-quarantined-files.txt 2008-12-07 18:30:23
Pre-Run: 137,145,839,616 bytes free
Post-Run: 137,418,952,704 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
230 --- E O F --- 2008-12-03 13:14:23
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218010
Likes : 18 -
Belahzur on 7th December 2008, 7:09 pm
Now open a new notepad file.
Input this into the notepad file:
Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.
Input this into the notepad file:
File::
c:\windows\system32\msln.exe
Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
- mrmccleveNovice
-
OS : Windows XP Pro
Posts : 6
Rubies : 3213
Likes : 0 -
mrmccleve on 7th December 2008, 7:23 pm
Here is the 1st half of the Combofix log after I ran the CFscript.txt:
ComboFix 08-12-06.06 - Michael 2008-12-07 14:20:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1422 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFscript.txt
* Created a new restore point
FILE ::
c:\windows\system32\msln.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\msln.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-07 12:56 . 2008-12-07 12:58 d-------- c:\program files\Blue Coat K9 Web Protection
2008-12-06 21:40 . 2008-12-06 21:40 d-------- c:\documents and settings\admin
2008-12-06 21:16 . 2008-12-06 21:16 0 --a------ c:\windows\vpc32.INI
2008-12-06 21:01 . 2008-12-06 21:01 d-------- c:\documents and settings\Michael\Application Data\s_5849_MTF8fHx8MTF8fHwxMjQxMjQxMzQwfA_
2008-12-06 13:18 . 2008-12-06 13:18 d-------- c:\documents and settings\All Users\Application Data\Musicnotes
2008-12-05 18:57 . 2008-12-05 18:57 d-------- c:\documents and settings\Michael\Application Data\CyberLink
2008-12-04 19:31 . 2008-12-04 19:31 d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-12-04 17:18 . 2008-12-04 17:18 d-------- c:\program files\GameTap Web Player
2008-12-04 17:17 . 2008-12-04 18:33 d-------- c:\documents and settings\All Users\Application Data\GameTap Web Player
2008-12-02 12:11 . 2001-05-12 12:39 393,216 --a------ c:\windows\system32\DBPix.ocx
2008-12-02 12:11 . 2003-12-19 14:21 204,800 --a------ c:\windows\system32\SagekeySecurity.ocx
2008-12-02 12:11 . 2003-12-17 10:52 57,344 --a------ c:\windows\system32\sagekey6.dll
2008-12-02 12:10 . 2008-12-02 12:10 d-------- c:\program files\Snapshot Viewer
2008-12-02 12:10 . 2008-12-02 12:11 d-------- c:\program files\Jewelry Designer Manager
2008-12-02 12:10 . 1998-09-16 22:20 393,216 --a------ c:\windows\system32\MSRDO20.DLL
2008-12-02 12:10 . 1998-09-16 22:20 151,552 --a------ c:\windows\system32\RDOCURS.DLL
2008-12-02 12:10 . 1998-08-09 11:07 94,208 --a------ c:\windows\system32\MSSTKPRP.DLL
2008-12-02 12:10 . 1999-03-03 12:05 81,920 --a------ c:\windows\system32\MDT2FW95.DLL
2008-12-02 12:10 . 1998-04-03 19:12 68,080 --a------ c:\windows\system32\DIMM.DLL
2008-12-02 12:10 . 1999-01-22 11:46 65,536 --a------ c:\windows\system32\MSRTEDIT.DLL
2008-12-02 12:10 . 1998-06-17 03:08 53,248 --a------ c:\windows\system32\MFC42ENU.DLL
2008-12-02 12:10 . 1998-08-31 15:05 32,768 --a------ c:\windows\system32\hlinkprx.dll
2008-12-02 12:10 . 1997-08-19 00:00 31,744 --a------ c:\windows\system32\hlp95en.dll
2008-12-02 12:10 . 1998-03-13 18:22 20,080 --a------ c:\windows\system32\WINSSPI.DLL
2008-12-02 11:13 . 2008-12-02 11:13 d-------- c:\documents and settings\All Users\Application Data\espionServerData
2008-12-02 09:15 . 2008-12-02 09:15 d-------- c:\documents and settings\Michael\Application Data\pdf995
2008-12-02 09:15 . 2008-12-02 09:15 28 --a------ c:\windows\pdf995.ini
2008-12-02 09:09 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-02 09:09 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-02 09:09 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-02 09:07 . 2008-12-02 09:08 d-------- c:\program files\pdf995
2008-12-02 09:07 . 2008-12-02 18:14 d-------- c:\documents and settings\All Users\Application Data\pdf995
2008-12-02 09:07 . 2008-12-02 09:07 249,856 --a------ c:\windows\system32\pdfmona.dll
