 |
 |
| Virus Comes Back after Combo Fix |
| 
Dara400
New Member
Date Joined Sep 2008
Total Posts : 5
| Posted 9-30-2008 6:40 (GMT +1) |   | Hello,
I have a couple infections on my computer. The Dr. WebCure it software is removing them but after I run combo fix they come back. When I re-ran the Dr. Web it highlighted Combofix Restore as being infected. Please help!!!! Here are the logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:56 PM, on 2008-09-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Documents and Settings\BRADLEY PETERS\My Documents\HiJackThis.exe
C:\Documents and Settings\BRADLEY PETERS\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\updater.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132640878640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132640867109
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A60E3F34-9E74-4E31-BA45-A74281393EF1}: NameServer = 68.28.122.93 68.28.114.91
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
--
End of file - 12318 bytes
ComboFix 08-09-28.05 - BRADLEY PETERS 2008-09-30 12:35:47.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.47 [GMT -4:00]
Running from: C:\Documents and Settings\BRADLEY PETERS\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.
2008-09-27 17:52 . 2008-09-28 19:49 <DIR> d-------- C:\Program Files\Comodo
2008-09-27 17:52 . 2008-07-14 05:09 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-09-27 17:52 . 2008-07-14 05:09 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-09-27 17:52 . 2008-04-13 20:12 22,528 --a------ C:\WINDOWS\SYSTEM32\wsock32.dlb
2008-09-23 20:14 . 2008-09-30 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-23 11:54 . 2008-09-23 17:00 <DIR> d-------- C:\Program Files\7-Zip
2008-09-21 03:13 . 2008-09-21 03:13 4,960 --a------ C:\WINDOWS\SYSTEM32\PerfStringBackup.TMP
2008-09-21 01:05 . 2008-09-21 01:05 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-09-21 01:05 . 2008-09-21 01:05 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-09-21 00:26 . 2008-09-21 00:26 <DIR> d-------- C:\WINDOWS\EHome
2008-09-21 00:22 . 2008-09-21 00:22 0 --a----t- C:\WINDOWS\005911_.tmp
2008-09-20 09:11 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\SYSTEM32\DRIVERS\slntamr.sys
2008-09-20 09:10 . 2008-04-13 20:12 291,328 --------- C:\WINDOWS\SYSTEM32\qagentrt.dll
2008-09-20 09:10 . 2008-04-13 20:12 150,528 --------- C:\WINDOWS\SYSTEM32\qagent.dll
2008-09-20 09:10 . 2008-04-13 20:12 76,800 --------- C:\WINDOWS\SYSTEM32\qutil.dll
2008-09-20 09:10 . 2008-04-13 20:12 62,464 --------- C:\WINDOWS\SYSTEM32\qcliprov.dll
2008-09-20 09:10 . 2008-04-13 20:12 61,952 --------- C:\WINDOWS\SYSTEM32\rasqec.dll
2008-09-20 09:09 . 2004-08-03 22:41 180,360 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfax.sys
2008-09-20 09:09 . 2008-04-13 20:12 144,384 --------- C:\WINDOWS\SYSTEM32\onex.dll
2008-09-20 09:06 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\SYSTEM32\mmcex.dll
2008-09-20 09:06 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\SYSTEM32\microsoft.managementconsole.dll
2008-09-20 09:06 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\SYSTEM32\mmcfxcommon.dll
2008-09-20 09:06 . 2008-04-13 20:11 86,016 --------- C:\WINDOWS\SYSTEM32\mdmxsdk.dll
2008-09-20 09:06 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\SYSTEM32\mmcperf.exe
2008-09-20 09:06 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys
2008-09-20 09:05 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\SYSTEM32\kmsvc.dll
2008-09-20 09:05 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\SYSTEM32\l2gpstore.dll
2008-09-20 09:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdpash.dll
2008-09-20 09:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdnepr.dll
2008-09-20 09:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdiultn.dll
2008-09-20 09:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdbhc.dll
2008-09-20 09:04 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfdpsp2.sys
2008-09-20 09:04 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfcxts2.sys
2008-09-20 09:04 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfbs2s2.sys
2008-09-20 09:04 . 2008-04-13 12:36 144,384 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hdaudbus.sys
2008-09-20 09:04 . 2008-04-13 20:11 32,285 --------- C:\WINDOWS\SYSTEM32\hsfcisp2.dll
2008-09-20 09:04 . 2008-04-13 14:46 25,600 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hidbth.sys
2008-09-20 09:04 . 2008-04-13 14:45 19,200 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hidir.sys
