|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Antivirus Pro 2010
I have no idea how I got this, and have tried to remove it everywhere I can in my computer, but it still comes up and says my computer is infected and then freezes it up.
I have just gone through 3 weeks of having to have my computer completely refurbished TWICE and it was working fine, and now this. I am devastated. Can someone please help? Thanks so much! Toria |
#2
|
||||
|
||||
Hi Toria. I need to see some logs to be able to help you but before you provide them, you need to know that I have made a personal decision not to help remove malware from computers that have peer to peer software installed (and this includes Bit Torrent software) so if you want my help, please uninstall any such programs now and reboot.
Go here and download DDS to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. Also go here and download RootRepeal (the zipped version) and save it to your Desktop. Doubleclick to extract the compressed file to it's own folder and then rightclick on RootRepeal.exe and choose "Run as Administrator" Click on the Report tab and then click on Scan. A Windows will open asking what to include in the scan. Check all of the below and then click Ok. Drivers Files Processes SSDT Stealth Objects Hidden Services You will then be asked which drive to scan. Check C: (or the drive your operating system is installed on if not C) and click Ok again. The scan will start. It will take a little while so please be patient. When the scan has finished, click on Save Report. Name the log RootRepeal.txt and save it to your Documents folder (it should default there). When you have done this, please copy and paste it in this thread. Please do not run any programs other than those that I suggest or install any new software while I am helping you. |
#3
|
|||
|
|||
I don't know what in the world happened, but I posted the logs here and now they are gone. The stupid Antivirus thing is freezing my computer every time I try to enter something. I will retry. Also, I have no clue what a bit torrent is, but if you tell me, I will see if I have any and remove it.
|
#4
|
|||
|
|||
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 8/27/2009 8:16:05 AM System Uptime: 9/8/2009 10:41:50 AM (6 hours ago) Motherboard: Dell Inc. | | 0XD720 Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 1662/166mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 68 GiB total, 53.829 GiB free. E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 8/27/2009 9:03:11 AM - System Checkpoint RP2: 8/27/2009 9:32:02 AM - Installed Windows XP Service Pack 3. RP3: 8/27/2009 11:31:42 AM - Installed Adobe Reader 8.1.1 RP4: 8/27/2009 11:35:16 AM - Installed Nero RP5: 8/27/2009 11:38:18 AM - Installed SigmaTel Audio RP6: 8/27/2009 11:41:31 AM - Software Distribution Service 3.0 RP7: 8/27/2009 11:46:00 AM - Software Distribution Service 3.0 RP8: 8/27/2009 8:04:07 PM - Installed Microsoft Office Home and Student 2007 RP9: 8/27/2009 8:08:54 PM - Printer Driver Send To Microsoft OneNote Driver Installed RP10: 8/28/2009 5:45:25 PM - Installed PhotoImpact X3 RP11: 8/30/2009 8:34:39 PM - System Checkpoint RP12: 9/1/2009 11:22:04 AM - System Checkpoint RP13: 9/7/2009 4:11:53 PM - System Checkpoint RP14: 9/7/2009 5:42:04 PM - Installed Adobe Photoshop Elements 7.0. ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Photoshop Elements 7.0 Adobe Reader 8.1.1 Antivirus Pro 2010 ATI Display Driver Conexant HDA D110 MDC V.92 Modem DriverAgent by eSupport.com GemMaster Mystic Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Nero Otto PhotoImpact X3 Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB973540) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) SigmaTel Audio Sonic Encoders Update for Windows Internet Explorer 8 (KB973874) Update for Windows XP (KB951978) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format Runtime Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 9/7/2009 1:06:35 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TBEST-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AD7A0D2F-C9F9-464F-. The master browser is stopping or an election is being forced. ==== End Of File =========================== |
#5
|
|||
|
|||
2009-09-07 15:00 14,149 a------- c:\docume~1\alluse~1\applic~1\fiqumydog.scr
2009-09-07 15:00 13,899 a------- c:\program files\common files\aloqynem.pif 2009-09-07 15:00 11,124 a------- c:\windows\ucazesiqi.sys 2009-09-07 15:00 10,503 a------- c:\windows\axedupazom.dll 2009-09-07 15:00 10,150 a------- c:\windows\system32\vozy.inf 2009-09-07 14:57 19,774 a------- c:\windows\sifoba.inf 2009-09-07 14:57 18,663 a------- c:\windows\system32\edonesox.dll 2009-09-07 14:57 17,342 a------- c:\windows\system32\mudivikab._dl 2009-09-07 14:57 17,335 a------- c:\docume~1\alluse~1\applic~1\okyp.reg 2009-09-07 14:57 17,325 a------- c:\windows\lyzyda.bat 2009-09-07 14:57 16,901 a------- c:\windows\system32\uvasicyg.pif 2009-09-07 14:57 16,705 a------- c:\windows\etagog.bat 2009-09-07 14:57 14,878 a------- c:\docume~1\alluse~1\applic~1\tyde.reg 2009-09-07 14:57 13,273 a------- c:\docume~1\alluse~1\applic~1\igyrusa.dll 2009-09-07 14:57 12,552 a------- c:\windows\system32\rilykeded.com 2009-09-07 14:57 12,052 a------- c:\windows\ejikiqegel.dl 2009-09-07 14:57 11,890 a------- c:\windows\ulejeq.dat 2009-09-07 13:37 19,566 a------- c:\windows\system32\okenuqed._sy 2009-09-07 13:37 19,494 a------- c:\program files\common files\iqeji.bat 2009-09-07 13:37 19,132 a------- c:\windows\system32\qykev.pif 2009-09-07 13:37 18,127 a------- c:\docume~1\alluse~1\applic~1\dacimek.sys 2009-09-07 13:37 15,798 a------- c:\docume~1\toriab~1\applic~1\naze.vbs 2009-09-07 13:37 15,084 a------- c:\windows\ecelope.com 2009-09-07 13:37 13,341 a------- c:\windows\qemizeru._sy 2009-09-07 13:37 13,196 a------- c:\docume~1\toriab~1\applic~1\ovytav.com 2009-09-07 13:37 12,280 a------- c:\docume~1\toriab~1\applic~1\sixyjyko.bat 2009-09-07 13:37 11,882 a------- c:\windows\system32\fefulinu.bin 2009-09-07 13:37 11,159 a------- c:\windows\system32\kyvehyk.scr 2009-09-07 13:37 10,718 a------- c:\docume~1\toriab~1\applic~1\qimu.dll 2009-09-07 13:37 10,205 a------- c:\docume~1\toriab~1\applic~1\bikozepyh.pif 2009-09-07 13:36 227,840 a------- c:\windows\system32\_scui.cpl 2009-09-07 13:34 182,896 a------- c:\windows\system32\wisdstr.exe 2009-09-07 13:33 11,264 a------- c:\windows\system32\braviax.exe 2009-09-07 13:33 48,128 a------- c:\windows\system32\~.exe 2009-08-29 13:39 <DIR> --d----- c:\windows\system32\LogFiles 2009-08-28 17:46 <DIR> --d----- c:\program files\common files\Ulead Systems 2009-08-28 17:46 <DIR> --d----- c:\program files\Corel 2009-08-28 17:45 <DIR> --d----- c:\windows\Downloaded Installations 2009-08-28 16:56 5,632 a------- c:\windows\system32\ptpusb.dll 2009-08-28 16:56 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys 2009-08-28 16:56 159,232 a------- c:\windows\system32\ptpusd.dll 