2008-12-02 09:07 . 2008-12-02 09:07 51,716 --a------ c:\windows\system32\pdf995mon.dll
2008-12-02 09:07 . 2008-12-02 18:14 59 --a------ c:\windows\wpd99.drv
2008-11-25 17:06 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2008-11-25 17:05 . 2008-11-25 17:05 d-------- c:\program files\Microsoft Works
2008-11-25 17:00 . 2008-11-25 17:04 d-------- c:\windows\SHELLNEW
2008-11-25 16:59 . 2008-12-03 08:14 d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-25 16:58 . 2008-11-25 16:58 dr-h----- C:\MSOCache
2008-11-25 16:50 . 2008-11-25 16:50 d-------- c:\windows\Internet Logs
2008-11-25 16:49 . 2008-11-25 16:49 d-------- c:\program files\Common Files\Deterministic Networks
2008-11-25 16:49 . 2008-11-25 16:49 d-------- c:\program files\Cisco Systems
2008-11-25 16:49 . 2007-01-31 13:45 127,376 --a------ c:\windows\system32\drivers\dne2000.sys
2008-11-25 16:49 . 2007-01-31 13:45 101,904 --a------ c:\windows\system32\dneinobj.dll
2008-11-25 16:48 . 2008-11-25 16:50 1,594 --a------ c:\windows\VPNInstall.MIF
2008-11-25 16:41 . 2008-11-25 16:46 d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 16:41 . 2008-11-25 16:54 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 16:40 . 2008-11-25 16:40 d-------- c:\program files\Common Files\Adobe AIR
2008-11-25 16:40 . 2008-11-25 16:40 0 --a------ c:\windows\nsreg.dat
2008-11-25 16:39 . 2008-12-02 08:40 d-------- c:\program files\Common Files\Adobe
2008-11-25 16:32 . 2008-11-25 16:32 110,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-25 16:32 . 2008-11-25 16:32 48,768 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-25 16:32 . 2008-11-25 16:32 8,014 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-25 16:32 . 2008-11-25 16:32 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-25 16:31 . 2008-12-07 12:58 d-------- c:\program files\Symantec AntiVirus
2008-11-25 16:31 . 2008-11-25 16:32 d-------- c:\program files\Symantec
2008-11-25 16:31 . 2008-11-25 16:32 d-------- c:\program files\Common Files\Symantec Shared
2008-11-25 16:31 . 2008-11-25 16:31 d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-25 16:21 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-25 16:21 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-25 16:21 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-25 16:21 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-25 16:21 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-25 16:21 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-25 16:21 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-25 16:21 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-25 16:21 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-25 15:20 . 2008-11-25 15:20 d-------- c:\windows\system32\scripting
2008-11-25 15:18 . 2008-11-25 15:18 d-------- c:\windows\ServicePackFiles
2008-11-25 15:18 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-11-25 15:14 . 2006-12-29 00:31 19,569 --a------ c:\windows\002874_.tmp
2008-11-25 15:08 . 2008-11-25 15:08 d-------- c:\program files\CyberLink
2008-11-25 14:52 . 2008-11-25 14:52 d-------- c:\windows\system32\vmm32
2008-11-25 14:52 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-25 14:52 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-25 14:52 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-25 14:52 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-25 14:51 . 2008-11-25 14:51 d--hs---- c:\documents and settings\Michael\UserData
2008-11-25 14:51 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-25 14:51 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-25 14:51 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-25 14:51 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-25 14:50 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-25 14:48 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-25 14:48 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-25 14:46 . 2008-11-25 14:46 d-------- c:\program files\DIFX
2008-11-25 14:46 . 2004-09-03 10:00 90,112 --a------ c:\windows\system32\snymsico.dll