2008-09-20 09:04 . 2007-09-17 04:48 1,261 --------- C:\WINDOWS\SYSTEM32\pid.inf
2008-09-20 09:03 . 2008-04-13 20:11 184,832 --------- C:\WINDOWS\SYSTEM32\eapp3hst.dll
2008-09-20 09:03 . 2008-04-13 20:11 180,224 --------- C:\WINDOWS\SYSTEM32\eapphost.dll
2008-09-20 09:03 . 2008-04-13 20:11 126,976 --------- C:\WINDOWS\SYSTEM32\eappcfg.dll
2008-09-20 09:03 . 2008-04-13 20:11 94,208 --------- C:\WINDOWS\SYSTEM32\eappgnui.dll
2008-09-20 09:03 . 2008-04-13 20:11 59,392 --------- C:\WINDOWS\SYSTEM32\eapqec.dll
2008-09-20 09:03 . 2008-04-13 20:11 40,960 --------- C:\WINDOWS\SYSTEM32\eappprxy.dll
2008-09-20 09:03 . 2008-04-13 20:11 33,792 --------- C:\WINDOWS\SYSTEM32\eapsvc.dll
2008-09-20 09:03 . 2008-04-13 20:11 30,720 --------- C:\WINDOWS\SYSTEM32\eapolqec.dll
2008-09-20 09:03 . 2008-04-13 20:12 20,992 --------- C:\WINDOWS\SYSTEM32\faxpatch.exe
2008-09-20 09:02 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-09-20 09:02 . 2008-04-13 20:11 132,096 --------- C:\WINDOWS\SYSTEM32\dot3svc.dll
2008-09-20 09:02 . 2008-04-13 20:11 57,856 --------- C:\WINDOWS\SYSTEM32\dot3cfg.dll
2008-09-20 09:02 . 2008-04-13 20:11 56,320 --------- C:\WINDOWS\SYSTEM32\dot3msm.dll
2008-09-20 09:02 . 2008-04-13 20:11 48,640 --------- C:\WINDOWS\SYSTEM32\dhcpqec.dll
2008-09-20 09:02 . 2008-04-13 20:11 39,936 --------- C:\WINDOWS\SYSTEM32\dot3gpclnt.dll
2008-09-20 09:02 . 2008-04-13 20:11 39,936 --------- C:\WINDOWS\SYSTEM32\dimsroam.dll
2008-09-20 09:02 . 2008-04-13 20:11 26,112 --------- C:\WINDOWS\SYSTEM32\dot3api.dll
2008-09-20 09:02 . 2008-04-13 20:11 19,456 --------- C:\WINDOWS\SYSTEM32\dimsntfy.dll
2008-09-20 09:02 . 2008-04-13 20:11 9,216 --------- C:\WINDOWS\SYSTEM32\dot3dlg.dll
2008-09-20 09:01 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cxthsfs2.cty
2008-09-20 09:01 . 2008-04-13 20:11 12,800 --------- C:\WINDOWS\SYSTEM32\credssp.dll
2008-09-20 08:59 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\SYSTEM32\ati3duag.dll
2008-09-20 08:58 . 2008-04-13 20:11 4,255 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv01nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,967 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv02nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,775 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv11nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,711 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv09nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,647 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv07nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,615 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv05nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,135 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv08nt5.dll
2008-09-20 08:57 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-08-27 17:47 . 2008-08-27 17:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-27 17:47 . 2008-08-27 17:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-23 10:18 . 2008-08-23 10:18 <DIR> d-------- C:\WINDOWS\Cache
2008-08-23 10:18 . 2008-09-30 01:42 <DIR> d-------- C:\Program Files\Coupons
2008-08-14 22:43 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 06:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-09-30 06:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-09-30 06:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-09-30 06:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-09-30 06:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-09-30 06:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-09-30 06:20 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-09-30 06:20 116,228 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-09-30 03:36 --------- d-----w C:\Program Files\Dl_cats
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2(2)(2).dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups(2)(2).dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-06-26 16:37 115,824 ----a-w C:\WINDOWS\UnVet32.exe
2008-06-26 16:37 111,728 ----a-w C:\WINDOWS\AVShlExt.dll
2008-06-24 23:10 256,528 ----a-w C:\WINDOWS\SYSTEM32\UmxSbxw.dll
2008-06-24 23:10 117,264 ----a-w C:\WINDOWS\SYSTEM32\UmxSbxExw.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2005-12-10 06:38 1,663 ----a-w C:\WINDOWS\INF\COMF5.tmp
2005-11-19 07:46 1,663 ----a-w C:\WINDOWS\INF\COMC3.tmp
2005-11-19 06:51 1,663 ----a-w C:\WINDOWS\INF\COMC2.tmp
2007-03-17 02:15 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2008-06-24 15:32 32,768 --sha-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008062420080625\index.dat
.