2009-08-28 16:56 15,104 a------- c:\windows\system32\drivers\usbscan.sys 2009-08-27 20:08 32,592 a------- c:\windows\system32\msonpmon.dll 2009-08-27 20:05 <DIR> --d----- c:\windows\SHELLNEW 2009-08-27 18:30 <DIR> --dsh--- c:\documents and settings\toria best\PrivacIE 2009-08-27 18:28 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys 2009-08-27 18:28 12,160 a------- c:\windows\system32\drivers\mouhid.sys 2009-08-27 18:28 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys 2009-08-27 18:28 10,368 a------- c:\windows\system32\drivers\hidusb.sys 2009-08-27 18:27 <DIR> --dsh--- c:\documents and settings\toria best\IETldCache 2009-08-27 15:57 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-08-27 15:56 <DIR> --d----- c:\windows\ie8updates 2009-08-27 15:56 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-08-27 15:56 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-27 15:56 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-08-27 15:56 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-08-27 15:56 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-08-27 15:56 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-08-27 15:54 <DIR> -cd-h--- c:\windows\ie8 2009-08-27 11:41 173 a------- c:\windows\KPCMS.INI |
#6
|
|||
|
|||
2009-08-27 11:40 <DIR> --dsh--- c:\documents and settings\toria best\UserData
2009-08-27 11:40 212,480 a------- c:\windows\system32\pcdlib32.dll 2009-08-27 11:40 196,608 a------- c:\windows\kpcp32.dll 2009-08-27 11:40 133,120 a------- c:\windows\sprof32.dll 2009-08-27 11:40 58,368 a------- c:\windows\pfpick.dll 2009-08-27 11:40 40,129 a------- c:\windows\iccsigs.dat 2009-08-27 11:40 37,376 a------- c:\windows\kpsys32.dll 2009-08-27 11:40 20,992 a------- c:\windows\icccodes.dll 2009-08-27 11:40 210,944 a------- c:\windows\system32\MSVCRT10.DLL 2009-08-27 11:39 306,688 a------- c:\windows\IsUninst.exe 2009-08-27 11:38 <DIR> --d----- c:\program files\CONEXANT 2009-08-27 11:37 114,688 a------- c:\windows\system32\Uci32103.dll 2009-08-27 11:37 936,960 a------- c:\windows\system32\drivers\HSX_DPV.sys 2009-08-27 11:37 669,696 a------- c:\windows\system32\drivers\HSX_CNXT.sys 2009-08-27 11:37 192,512 a------- c:\windows\system32\drivers\HSXHWAZL.sys 2009-08-27 11:37 141,497 a------- c:\windows\system32\drivers\del1028.cty 2009-08-27 11:37 146,944 a------- c:\windows\system32\st325602.dll 2009-08-27 11:33 <DIR> --d----- c:\program files\Sigmatel 2009-08-27 10:51 5,937,152 -c------ c:\windows\system32\dllcache\mshtml.dll 2009-08-27 10:50 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll 2009-08-27 10:50 1,847,168 -c------ c:\windows\system32\dllcache\win32k.sys 2009-08-27 10:50 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-08-27 10:50 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll 2009-08-27 10:50 286,720 -c------ c:\windows\system32\dllcache\gdi32.dll 2009-08-27 10:50 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe 2009-08-27 10:50 2,560 -------- c:\windows\system32\xpsp4res.dll 2009-08-27 10:50 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb 2009-08-27 09:40 1,307,648 -c------ c:\windows\system32\dllcache\msxml6.dll 2009-08-27 09:40 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll 2009-08-27 09:31 19,569 a------- c:\windows\003509_.tmp 2009-08-27 08:16 73,728 ac------ c:\windows\system32\dllcache\ehresja.dll 2009-08-27 08:16 69,632 ac------ c:\windows\system32\dllcache\ehresko.dll 2009-08-27 08:16 69,632 ac------ c:\windows\system32\dllcache\ehresfr.dll 2009-08-27 08:16 69,632 ac------ c:\windows\system32\dllcache\ehresde.dll 2009-08-27 08:14 143,422 ac------ c:\windows\system32\dllcache\softkey.dll 2009-08-27 08:13 47,066 ac------ c:\windows\system32\dllcache\ksc.nls 2009-08-27 08:12 480,256 ac------ c:\windows\system32\dllcache\cintsetp.exe 2009-08-27 08:04 488 a---hr-- c:\windows\system32\logonui.exe.manifest 2009-08-27 08:04 749 a---hr-- c:\windows\WindowsShell.Manifest 2009-08-27 08:04 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest 2009-08-27 08:04 749 a---hr-- c:\windows\system32\sapi.cpl.manifest 2009-08-27 08:04 749 a---hr-- c:\windows\system32\nwc.cpl.manifest 2009-08-27 08:04 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest 2009-08-27 08:04 16,384 ac------ c:\windows\system32\dllcache\isignup.exe 2009-08-26 22:26 7,823 a------- c:\windows\system32\Config.MPF 2009-08-26 22:22 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-08-26 22:22 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-08-26 22:22 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-08-26 22:22 120,136 a------- c:\windows\system32\drivers\Mpfp.sys 2009-08-26 22:20 <DIR> --d----- c:\program files\common files\McAfee 2009-08-26 22:20 <DIR> --d----- c:\program files\McAfee.com 2009-08-26 22:20 <DIR> --d----- c:\program files\McAfee 2009-08-26 22:13 73,796 a------- c:\windows\system32\slserv.exe 2009-08-26 22:06 23,552 a------- c:\windows\system32\SET3E9.tmp 2009-08-26 22:05 44,928 a------- c:\windows\system32\drivers\agpcpq.sys 2009-08-26 22:03 19,569 a------- c:\windows\002987_.tmp 2009-08-26 21:57 <DIR> --d----- C:\I386 2009-08-26 21:53 <DIR> --d----- c:\windows\system32\PreInstall 2009-08-26 21:52 <DIR> --d----- c:\windows\system32\ReinstallBackups 2009-08-26 21:52 53,248 a------- c:\windows\system32\CSVer.dll 2009-08-26 21:52 <DIR> --d----- C:\Intel 2009-08-26 21:48 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS 2009-08-26 21:47 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-08-26 21:39 <DIR> --d----- C:\best 2009-08-26 21:28 <DIR> --d----- c:\windows\RegisteredPackages 2009-08-26 21:26 46,592 a------- c:\windows\system32\drivers\irbus.sys 2009-08-26 21:26 19,200 a------- c:\windows\system32\drivers\hidir.sys 2009-08-26 21:25 26,144 a------- c:\windows\system32\spupdsvc.exe 2009-08-26 21:22 <DIR> --d----- c:\windows\system32\URTTemp 2009-08-26 21:22 <DIR> --d----- c:\program files\RGB 2009-08-26 21:20 <DIR> --d----- c:\program files\GemMaster 2009-08-26 21:20 <DIR> --d----- c:\program files\EnglishOtto 2009-08-26 21:14 <DIR> --d----- c:\documents and settings\Toria Best 2009-08-26 21:05 <DIR> --ds---- c:\windows\system32\Microsoft 2009-08-26 20:54 8,192 a------- c:\windows\REGLOCS.OLD 2009-08-26 20:50 <DIR> --d----- c:\windows\system32\xircom 2009-08-26 20:50 <DIR> --d----- c:\windows\system32\wbem\snmp 2009-08-26 20:47 <DIR> --dsh--- c:\documents and settings\all users\DRM 2009-08-26 20:47 488 a---hr-- c:\windows\system32\WindowsLogon.manifest 2009-08-26 20:47 <DIR> --ds---- c:\windows\Downloaded Program Files 2009-08-26 20:47 <DIR> --d--r-- c:\windows\Offline Web Pages 2009-08-26 20:47 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest 2009-08-26 20:47 <DIR> --d-h--- c:\program files\WindowsUpdate 2009-08-26 20:47 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex 2009-08-26 20:47 <DIR> --d----- c:\windows\system32\DirectX 2009-08-26 20:46 <DIR> --d----- c:\program files\common files\MSSoap 2009-08-26 20:44 <DIR> --d----- c:\program