2008-11-25 14:46 . 2006-11-14 19:42 43,520 --a------ c:\windows\system32\drivers\rimsptsk.sys
2008-11-25 14:46 . 2006-11-14 17:35 37,376 --a------ c:\windows\system32\drivers\rixdptsk.sys
2008-11-25 14:46 . 2006-11-15 00:16 32,256 --a------ c:\windows\system32\drivers\rimmptsk.sys
2008-11-25 14:46 . 2005-05-06 19:06 16,480 --a------ c:\windows\system32\rixdicon.dll
2008-11-25 14:45 . 2008-11-25 14:47 d-------- c:\program files\Dell
2008-11-25 14:45 . 2008-11-25 14:45 d-------- c:\documents and settings\Michael\Application Data\InstallShield
2008-11-25 14:45 . 2008-11-25 14:45 d-------- c:\documents and settings\Michael\Application Data\Dell
2008-11-25 14:45 . 2005-08-12 17:50 16,128 --a------ c:\windows\system32\drivers\APPDRV.SYS
2008-11-25 14:43 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-25 14:40 . 2008-11-25 14:40 d-------- c:\program files\Synaptics
2008-11-25 14:40 . 2007-10-26 13:57 216,800 --a------ c:\windows\system32\drivers\SynTP.sys
2008-11-25 14:40 . 2007-10-26 14:01 196,608 --a------ c:\windows\system32\SynCtrl.dll
2008-11-25 14:40 . 2007-10-26 14:01 163,840 --a------ c:\windows\system32\SynCOM.dll
2008-11-25 14:40 . 2007-10-26 14:09 147,456 --a------ c:\windows\system32\SynTPAPI.dll
2008-11-25 14:40 . 2007-10-26 14:38 110,592 --a------ c:\windows\system32\SynTPCo4.dll
2008-11-25 14:39 . 2008-11-25 14:39 d-------- c:\program files\Intel
2008-11-25 14:39 . 2008-11-25 14:39 d-------- C:\Intel
2008-11-25 14:28 . 2008-11-25 14:28 d-------- c:\program files\CONEXANT
2008-11-25 14:28 . 2007-08-02 17:35 989,952 -ra------ c:\windows\system32\drivers\HSF_DPV.sys
2008-11-25 14:28 . 2007-08-02 17:34 731,136 -ra------ c:\windows\system32\drivers\HSF_CNXT.sys
2008-11-25 14:28 . 2007-07-24 15:08 217,088 -ra------ c:\windows\system32\UCI32M21.dll
2008-11-25 14:28 . 2007-08-02 17:34 211,200 -ra------ c:\windows\system32\drivers\HSFHWAZL.sys
2008-11-25 14:28 . 2006-06-19 14:26 94,208 -ra------ c:\windows\system32\mdmxsdk.dll
2008-11-25 14:28 . 2006-06-19 14:26 12,672 -ra------ c:\windows\system32\drivers\mdmxsdk.sys
2008-11-25 14:22 . 2008-04-14 00:15 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2008-11-25 14:22 . 2007-09-06 14:04 143,891 --a------ c:\windows\system32\drivers\del1028.cty
2008-11-25 14:22 . 2008-04-13 22:09 142,592 --a------ c:\windows\system32\drivers\aec.sys
2008-11-25 14:22 . 2008-04-14 00:47 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
2008-11-25 14:22 . 2008-04-14 00:45 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
ComboFix 08-12-06.06 - Michael 2008-12-07 14:20:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1422 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFscript.txt
* Created a new restore point
FILE ::
c:\windows\system32\msln.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\msln.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-07 12:56 . 2008-12-07 12:58
2008-12-06 21:40 . 2008-12-06 21:40
2008-12-06 21:16 . 2008-12-06 21:16 0 --a------ c:\windows\vpc32.INI
2008-12-06 21:01 . 2008-12-06 21:01
2008-12-06 13:18 . 2008-12-06 13:18
2008-12-05 18:57 . 2008-12-05 18:57
2008-12-04 19:31 . 2008-12-04 19:31
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-12-04 17:18 . 2008-12-04 17:18
2008-12-04 17:17 . 2008-12-04 18:33
2008-12-02 12:11 . 2001-05-12 12:39 393,216 --a------ c:\windows\system32\DBPix.ocx
2008-12-02 12:11 . 2003-12-19 14:21 204,800 --a------ c:\windows\system32\SagekeySecurity.ocx
2008-12-02 12:11 . 2003-12-17 10:52 57,344 --a------ c:\windows\system32\sagekey6.dll
2008-12-02 12:10 . 2008-12-02 12:10
2008-12-02 12:10 . 2008-12-02 12:11
2008-12-02 12:10 . 1998-09-16 22:20 393,216 --a------ c:\windows\system32\MSRDO20.DLL
2008-12-02 12:10 . 1998-09-16 22:20 151,552 --a------ c:\windows\system32\RDOCURS.DLL
2008-12-02 12:10 . 1998-08-09 11:07 94,208 --a------ c:\windows\system32\MSSTKPRP.DLL
2008-12-02 12:10 . 1999-03-03 12:05 81,920 --a------ c:\windows\system32\MDT2FW95.DLL