((((((((((((((((((((((((((((( snapshot_2008-09-27_17.07.52.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-27 13:09:30 226,408 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-09-30 05:33:27 223,224 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2008-09-27 13:56:48 716,080 ----a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
+ 2008-09-28 19:40:55 51,440 ----a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
+ 2008-09-30 06:22:53 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_624.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-10-08 131072]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2004-10-08 53248]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-08-20 230664]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-10 155648]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]
"QOELOADER"="C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-06-26 14088]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-04 1193200]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-05 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-05 259312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-01 185896]
C:\Documents and Settings\BRADLEY PETERS\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 462848]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 462848]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-25 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 C:\WINDOWS\SYSTEM32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.rav"= Ravmp3e.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-10-12 19:13 7086080 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-09-06 194048]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
S4 DLCCCustomerConnect;DLCCCustomerConnect;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\DLCCserv.exe [2005-06-07 57344]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\BRADLEY PETERS\Application Data\Mozilla\Firefox\Profiles\go6iuwx4.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 13:06:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-30 13:20:31
ComboFix-quarantined-files.txt 2008-09-30 17:18:16
ComboFix2.txt 2008-09-29 17:53:43
ComboFix3.txt 2008-09-27 21:16:26
ComboFix4.txt 2008-06-28 02:19:50
ComboFix5.txt 2008-09-30 16:29:48
Pre-Run: 10,214,760,448 bytes free
Post-Run: 10,201,710,592 bytes free
241 --- E O F --- 2008-09-25 07:33:22 | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13812
| Posted 9-30-2008 7:08 (GMT +1) | | Hello 
Please download Malwarebytes' Anti-Malware:
Or here:
to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with fresh combofix log.
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
| | Back to Top | | |
|
Dara400
New Member
Date Joined Sep 2008
Total Posts : 5
| Posted 10-1-2008 3:17 (GMT +1) | | Touch,
Thanks for your quick reply. I ran Malwarebytes but it didn't seem to find anything. I re-ran dr. web and downloaded a new combo fix. I had to delete the re-named file for my original combo fix. Here are the new logs. Thanks again for your help. I really appreciate it.
DR. WEB
ComboFix.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\BRADLEY PETERS\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\List-C.bat;C:\Documents and Settings\BRADLEY PETERS\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\BRADLEY PETERS\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\BRADLEY PETERS\Desktop;Archive contains infected objects;Renamed.;
HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:31 AM, on 2008-10-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\BRADLEY PETERS\My Documents\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132640878640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132640867109
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A60E3F34-9E74-4E31-BA45-A74281393EF1}: NameServer = 68.28.122.93 68.28.114.91
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
--
End of file - 12197 bytes
MALWAREBYTES
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3
2008-10-01 12:57:01 AM
mbam-log-2008-10-01 (00-57-01).txt
Scan type: Full Scan (A:\|C:\|)
Objects scanned: 92586
Time elapsed: 1 hour(s), 14 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
COMBOFIX
ComboFix 08-09-30.03 - BRADLEY PETERS 2008-10-01 8:57:46.11 - NTFSx86
Running from: C:\Documents and Settings\BRADLEY PETERS\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.