files\Online Services 2009-08-26 20:43 <DIR> --d----- c:\program files\Windows Plus 2009-08-26 20:41 <DIR> --d----- c:\program files\Messenger 2009-08-26 20:41 <DIR> --d----- c:\program files\MSN Gaming Zone 2009-08-26 20:40 <DIR> --d----- c:\program files\Windows NT 2009-08-26 15:29 <DIR> --d----- c:\program files\common files\ODBC 2009-08-26 15:29 <DIR> --d----- c:\program files\common files\SpeechEngines 2009-08-26 15:29 <DIR> --d--r-- c:\documents and settings\all users\Documents ==================== Find3M ==================== 2009-09-07 18:07 18,937 a------- c:\program files\common files\evuvagodi._sy 2009-09-07 18:07 16,302 a------- c:\program files\common files\obobe._dl 2009-09-07 18:07 15,679 a------- c:\program files\common files\bihepaquja._dl 2009-09-07 17:42 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys 2009-09-07 17:42 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys 2009-09-07 17:42 129,784 -------- c:\windows\system32\pxafs.dll 2009-09-07 17:42 118,520 -------- c:\windows\system32\pxinsi64.exe 2009-09-07 17:42 116,472 -------- c:\windows\system32\pxcpyi64.exe 2009-09-07 17:42 43,528 -------- c:\windows\system32\drivers\pxhelp20.sys 2009-09-07 15:04 17,131 a------- c:\program files\common files\ocoba.lib 2009-09-07 15:04 12,077 a------- c:\program files\common files\juropyhy.lib 2009-09-07 14:57 16,645 a------- c:\program files\common files\lutasynyd.dl 2009-09-07 13:37 18,267 a------- c:\program files\common files\odiqote.inf 2009-08-27 09:43 87,747 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-08-27 08:01 34,284 a------- c:\windows\system32\emptyregdb.dat 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-28 23:37 119,808 a------- c:\windows\system32\t2embed.dll 2009-07-28 23:37 81,920 a------- c:\windows\system32\fontsub.dll 2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll 2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll 2009-06-25 03:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 03:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 03:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 03:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 03:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 03:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-12 07:31 80,896 a------- c:\windows\system32\tlntsess.exe 2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe ============= FINISH: 16:25:10.07 =============== |
#7
|
|||
|
|||
ROOTREPEAL (c) AD, 2007-2009
================================================== Scan Start Time: 2009/09/08 17:08 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF27CF000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7B5F000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xEF92C000 Size: 49152 File Visible: No Signed: - Status: - ==EOF== |
#8
|
||||
|
||||
Our apologies Toria, we had a little hiccup on the site and lost some posts. You must have been one of the members that were affected, sorry.
Download the latest version of Combofix.exe from here and save it to your Desktop. Doubleclick on combofix.exe and the scan will start. Go ahead and install the Recovery Console if you are asked to do so (this doesnt apply to Vista). When the scan completes, a text window with your log will open. Please copy and paste that log back here. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. NB Please disable your antivirus program as it may interfere with ComboFix's routines. |
#9
|
|||
|
|||
ComboFix 09-09-08.05 - Toria Best 09/08/2009 20:57.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.512 [GMT -5:00] Running from: c:\documents and settings\Toria Best\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\adawev.dl c:\documents and settings\All Users\Application Data\cypyvaqa.lib c:\documents and settings\All Users\Application Data\dacimek.sys c:\documents and settings\All Users\Application Data\fiqumydog.scr c:\documents and settings\All Users\Application Data\icukosef.dl c:\documents and settings\All Users\Application Data\igyrusa.dll c:\documents and settings\All Users\Application Data\jyrocubyme.inf c:\documents and settings\All Users\Application Data\nuwodi.sys c:\documents and settings\All Users\Application Data\odabusula.lib c:\documents and settings\All Users\Application Data\okyp.reg c:\documents and settings\All Users\Application Data\tyde.reg c:\documents and settings\All Users\Application Data\uhuze.inf c:\documents and settings\All Users\Application Data\ujeqory.dl c:\documents and settings\All Users\Application Data\urebelov.pif c:\documents and settings\All Users\Application Data\voqisyk.inf c:\documents and settings\All Users\Documents\ahycaqiw.scr c:\documents and settings\All Users\Documents\awejacejom.sys c:\documents and settings\All Users\Documents\dixa.sys c:\documents and settings\All Users\Documents\fifonow.dl c:\documents and settings\All Users\Documents\gotav.dl c:\documents and settings\All Users\Documents\ipodijahel.dl c:\documents and settings\All Users\Documents\loxazip.inf c:\documents and settings\All Users\Documents\nogacav.vbs c:\documents and settings\All Users\Documents\nyse.reg c:\documents and settings\All Users\Documents\onilowa.exe c:\documents and settings\All Users\Documents\tolowicona.reg c:\documents and settings\All Users\Documents\tuzyhodo.ban c:\documents and settings\All Users\Documents\utymipywi.pif c:\documents and settings\All Users\Documents\ypemojig._dl c:\documents and settings\All Users\Documents\yzowihuc.exe c:\documents and settings\Toria Best\Application Data\aciza.ban c:\documents and settings\Toria Best\Application Data\agosite.ban c:\documents and settings\Toria Best\Application Data\bikozepyh.pif c:\documents and settings\Toria Best\Application Data\buxiniwuc.ban c:\documents and settings\Toria Best\Application Data\eletyvi.bin c:\documents and settings\Toria Best\Application Data\garadiqysi.dll c:\documents and settings\Toria Best\Application Data\ipyfi.vbs c:\documents and settings\Toria Best\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk c:\documents and settings\Toria Best\Application Data\naze.vbs c:\documents and settings\Toria Best\Application Data\ovytav.com c:\documents and settings\Toria Best\Application Data\qesabybex._sy c:\documents and settings\Toria Best\Application Data\qimu.dll c:\documents and settings\Toria Best\Application Data\sixyjyko.bat c:\documents and settings\Toria Best\Application Data\zahuz.reg c:\documents and settings\Toria Best\Cookies\azypa.sys c:\documents and settings\Toria Best\Cookies\ehedulu.pif c:\documents and settings\Toria Best\Cookies\eqen._dl c:\documents and settings\Toria Best\Cookies\ge***y.bat c:\documents and settings\Toria Best\Cookies\gocefemil.sys c:\documents and settings\Toria Best\Cookies\iqesyga.inf c:\documents and settings\Toria Best\Cookies\kozonaqero.sys c:\documents and settings\Toria Best\Cookies\letuc._dl c:\documents and settings\Toria Best\Cookies\meje.dll c:\documents and