2008-12-02 12:10 . 1998-04-03 19:12 68,080 --a------ c:\windows\system32\DIMM.DLL
2008-12-02 12:10 . 1999-01-22 11:46 65,536 --a------ c:\windows\system32\MSRTEDIT.DLL
2008-12-02 12:10 . 1998-06-17 03:08 53,248 --a------ c:\windows\system32\MFC42ENU.DLL
2008-12-02 12:10 . 1998-08-31 15:05 32,768 --a------ c:\windows\system32\hlinkprx.dll
2008-12-02 12:10 . 1997-08-19 00:00 31,744 --a------ c:\windows\system32\hlp95en.dll
2008-12-02 12:10 . 1998-03-13 18:22 20,080 --a------ c:\windows\system32\WINSSPI.DLL
2008-12-02 11:13 . 2008-12-02 11:13
2008-12-02 09:15 . 2008-12-02 09:15
2008-12-02 09:15 . 2008-12-02 09:15 28 --a------ c:\windows\pdf995.ini
2008-12-02 09:09 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-02 09:09 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-02 09:09 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-02 09:07 . 2008-12-02 09:08
2008-12-02 09:07 . 2008-12-02 18:14
2008-12-02 09:07 . 2008-12-02 09:07 249,856 --a------ c:\windows\system32\pdfmona.dll
2008-12-02 09:07 . 2008-12-02 09:07 51,716 --a------ c:\windows\system32\pdf995mon.dll
2008-12-02 09:07 . 2008-12-02 18:14 59 --a------ c:\windows\wpd99.drv
2008-11-25 17:06 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2008-11-25 17:05 . 2008-11-25 17:05
2008-11-25 17:00 . 2008-11-25 17:04
2008-11-25 16:59 . 2008-12-03 08:14
2008-11-25 16:58 . 2008-11-25 16:58
2008-11-25 16:50 . 2008-11-25 16:50
2008-11-25 16:49 . 2008-11-25 16:49
2008-11-25 16:49 . 2008-11-25 16:49
2008-11-25 16:49 . 2007-01-31 13:45 127,376 --a------ c:\windows\system32\drivers\dne2000.sys
2008-11-25 16:49 . 2007-01-31 13:45 101,904 --a------ c:\windows\system32\dneinobj.dll
2008-11-25 16:48 . 2008-11-25 16:50 1,594 --a------ c:\windows\VPNInstall.MIF
2008-11-25 16:41 . 2008-11-25 16:46
2008-11-25 16:41 . 2008-11-25 16:54
2008-11-25 16:40 . 2008-11-25 16:40
2008-11-25 16:40 . 2008-11-25 16:40 0 --a------ c:\windows\nsreg.dat
2008-11-25 16:39 . 2008-12-02 08:40
2008-11-25 16:32 . 2008-11-25 16:32 110,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-25 16:32 . 2008-11-25 16:32 48,768 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-25 16:32 . 2008-11-25 16:32 8,014 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-25 16:32 . 2008-11-25 16:32 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-25 16:31 . 2008-12-07 12:58
2008-11-25 16:31 . 2008-11-25 16:32
2008-11-25 16:31 . 2008-11-25 16:32
2008-11-25 16:31 . 2008-11-25 16:31
2008-11-25 16:21 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-25 16:21 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-25 16:21 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-25 16:21 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-25 16:21 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-25 16:21 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-25 16:21 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-25 16:21 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-25 16:21 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-25 15:20 . 2008-11-25 15:20
2008-11-25 15:18 . 2008-11-25 15:18
2008-11-25 15:18 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-11-25 15:14 . 2006-12-29 00:31 19,569 --a------ c:\windows\002874_.tmp
2008-11-25 15:08 . 2008-11-25 15:08
2008-11-25 14:52 . 2008-11-25 14:52
2008-11-25 14:52 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-25 14:52 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-25 14:52 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-25 14:52 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-25 14:51 . 2008-11-25 14:51
2008-11-25 14:51 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-25 14:51 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-25 14:51 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-25 14:51 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-25 14:50 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-25 14:48 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-25 14:48 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-25 14:46 . 2008-11-25 14:46