2008-09-30 23:04 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-09-30 23:03 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-09-27 17:52 . 2008-09-28 19:49 <DIR> d-------- C:\Program Files\Comodo
2008-09-27 17:52 . 2008-07-14 05:09 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-09-27 17:52 . 2008-07-14 05:09 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-09-27 17:52 . 2008-04-13 20:12 22,528 --a------ C:\WINDOWS\SYSTEM32\wsock32.dlb
2008-09-23 20:14 . 2008-09-30 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-23 11:54 . 2008-09-23 17:00 <DIR> d-------- C:\Program Files\7-Zip
2008-09-21 03:13 . 2008-09-21 03:13 4,960 --a------ C:\WINDOWS\SYSTEM32\PerfStringBackup.TMP
2008-09-21 01:05 . 2008-09-21 01:05 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-09-21 01:05 . 2008-09-21 01:05 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-09-21 00:26 . 2008-09-21 00:26 <DIR> d-------- C:\WINDOWS\EHome
2008-09-21 00:22 . 2008-09-21 00:22 0 --a----t- C:\WINDOWS\005911_.tmp
2008-09-20 09:11 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\SYSTEM32\DRIVERS\slntamr.sys
2008-09-20 09:10 . 2008-04-13 20:12 291,328 --------- C:\WINDOWS\SYSTEM32\qagentrt.dll
2008-09-20 09:10 . 2008-04-13 20:12 150,528 --------- C:\WINDOWS\SYSTEM32\qagent.dll
2008-09-20 09:10 . 2008-04-13 20:12 76,800 --------- C:\WINDOWS\SYSTEM32\qutil.dll
2008-09-20 09:10 . 2008-04-13 20:12 62,464 --------- C:\WINDOWS\SYSTEM32\qcliprov.dll
2008-09-20 09:10 . 2008-04-13 20:12 61,952 --------- C:\WINDOWS\SYSTEM32\rasqec.dll
2008-09-20 09:09 . 2004-08-03 22:41 180,360 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfax.sys
2008-09-20 09:09 . 2008-04-13 20:12 144,384 --------- C:\WINDOWS\SYSTEM32\onex.dll
2008-09-20 09:06 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\SYSTEM32\mmcex.dll
2008-09-20 09:06 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\SYSTEM32\microsoft.managementconsole.dll
2008-09-20 09:06 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\SYSTEM32\mmcfxcommon.dll
2008-09-20 09:06 . 2008-04-13 20:11 86,016 --------- C:\WINDOWS\SYSTEM32\mdmxsdk.dll
2008-09-20 09:06 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\SYSTEM32\mmcperf.exe
2008-09-20 09:06 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys
2008-09-20 09:05 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\SYSTEM32\kmsvc.dll
2008-09-20 09:05 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\SYSTEM32\l2gpstore.dll
2008-09-20 09:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdpash.dll
2008-09-20 09:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdnepr.dll
2008-09-20 09:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdiultn.dll
2008-09-20 09:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdbhc.dll
2008-09-20 09:04 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfdpsp2.sys
2008-09-20 09:04 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfcxts2.sys
2008-09-20 09:04 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hsfbs2s2.sys
2008-09-20 09:04 . 2008-04-13 12:36 144,384 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hdaudbus.sys
2008-09-20 09:04 . 2008-04-13 20:11 32,285 --------- C:\WINDOWS\SYSTEM32\hsfcisp2.dll
2008-09-20 09:04 . 2008-04-13 14:46 25,600 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hidbth.sys
2008-09-20 09:04 . 2008-04-13 14:45 19,200 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hidir.sys
2008-09-20 09:04 . 2007-09-17 04:48 1,261 --------- C:\WINDOWS\SYSTEM32\pid.inf
2008-09-20 09:03 . 2008-04-13 20:11 184,832 --------- C:\WINDOWS\SYSTEM32\eapp3hst.dll
2008-09-20 09:03 . 2008-04-13 20:11 180,224 --------- C:\WINDOWS\SYSTEM32\eapphost.dll
2008-09-20 09:03 . 2008-04-13 20:11 126,976 --------- C:\WINDOWS\SYSTEM32\eappcfg.dll
2008-09-20 09:03 . 2008-04-13 20:11 94,208 --------- C:\WINDOWS\SYSTEM32\eappgnui.dll
2008-09-20 09:03 . 2008-04-13 20:11 59,392 --------- C:\WINDOWS\SYSTEM32\eapqec.dll
2008-09-20 09:03 . 2008-04-13 20:11 40,960 --------- C:\WINDOWS\SYSTEM32\eappprxy.dll
2008-09-20 09:03 . 2008-04-13 20:11 33,792 --------- C:\WINDOWS\SYSTEM32\eapsvc.dll
2008-09-20 09:03 . 2008-04-13 20:11 30,720 --------- C:\WINDOWS\SYSTEM32\eapolqec.dll
2008-09-20 09:03 . 2008-04-13 20:12 20,992 --------- C:\WINDOWS\SYSTEM32\faxpatch.exe
2008-09-20 09:02 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-09-20 09:02 . 2008-04-13 20:11 132,096 --------- C:\WINDOWS\SYSTEM32\dot3svc.dll
2008-09-20 09:02 . 2008-04-13 20:11 57,856 --------- C:\WINDOWS\SYSTEM32\dot3cfg.dll
2008-09-20 09:02 . 2008-04-13 20:11 56,320 --------- C:\WINDOWS\SYSTEM32\dot3msm.dll
2008-09-20 09:02 . 2008-04-13 20:11 48,640 --------- C:\WINDOWS\SYSTEM32\dhcpqec.dll
2008-09-20 09:02 . 2008-04-13 20:11 39,936 --------- C:\WINDOWS\SYSTEM32\dot3gpclnt.dll