settings\Toria Best\Cookies\putisywu.dll c:\documents and settings\Toria Best\Cookies\unycevoh.bin c:\documents and settings\Toria Best\Cookies\uwabucoqol.dll c:\documents and settings\Toria Best\Cookies\vyqele.pif c:\documents and settings\Toria Best\Local Settings\Application Data\anidor.reg c:\documents and settings\Toria Best\Local Settings\Application Data\cohukev.dl c:\documents and settings\Toria Best\Local Settings\Application Data\esuxydac.sys c:\documents and settings\Toria Best\Local Settings\Application Data\gasi.pif c:\documents and settings\Toria Best\Local Settings\Application Data\hymexelin.scr c:\documents and settings\Toria Best\Local Settings\Application Data\jokas.sys c:\documents and settings\Toria Best\Local Settings\Application Data\nytuhatux.sys c:\documents and settings\Toria Best\Local Settings\Application Data\onos.inf c:\documents and settings\Toria Best\Local Settings\Application Data\qycotatyc.reg c:\documents and settings\Toria Best\Local Settings\Application Data\rotajexypy._dl c:\documents and settings\Toria Best\Local Settings\Application Data\ukuxod.ban c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\agemajel.db c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\agexygyxa.inf c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\aqepopohi._dl c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\asilinu.vbs c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\buroga.com c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\cecaxabog.scr c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\cubazusi.scr c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\esod.inf c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\ewigosesi.ban c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\gepihur.bat c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\lubozezubu.vbs c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\odigameqag.db c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\ojoseqy.bat c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\qikan.bin c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\sohu._sy c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\ujeqij.exe c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\xuxipeda.dat c:\documents and settings\Toria Best\Local Settings\Temporary Internet Files\ykuhitafud.bin c:\program files\Common Files\aloqynem.pif c:\program files\Common Files\bihepaquja._dl c:\program files\Common Files\ijodabobi.dll c:\program files\Common Files\iqeji.bat c:\program files\Common Files\ivogimyp.bat c:\program files\Common Files\ivyho.pif c:\program files\Common Files\lutasynyd.dl c:\program files\Common Files\obobe._dl c:\program files\Common Files\odiqote.inf c:\program files\Common Files\xuqu.com c:\program files\Common Files\ydokubulux.scr c:\windows\axedupazom.dll c:\windows\ejikiqegel.dl c:\windows\etagog.bat c:\windows\etubasic.scr c:\windows\giliqerog.inf c:\windows\hesecu.reg c:\windows\irucic.scr c:\windows\kuto.vbs c:\windows\kyfidu.sys c:\windows\lyzyda.bat c:\windows\nujo.ban c:\windows\sifoba.inf c:\windows\system32\_scui.cpl c:\windows\system32\~.exe c:\windows\system32\braviax.exe c:\windows\system32\edonesox.dll c:\windows\system32\exer.scr c:\windows\system32\fefulinu.bin c:\windows\system32\foxuho.ban c:\windows\system32\kyvehyk.scr c:\windows\system32\lifutypu.sys c:\windows\system32\mudivikab._dl c:\windows\system32\qykev.pif c:\windows\system32\ubipoveza.pif c:\windows\system32\uvasicyg.pif c:\windows\system32\vozy.inf c:\windows\system32\wisdstr.exe c:\windows\system32\woheny.bat c:\windows\UA000091.DLL c:\windows\ucazesiqi.sys c:\windows\upakaji.bat c:\windows\utaxogi.scr c:\windows\xitanem.ban c:\windows\zepiq.dl . ((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 ))))))))))))))))))))))))))))))) . 2009-09-08 16:19 . 2009-09-08 16:19 0 ----a-w- c:\documents and settings\Toria Best\settings.dat 2009-09-08 15:48 . 2009-09-08 15:48 18056 ----a-w- c:\windows\wojarobydi.com 2009-09-08 15:47 . 2009-09-08 15:48 -------- d-----w- c:\program files\AntivirusPro_2010 2009-09-07 23:07 . 2009-09-07 23:07 16261 ----a-w- c:\program files\Common Files\haju.dat 2009-09-07 23:07 . 2009-09-07 23:07 11535 ----a-w- c:\windows\qezakimej.com 2009-09-07 23:06 . 2009-09-07 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData 2009-09-07 23:04 . 2009-09-07 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-09-07 22:45 . 2009-09-07 22:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-09-07 22:34 . 2009-09-07 22:38 -------- d-----w- c:\documents and settings\Toria Best\Application Data\Download Manager 2009-09-07 20:14 . 2009-09-07 20:14 -------- d-----w- c:\program files\Enigma Software Group 2009-09-07 20:04 . 2009-09-07 20:04 13646 ----a-w- c:\windows\system32\xava.dat 2009-09-07 20:04 . 2009-09-07 20:04 13281 ----a-w- c:\windows\system32\mukycod.com 2009-09-07 20:00 . 2009-09-07 20:00 10807 ----a-w- c:\documents and settings\Toria Best\Local Settings\Application Data\efuru.dat 2009-09-07 19:57 . 2009-09-07 19:57 12552 ----a-w- c:\windows\system32\rilykeded.com 2009-09-07 19:57 . 2009-09-07 19:57 11890 ----a-w- c:\windows\ulejeq.dat 2009-09-07 18:37 . 2009-09-07 18:37 15084 ----a-w- c:\windows\ecelope.com 2009-08-29 18:39 . 2009-08-29 18:39 -------- d-----w- c:\windows\system32\LogFiles 2009-08-29 03:01 . 2009-08-29 03:01 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Zenfolio 2009-08-28 22:48 . 2009-08-28 22:48 -------- d-----w- c:\documents and settings\Toria Best\Application Data\Ulead Systems 2009-08-28 22:46 . 2009-08-28 22:47 -------- d-----w- c:\program files\Common Files\Ulead Systems 2009-08-28 22:46 . 2009-08-28 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-08-28 22:46 . 2009-08-28 22:46 -------- d-----w- c:\program files\Corel 2009-08-28 22:45 . 2009-08-28 22:45 -------- d-----w- c:\windows\Downloaded Installations 2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Help 2009-08-28 21:56 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-08-28 21:56 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-08-28 21:56 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-08-28 21:56 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-08-28 01:08 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2009-08-28 01:08 . 2009-08-28 01:08 -------- d-----w- c:\program files\Microsoft Works 2009-08-28 01:07 . 2009-08-28 01:07 -------- d-----w- c:\program files\Microsoft.NET 2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\windows\SHELLNEW 2009-08-28 01:04 . 2009-08-28 01:04 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Microsoft Help 2009-08-28 01:04 . 2009-08-28 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-28 01:04 . 2009-08-28 01:04 -------- d-----r- C:\MSOCache 2009-08-27 23:31 . 2009-08-27 23:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-08-27 23:30 . 