2008-11-25 14:46 . 2004-09-03 10:00 90,112 --a------ c:\windows\system32\snymsico.dll
2008-11-25 14:46 . 2006-11-14 19:42 43,520 --a------ c:\windows\system32\drivers\rimsptsk.sys
2008-11-25 14:46 . 2006-11-14 17:35 37,376 --a------ c:\windows\system32\drivers\rixdptsk.sys
2008-11-25 14:46 . 2006-11-15 00:16 32,256 --a------ c:\windows\system32\drivers\rimmptsk.sys
2008-11-25 14:46 . 2005-05-06 19:06 16,480 --a------ c:\windows\system32\rixdicon.dll
2008-11-25 14:45 . 2008-11-25 14:47
2008-11-25 14:45 . 2008-11-25 14:45
2008-11-25 14:45 . 2008-11-25 14:45
2008-11-25 14:45 . 2005-08-12 17:50 16,128 --a------ c:\windows\system32\drivers\APPDRV.SYS
2008-11-25 14:43 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-25 14:40 . 2008-11-25 14:40
2008-11-25 14:40 . 2007-10-26 13:57 216,800 --a------ c:\windows\system32\drivers\SynTP.sys
2008-11-25 14:40 . 2007-10-26 14:01 196,608 --a------ c:\windows\system32\SynCtrl.dll
2008-11-25 14:40 . 2007-10-26 14:01 163,840 --a------ c:\windows\system32\SynCOM.dll
2008-11-25 14:40 . 2007-10-26 14:09 147,456 --a------ c:\windows\system32\SynTPAPI.dll
2008-11-25 14:40 . 2007-10-26 14:38 110,592 --a------ c:\windows\system32\SynTPCo4.dll
2008-11-25 14:39 . 2008-11-25 14:39
2008-11-25 14:39 . 2008-11-25 14:39
2008-11-25 14:28 . 2008-11-25 14:28
2008-11-25 14:28 . 2007-08-02 17:35 989,952 -ra------ c:\windows\system32\drivers\HSF_DPV.sys
2008-11-25 14:28 . 2007-08-02 17:34 731,136 -ra------ c:\windows\system32\drivers\HSF_CNXT.sys
2008-11-25 14:28 . 2007-07-24 15:08 217,088 -ra------ c:\windows\system32\UCI32M21.dll
2008-11-25 14:28 . 2007-08-02 17:34 211,200 -ra------ c:\windows\system32\drivers\HSFHWAZL.sys
2008-11-25 14:28 . 2006-06-19 14:26 94,208 -ra------ c:\windows\system32\mdmxsdk.dll
2008-11-25 14:28 . 2006-06-19 14:26 12,672 -ra------ c:\windows\system32\drivers\mdmxsdk.sys
2008-11-25 14:22 . 2008-04-14 00:15 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2008-11-25 14:22 . 2007-09-06 14:04 143,891 --a------ c:\windows\system32\drivers\del1028.cty
2008-11-25 14:22 . 2008-04-13 22:09 142,592 --a------ c:\windows\system32\drivers\aec.sys
2008-11-25 14:22 . 2008-04-14 00:47 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
2008-11-25 14:22 . 2008-04-14 00:45 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218010
Likes : 18 -
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218010
Likes : 18 -
Belahzur on 7th December 2008, 7:53 pm
Hello.
We need to make a new restore point.
To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.
Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.
1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.
2) In order to protect yourself against spyware, you should consider installing and running the following free programs:
Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.
3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.
5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.
Please also read Tony Klein's excellent article: How I got Infected in the First Place
Hopefully this should take care of your problems! Good luck.
We need to make a new restore point.
To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.
Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.
1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.
2) In order to protect yourself against spyware, you should consider installing and running the following free programs:
Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.
3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.
5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.
Please also read Tony Klein's excellent article: How I got Infected in the First Place
Hopefully this should take care of your problems! Good luck.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.
Page 1 of 2 • 1, 2
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 2
Permissions in this forum:
You can reply to topics in this forum