2008-09-20 09:02 . 2008-04-13 20:11 39,936 --------- C:\WINDOWS\SYSTEM32\dimsroam.dll
2008-09-20 09:02 . 2008-04-13 20:11 26,112 --------- C:\WINDOWS\SYSTEM32\dot3api.dll
2008-09-20 09:02 . 2008-04-13 20:11 19,456 --------- C:\WINDOWS\SYSTEM32\dimsntfy.dll
2008-09-20 09:02 . 2008-04-13 20:11 9,216 --------- C:\WINDOWS\SYSTEM32\dot3dlg.dll
2008-09-20 09:01 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cxthsfs2.cty
2008-09-20 09:01 . 2008-04-13 20:11 12,800 --------- C:\WINDOWS\SYSTEM32\credssp.dll
2008-09-20 08:59 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\SYSTEM32\ati3duag.dll
2008-09-20 08:58 . 2008-04-13 20:11 4,255 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv01nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,967 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv02nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,775 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv11nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,711 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv09nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,647 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv07nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,615 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv05nt5.dll
2008-09-20 08:58 . 2008-04-13 20:11 3,135 --------- C:\WINDOWS\SYSTEM32\DRIVERS\adv08nt5.dll
2008-09-20 08:57 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 13:33 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-10-01 13:33 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-10-01 13:33 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-10-01 13:33 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-10-01 13:33 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-10-01 13:33 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-10-01 13:33 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-10-01 13:33 119,268 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-10-01 05:09 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 05:42 --------- d-----w C:\Program Files\Coupons
2008-09-30 03:36 --------- d-----w C:\Program Files\Dl_cats
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2(2)(2).dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups(2)(2).dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2005-12-10 06:38 1,663 ----a-w C:\WINDOWS\INF\COMF5.tmp
2005-11-19 07:46 1,663 ----a-w C:\WINDOWS\INF\COMC3.tmp
2005-11-19 06:51 1,663 ----a-w C:\WINDOWS\INF\COMC2.tmp
2007-03-17 02:15 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2008-06-24 15:32 32,768 --sha-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008062420080625\index.dat
.
((((((((((((((((((((((((((((( snapshot_2008-09-27_17.07.52.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-09-27 13:09:30 226,408 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-09-30 05:33:27 223,224 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2008-09-27 13:56:48 716,080 ----a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
+ 2008-09-28 19:40:55 51,440 ----a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
+ 2008-10-01 13:36:04 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_600.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-10-08 131072]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2004-10-08 53248]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-08-20 230664]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-10 155648]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]
"QOELOADER"="C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-06-26 14088]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-04 1193200]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-05 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-05 259312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-01 185896]
C:\Documents and Settings\BRADLEY PETERS\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 462848]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 462848]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-25 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 C:\WINDOWS\SYSTEM32\UmxWNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.rav"= Ravmp3e.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-10-12 19:13 7086080 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\BRADLEY PETERS\Application Data\Mozilla\Firefox\Profiles\go6iuwx4.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 09:40:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\SYSTEM32\snmp.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\SYSTEM32\dlcccoms.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
.
**************************************************************************
.