2009-08-27 23:30 -------- d-sh--w- c:\documents and settings\Toria Best\PrivacIE 2009-08-27 23:28 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-08-27 23:28 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-27 23:28 . 2008-04-14 05:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-08-27 23:28 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-27 23:27 . 2009-08-27 23:27 -------- d-sh--w- c:\documents and settings\Toria Best\IETldCache 2009-08-27 20:57 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-08-27 20:56 . 2009-08-27 20:56 -------- d-----w- c:\windows\ie8updates 2009-08-27 20:56 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-08-27 20:56 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-08-27 20:56 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-27 20:56 . 2009-07-19 23:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-08-27 20:56 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-08-27 20:56 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-08-27 20:54 . 2009-08-27 20:55 -------- dc-h--w- c:\windows\ie8 2009-08-27 16:40 . 2009-08-27 16:40 -------- d-sh--w- c:\documents and settings\Toria Best\UserData 2009-08-27 16:40 . 1999-06-19 02:13 133120 ----a-w- c:\windows\sprof32.dll 2009-08-27 16:40 . 1999-05-26 14:46 58368 ----a-w- c:\windows\pfpick.dll 2009-08-27 16:40 . 1999-05-26 14:46 40129 ----a-w- c:\windows\iccsigs.dat 2009-08-27 16:40 . 1999-05-26 14:46 37376 ----a-w- c:\windows\kpsys32.dll 2009-08-27 16:40 . 1999-05-26 14:46 212480 ----a-w- c:\windows\system32\pcdlib32.dll 2009-08-27 16:40 . 1999-05-26 14:46 20992 ----a-w- c:\windows\icccodes.dll 2009-08-27 16:40 . 1999-05-26 14:46 196608 ----a-w- c:\windows\kpcp32.dll 2009-08-27 16:40 . 1999-06-19 02:13 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL 2009-08-27 16:39 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe 2009-08-27 16:38 . 2009-08-27 16:38 -------- d-----w- c:\program files\CONEXANT 2009-08-27 16:37 . 2005-11-16 04:41 114688 ----a-w- c:\windows\system32\Uci32103.dll 2009-08-27 16:37 . 2005-12-01 06:40 936960 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys 2009-08-27 16:37 . 2005-12-01 06:40 192512 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys 2009-08-27 16:37 . 2005-12-01 06:40 669696 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys 2009-08-27 16:37 . 2007-08-21 14:58 146944 ----a-w- c:\windows\system32\st325602.dll 2009-08-27 16:37 . 2009-08-28 22:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-27 16:35 . 2009-08-27 16:35 -------- d-----w- c:\program files\Ahead 2009-08-27 16:34 . 2009-08-27 16:37 -------- d-----w- c:\program files\Common Files\InstallShield 2009-08-27 16:32 . 2009-09-07 23:05 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Adobe 2009-08-27 16:31 . 2009-09-07 22:45 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-27 15:51 . 2009-07-19 13:18 5937152 -c----w- c:\windows\system32\dllcache\mshtml.dll 2009-08-27 15:50 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-27 15:50 . 2009-04-17 12:26 1847168 -c----w- c:\windows\system32\dllcache\win32k.sys 2009-08-27 15:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-08-27 15:50 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-08-27 15:50 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll 2009-08-27 15:50 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-08-27 15:50 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-08-27 14:40 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll 2009-08-27 14:40 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2009-08-27 13:16 . 2004-08-10 09:13 73728 -c--a-w- c:\windows\system32\dllcache\ehresja.dll 2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll 2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresfr.dll 2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresde.dll 2009-08-27 13:14 . 2004-08-10 11:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll 2009-08-27 13:13 . 2004-08-10 11:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll 2009-08-27 13:12 . 2008-04-14 10:39 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll 2009-08-27 13:04 . 2004-08-10 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2009-08-27 12:43 . 2004-08-10 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2009-08-27 12:43 . 2004-08-10 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-08-27 12:43 . 2004-08-10 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2009-08-27 12:43 . 2004-08-10 11:00 13312 ----a-w- c:\windows\system32\irclass.dll 2009-08-27 03:26 . 2009-09-07 23:01 45112 ----a-w- c:\documents and settings\Toria Best\Local Settings\Application Data\GDIPFONTCACHEV1.DAT |
#10
|
|||
|
|||
2009-08-27 03:22 . 2009-07-08 18:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-27 03:22 . 2009-07-08 18:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-08-27 03:22 . 2009-07-08 18:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-08-27 03:22 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-08-27 03:20 . 2009-08-27 03:22 -------- d-----w- c:\program files\Common Files\McAfee 2009-08-27 03:20 . 2009-08-27 03:21 -------- d-----w- c:\program files\McAfee.com 2009-08-27 03:20 . 2009-08-27 15:47 -------- d-----w- c:\program files\McAfee 2009-08-27 03:07 . 2009-08-27 03:14 -------- d-----w- c:\windows\ServicePackFiles 2009-08-27 03:06 . 2009-08-27 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-08-27 02:57 . 2009-08-27 03:00 -------- d-----w- C:\I386 2009-08-27 02:52 . 2009-08-27 02:52 -------- dc----w- c:\windows\system32\DRVSTORE 2009-08-27 02:52 . 2009-08-27 02:52 -------- d-----w- c:\program files\Intel 2009-08-27 02:52 . 2008-08-19 15:56 53248 ----a-w- c:\windows\system32\CSVer.dll 2009-08-27 02:52 . 2009-08-27 02:52 -------- d-----w- C:\Intel 2009-08-27 02:48 . 2009-08-27 02:48 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\eSupport.com 2009-08-27 02:48 . 2009-08-27 02:48 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS 2009-08-27 02:39 . 2009-08-27 02:39 -------- d-----w- C:\best 2009-08-27 02:26 . 2008-04-14 05:15 46592 ----a-w- c:\windows\system32\drivers\irbus.sys 2009-08-27 02:26 . 2008-04-14 05:15 19200 ----a-w- c:\windows\system32\drivers\hidir.sys 2009-08-27 02:25 . 2009-01-07 23:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-08-27 02:22 . 2009-08-27 02:23 -------- d-----w- c:\windows\system32\URTTemp 2009-08-27 02:22 . 2009-08-27 02:22 -------- d-----w- c:\program files\RGB 2009-08-27 02:20 . 2009-08-27 02:20 133 ----a-w- c:\documents and settings\Toria Best\Local Settings\Application Data\fusioncache.dat 2009-08-27 02:20 . 2009-09-09 01:51 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\ApplicationHistory 2009-08-27 02:20 . 2009-08-27 02:20 -------- d-----w- c:\program files\GemMaster 2009-08-27 02:20 . 2009-08-27 02:20 -------- d-----w- c:\program files\EnglishOtto 2009-08-27 02:05 . 2009-08-27 02:05 -------- d-s---w- c:\windows\system32\Microsoft 2009-08-27 02:05 . 2009-08-27 13:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft 2009-08-27 02:05 . 2009-08-27 02:05 -------- d-sh--w- c:\documents and settings\LocalService . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-09-08 15:48 . 2009-09-08 15:48 16594 ----a-w- c:\documents and settings\Toria Best\Application Data\nyguc.dat 2009-09-07 23:07 . 2009-09-07 23:07 18937 ----a-w- c:\program files\Common Files\evuvagodi._sy 2009-09-07 22:42 . 2009-09-07 22:42 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-09-07 22:42 . 2009-09-07 22:42 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-09-07 22:42 . 2009-09-07 22:42 129784 ------w- c:\windows\system32\pxafs.dll 2009-09-07 22:42 . 2009-09-07 22:42 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-09-07 22:42 . 2009-09-07 22:42 116472 ------w- c:\windows\system32\pxcpyi64.exe 2009-09-07 22:42 . 2009-08-27 01:43 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys 2009-09-07 20:04 . 2009-09-07 20:04 10014 ----a-w- c:\documents and settings\Toria Best\Application Data\fezo.dat 2009-09-07 20:04 . 2009-09-07 20:04 17131 ----a-w- c:\program files\Common Files\ocoba.lib 2009-09-07 20:04 . 2009-09-07 20:04 12077 ----a-w- c:\program files\Common Files\juropyhy.lib 2009-08-27 16:33 . 2009-08-27 16:33 -------- d-----w- c:\program files\Sigmatel 2009-08-27 13:01 . 2009-08-27 01:44 34284 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-27 01:50 . 2009-08-27 01:50 -------- d-----w- c:\program files\microsoft frontpage 2009-08-27 01:43 . 2009-08-27 01:43 -------- d-----w- c:\program files\Windows Plus 2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:37 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-17 19:01 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 15:08 . 2004-08-10 11:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-07-08 18:43 . 2009-08-27 03:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-07-03 17:09 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2004-08-10 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-10 11:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-10 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-10 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-10 11:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-08-10 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-12 12:31 . 2004-08-10 11:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2004-08-10 11:00 76288 ----a-w- c:\windows\system32\telnet.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "NeroCheck"="c:\windows\system32\NeroCheck.exe " [2001-07-09 155648] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504] "Antivirus Pro 2010"="c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe" [2009-09-08 589312] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"= S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 2:02 PM 163840] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-27 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-27 02:26] 2009-08-27 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-27 02:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-08 21:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(884) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-09-09 21:04 ComboFix-quarantined-files.txt 2009-09-09 02:04 Pre-Run: 57,719,611,392 bytes free Post-Run: 57,899,458,560 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windo ws XP Media Center Edition" /noexecute=optin /fastdetect 402 --- E O F --- 2009-08-29 07:57 |
#11
|
||||
|
||||
Open notepad and copy and paste the text in the codebox below into it:
Code:
File:: c:\windows\wojarobydi.com c:\program files\Common Files\haju.dat c:\windows\qezakimej.com c:\windows\system32\xava.dat c:\windows\system32\mukycod.com c:\documents and settings\Toria Best\Local Settings\Application Data\efuru.dat c:\windows\system32\rilykeded.com c:\windows\ulejeq.dat c:\windows\ecelope.com c:\documents and settings\Toria Best\Application Data\nyguc.dat c:\program files\Common Files\evuvagodi._sy c:\documents and settings\Toria Best\Application Data\fezo.dat c:\program files\Common Files\ocoba.lib c:\program files\Common Files\juropyhy.lib Folder:: c:\program files\AntivirusPro_2010 Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Antivirus Pro 2010"=- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=- ComboFix will run again. When the fix completes it will create a C:\ComboFix.txt log. Please post that log in your next reply. |
#12
|
|||
|
|||
ComboFix 09-09-08.07 - Toria Best 09/09/2009 8:49.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.579 [GMT -5:00] Running from: c:\documents and settings\Toria Best\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Toria Best\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\documents and settings\Toria Best\Application Data\fezo.dat" "c:\documents and settings\Toria Best\Application Data\nyguc.dat" "c:\documents and settings\Toria Best\Local Settings\Application Data\efuru.dat" "c:\program files\Common Files\evuvagodi._sy" "c:\program files\Common Files\haju.dat" "c:\program files\Common Files\juropyhy.lib" "c:\program files\Common Files\ocoba.lib" "c:\windows\ecelope.com" "c:\windows\qezakimej.com" "c:\windows\system32\mukycod.com" "c:\windows\system32\rilykeded.com" "c:\windows\system32\xava.dat" "c:\windows\ulejeq.dat" "c:\windows\wojarobydi.com" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Toria Best\Application Data\fezo.dat c:\documents and settings\Toria Best\Application Data\nyguc.dat c:\documents and settings\Toria Best\Application Data\xigyvosyci.inf c:\documents and settings\Toria Best\Local Settings\Application Data\efuru.dat c:\program files\AntivirusPro_2010 c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe c:\program files\AntivirusPro_2010\AVEngn.dll c:\program files\AntivirusPro_2010\data\daily.cvd c:\program files\AntivirusPro_2010\htmlayout.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microso ft.VC80.CRT.manifest c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80 .dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80 .dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80 .dll c:\program files\AntivirusPro_2010\pthreadVC2.dll c:\program files\AntivirusPro_2010\Uninstall.exe c:\program files\AntivirusPro_2010\wscui.cpl c:\program files\Common Files\evuvagodi._sy c:\program files\Common Files\haju.dat c:\program files\Common Files\juropyhy.lib c:\program files\Common Files\ocoba.lib c:\windows\ecelope.com c:\windows\qezakimej.com c:\windows\system32\mukycod.com c:\windows\system32\rilykeded.com c:\windows\system32\xava.dat c:\windows\ulejeq.dat c:\windows\wojarobydi.com . ((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 ))))))))))))))))))))))))))))))) . 2009-09-08 16:19 . 2009-09-08 16:19 0 ----a-w- c:\documents and settings\Toria Best\settings.dat 2009-09-07 23:06 . 2009-09-07 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData 2009-09-07 23:04 . 2009-09-07 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-09-07 22:45 . 2009-09-07 22:45 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-09-07 22:34 . 2009-09-07 22:38 -------- d-----w- c:\documents and settings\Toria Best\Application Data\Download Manager 2009-09-07 20:14 . 2009-09-07 20:14 -------- d-----w- c:\program files\Enigma Software Group 2009-08-29 18:39 . 2009-08-29 18:39 -------- d-----w- c:\windows\system32\LogFiles 2009-08-29 03:01 . 2009-08-29 03:01 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Zenfolio 2009-08-28 22:48 . 2009-08-28 22:48 -------- d-----w- c:\documents and settings\Toria Best\Application Data\Ulead Systems 2009-08-28 22:46 . 2009-08-28 22:47 -------- d-----w- c:\program files\Common Files\Ulead Systems 2009-08-28 22:46 . 2009-08-28 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-08-28 22:46 . 2009-08-28 22:46 -------- d-----w- c:\program files\Corel 2009-08-28 22:45 . 2009-08-28 22:45 -------- d-----w- c:\windows\Downloaded Installations 2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Help 2009-08-28 21:56 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-08-28 21:56 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-08-28 21:56 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-08-28 21:56 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-08-28 01:08 . 2006-10-27 00:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2009-08-28 01:08 . 2009-08-28 01:08 -------- d-----w- c:\program files\Microsoft Works 2009-08-28 01:07 . 2009-08-28 01:07 -------- d-----w- c:\program files\Microsoft.NET 2009-08-28 01:05 . 2009-08-28 01:05 -------- d-----w- c:\windows\SHELLNEW 2009-08-28 01:04 . 2009-08-28 01:04 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Microsoft Help 2009-08-28 01:04 . 2009-08-28 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-28 01:04 . 2009-08-28 01:04 -------- d-----r- C:\MSOCache 2009-08-27 23:31 . 2009-08-27 23:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-08-27 23:30 . 2009-08-27 23:30 -------- d-sh--w- c:\documents and settings\Toria Best\PrivacIE 2009-08-27 23:28 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-08-27 23:28 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-27 23:28 . 2008-04-14 05:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-08-27 23:28 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-27 23:27 . 2009-08-27 23:27 -------- d-sh--w- c:\documents and settings\Toria Best\IETldCache 2009-08-27 20:57 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-08-27 20:56 . 2009-08-27 20:56 -------- d-----w- c:\windows\ie8updates 2009-08-27 20:56 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-08-27 20:56 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-08-27 20:56 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-27 20:56 . 2009-07-19 23:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-08-27 20:56 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-08-27 20:56 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-08-27 20:54 . 2009-08-27 20:55 -------- dc-h--w- c:\windows\ie8 2009-08-27 16:40 . 2009-08-27 16:40 -------- d-sh--w- c:\documents and settings\Toria Best\UserData 2009-08-27 16:40 . 1999-06-19 02:13 133120 ----a-w- c:\windows\sprof32.dll 2009-08-27 16:40 . 1999-05-26 14:46 58368 ----a-w- c:\windows\pfpick.dll 2009-08-27 16:40 . 1999-05-26 14:46 40129 ----a-w- c:\windows\iccsigs.dat 2009-08-27 16:40 . 1999-05-26 14:46 37376 ----a-w- c:\windows\kpsys32.dll 2009-08-27 16:40 . 1999-05-26 14:46 212480 ----a-w- c:\windows\system32\pcdlib32.dll 2009-08-27 16:40 . 1999-05-26 14:46 20992 ----a-w- c:\windows\icccodes.dll 2009-08-27 16:40 . 1999-05-26 14:46 196608 ----a-w- c:\windows\kpcp32.dll 2009-08-27 16:40 . 1999-06-19 02:13 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL 2009-08-27 16:39 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe 2009-08-27 16:38 . 2009-08-27 16:38 -------- d-----w- c:\program files\CONEXANT 2009-08-27 16:37 . 2005-11-16 04:41 114688 ----a-w- c:\windows\system32\Uci32103.dll 2009-08-27 16:37 . 2005-12-01 06:40 936960 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys 2009-08-27 16:37 . 2005-12-01 06:40 192512 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys 2009-08-27 16:37 . 2005-12-01 06:40 669696 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys 2009-08-27 16:37 . 2007-08-21 14:58 146944 ----a-w- c:\windows\system32\st325602.dll 2009-08-27 16:37 . 2009-08-28 22:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-27 16:35 . 2009-08-27 16:35 -------- d-----w- c:\program files\Ahead 2009-08-27 16:34 . 2009-08-27 16:37 -------- d-----w- c:\program files\Common Files\InstallShield 2009-08-27 16:32 . 2009-09-07 23:05 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\Adobe 2009-08-27 16:31 . 2009-09-07 22:45 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-27 15:51 . 2009-07-19 13:18 5937152 -c----w- c:\windows\system32\dllcache\mshtml.dll 2009-08-27 15:50 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-27 15:50 . 2009-04-17 12:26 1847168 -c----w- c:\windows\system32\dllcache\win32k.sys 2009-08-27 15:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-08-27 15:50 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-08-27 15:50 . 2008-10-23 12:36 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll 2009-08-27 15:50 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-08-27 15:50 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-08-27 14:40 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll 2009-08-27 14:40 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2009-08-27 13:16 . 2004-08-10 09:13 73728 -c--a-w- c:\windows\system32\dllcache\ehresja.dll 2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll 2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresfr.dll 2009-08-27 13:16 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresde.dll 2009-08-27 13:14 . 2004-08-10 11:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll 2009-08-27 13:13 . 2004-08-10 11:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll 2009-08-27 13:12 . 2008-04-14 10:39 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll 2009-08-27 13:04 . 2004-08-10 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2009-08-27 12:43 . 2004-08-10 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2009-08-27 12:43 . 2004-08-10 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-08-27 12:43 . 2004-08-10 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2009-08-27 12:43 . 2004-08-10 11:00 13312 ----a-w- c:\windows\system32\irclass.dll 2009-08-27 03:26 . 2009-09-07 23:01 45112 ----a-w- c:\documents and settings\Toria Best\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-27 03:22 . 2009-07-08 18:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-08-27 03:22 . 2009-07-08 18:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-08-27 03:22 . 2009-07-08 18:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-08-27 03:22 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-08-27 03:20 . 2009-08-27 03:22 -------- d-----w- c:\program files\Common Files\McAfee 2009-08-27 03:20 . 2009-08-27 03:21 -------- d-----w- c:\program files\McAfee.com 2009-08-27 03:20 . 2009-08-27 15:47 -------- d-----w- c:\program files\McAfee 2009-08-27 03:07 . 2009-08-27 03:14 -------- d-----w- c:\windows\ServicePackFiles 2009-08-27 03:06 . 2009-08-27 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-08-27 02:57 . 2009-08-27 03:00 -------- d-----w- C:\I386 2009-08-27 02:52 . 2009-08-27 02:52 -------- dc----w- c:\windows\system32\DRVSTORE 2009-08-27 02:52 . 2009-08-27 02:52 -------- d-----w- c:\program files\Intel 2009-08-27 02:52 . 2008-08-19 15:56 53248 ----a-w- c:\windows\system32\CSVer.dll 2009-08-27 02:52 . 2009-08-27 02:52 -------- d-----w- C:\Intel 2009-08-27 02:48 . 2009-08-27 02:48 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\eSupport.com 2009-08-27 02:48 . 2009-08-27 02:48 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS 2009-08-27 02:39 . 2009-08-27 02:39 -------- d-----w- C:\best 2009-08-27 02:26 . 2008-04-14 05:15 46592 ----a-w- c:\windows\system32\drivers\irbus.sys 2009-08-27 02:26 . 2008-04-14 05:15 19200 ----a-w- c:\windows\system32\drivers\hidir.sys 2009-08-27 02:25 . 2009-01-07 23:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-08-27 02:22 . 2009-08-27 02:23 -------- d-----w- c:\windows\system32\URTTemp 2009-08-27 02:22 . 2009-08-27 02:22 -------- d-----w- c:\program files\RGB 2009-08-27 02:20 . 2009-08-27 02:20 133 ----a-w- c:\documents and settings\Toria Best\Local Settings\Application Data\fusioncache.dat 2009-08-27 02:20 . 2009-09-09 13:47 -------- d-----w- c:\documents and settings\Toria Best\Local Settings\Application Data\ApplicationHistory 2009-08-27 02:20 . 2009-08-27 02:20 -------- d-----w- c:\program files\GemMaster 2009-08-27 02:20 . 2009-08-27 02:20 -------- d-----w- c:\program files\EnglishOtto 2009-08-27 02:05 . 2009-08-27 02:05 -------- d-s---w- c:\windows\system32\Microsoft 2009-08-27 02:05 . 2009-08-27 13:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft 2009-08-27 02:05 . 2009-08-27 02:05 -------- d-sh--w- c:\documents and settings\LocalService . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-09-07 22:42 . 2009-09-07 22:42 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-09-07 22:42 . 2009-09-07 22:42 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-09-07 22:42 . 2009-09-07 22:42 129784 ------w- c:\windows\system32\pxafs.dll 2009-09-07 22:42 . 2009-09-07 22:42 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-09-07 22:42 . 2009-09-07 22:42 116472 ------w- c:\windows\system32\pxcpyi64.exe 2009-09-07 22:42 . 2009-08-27 01:43 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys 2009-08-27 16:33 . 2009-08-27 16:33 -------- d-----w- c:\program files\Sigmatel 2009-08-27 13:01 . 2009-08-27 01:44 34284 ----a-w- c:\windows\system32\emptyregdb.dat 2009-08-27 01:50 . 2009-08-27 01:50 -------- d-----w- c:\program files\microsoft frontpage 2009-08-27 01:43 . 2009-08-27 01:43 -------- d-----w- c:\program files\Windows Plus 2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:37 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-17 19:01 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 15:08 . 2004-08-10 11:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-07-08 18:43 . 2009-08-27 03:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-07-03 17:09 . 2006-03-04 03:33 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2004-08-10 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-10 11:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-10 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-10 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-10 11:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-08-10 11:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-12 12:31 . 2004-08-10 11:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2004-08-10 11:00 76288 ----a-w- c:\windows\system32\telnet.exe . ((((((((((((((((((((((((((((( SnapShot@2009-09-09_02.03.17 ))))))))))))))))))))))))))))))))))))))))) |
#13
|
|||
|
|||
.
- 2004-08-10 11:00 . 2009-09-08 15:46 53166 c:\windows\system32\perfc009.dat + 2004-08-10 11:00 . 2009-09-09 13:42 53166 c:\windows\system32\perfc009.dat + 2009-08-27 02:05 . 2009-09-09 13:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-08-27 02:05 . 2009-09-09 01:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-08-27 02:05 . 2009-09-09 01:48 32768 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat + 2009-09-09 13:43 . 2009-09-09 13:43 32768 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat + 2004-08-10 11:00 . 2009-09-09 13:42 380918 c:\windows\system32\perfh009.dat - 2004-08-10 11:00 . 2009-09-08 15:46 380918 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "NeroCheck"="c:\windows\system32\NeroCheck.exe " [2001-07-09 155648] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"= S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 2:02 PM 163840] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-27 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-27 02:26] 2009-08-27 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-27 02:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - AddRemove-AntivirusPro_2010 - c:\program files\AntivirusPro_2010\Uninstall.exe ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-09 08:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(884) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-09-09 8:55 ComboFix-quarantined-files.txt 2009-09-09 13:55 ComboFix2.txt 2009-09-09 02:04 Pre-Run: 57,910,677,504 bytes free Post-Run: 57,881,092,096 bytes free 303 --- E O F --- 2009-08-29 07:57 |
#14
|
||||
|
||||
Looking a lot better. Download Malwarebytes' Anti-Malware from here or here.
Doubleclick on mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan" then click Scan. The scan may take some time to finish so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. Please do so. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please copy and paste the entire report in your next reply. Also post a new DDS log please (dont worry about the Optional scan this time) |
#15
|
|||
|
|||
Malwarebytes' Anti-Malware 1.40
Database version: 2773 Windows 5.1.2600 Service Pack 3 9/10/2009 3:49:29 PM mbam-log-2009-09-10 (15-49-29).txt Scan type: Quick Scan Objects scanned: 104515 Time elapsed: 17 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Toria Best\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
AntiVirus 2010 | atg23 | Malware Removal | 3 | October 8th, 2010 03:53 AM |
Antivirus XP 2010 | bbeese | Malware Removal | 111 | April 1st, 2010 04:14 AM |
antivirus XP 2010 | faerylights | Malware Removal | 6 | March 7th, 2010 09:05 PM |
Infected with Antivirus Pro 2010 | jmterry | Malware Removal | 25 | September 17th, 2009 01:41 AM |
PC Antivirus 2010, maybe others | rlah | Malware Removal | 41 | September 9th, 2009 11:00 PM |
All times are GMT +1. The time now is 05:30 PM.