Completion time: 2008-10-01 10:00:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-01 13:57:54
ComboFix2.txt 2008-09-30 17:21:09
ComboFix3.txt 2008-09-29 17:53:43
ComboFix4.txt 2008-09-27 21:16:26
ComboFix5.txt 2008-10-01 12:52:26
Pre-Run: 14,045,806,592 bytes free
Post-Run: 14,441,607,168 bytes free
252 --- E O F --- 2008-09-25 07:33:22 | | Back to Top | | |
|
Dara400
New Member
Date Joined Sep 2008
Total Posts : 5
| Posted 10-2-2008 5:45 (GMT +1) | | Touch,
It looks like something is still on my computer. Dr. Web is showing a couple of infections. Malwarebytes found a Trojan (I deleted it after I saved the log) and there is the same file in CCleaner no matter how many times I run it. Here are the logs. Thanks again for all of your help.
P.S. After I ran combofix an alert from Spybot popped up asking if I wanted to allow a change. The on difference was the old data ended in %* and the new data was /S There was no information on the change when I tried the info button. I clicked yes.
HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:43 AM, on 2008-10-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\BRADLEY PETERS\My Documents\HiJackThis.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132640878640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132640867109
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A60E3F34-9E74-4E31-BA45-A74281393EF1}: NameServer = 68.28.122.93 68.28.114.91
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
--
End of file - 12649 bytes
CCLEANER
CLEANING COMPLETE - (45.274 secs)
------------------------------------------------------------------------------------------
552 bytes removed.
------------------------------------------------------------------------------------------
Details of files deleted
------------------------------------------------------------------------------------------
C:\WINDOWS\system32\wbem\Logs\wbemcore.log 552 bytes
------------------------------------------------------------------------------------------
DR. WEB
ComboFix.exe\32788R22FWJFW\C.bat;C:\Documents and Settings\BRADLEY PETERS\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\List-C.bat;C:\Documents and Settings\BRADLEY PETERS\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\BRADLEY PETERS\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\BRADLEY PETERS\Desktop;Archive contains infected objects;Renamed.;
Dc7.#xe\32788R22FWJFW\C.bat;C:\RECYCLER\S-1-5-21-892164520-3885898354-2493395939-1006\Dc7.#xe;Probably BATCH.Virus;;
Dc7.#xe\32788R22FWJFW\List-C.bat;C:\RECYCLER\S-1-5-21-892164520-3885898354-2493395939-1006\Dc7.#xe;Probably BATCH.Virus;;
Dc7.#xe\32788R22FWJFW\psexec.cfexe;C:\RECYCLER\S-1-5-21-892164520-3885898354-2493395939-1006\Dc7.#xe;Program.PsExec.171;;
Dc7.#xe;C:\RECYCLER\S-1-5-21-892164520-3885898354-2493395939-1006;Archive contains infected objects;Renamed.;
A0110325.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1010;Probably BATCH.Virus;Deleted.;
A0110342.EXE;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1010;Program.PsExec.170;Deleted.;
A0110346.bat;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1010;Probably BATCH.Virus;Deleted.;
MALWAREBYTES
Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 3
10:34:59 PM 2008-10-01
mbam-log-10-1-2008 (22-34-27).txt
Scan type: Full Scan (A:\|C:\|)
Objects scanned: 85130
Time elapsed: 1 hour(s), 1 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Adobe\Acrobat 6.0\Reader\PDF417Encoder.dll (Trojan.Downloader) -> No action taken. | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13812
| Posted 10-3-2008 3:36 (GMT +1) | | | Ok-
To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps:
System Restore
Uninstall ComboFix
Go to Start->Run, and type in ComboFix /u
Make sure there is a space between ComboFix and /u
Click Enter
This will ->
Uninstall ComboFix. Delete its related folders and files.
Reset your clock settings. Hide file extensions.
Hide the system/hidden files. And resets System Restore again.
Empty recycle bin, then I don´t think drweb find more infections
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
| | Back to Top | | |
|
Dara400
New Member
Date Joined Sep 2008
Total Posts : 5
| Posted 10-4-2008 4:40 (GMT +1) | | Touch,
After following your instructions, the only thing that is not going away now is the file that pops up in the CCleaner. No matter how many times I run it. Is this something that I should be worried about? Thanks again for all of your help. Here is the CCleaner log
CCLEANER
CLEANING COMPLETE - (45.274 secs)
------------------------------------------------------------------------------------------
552 bytes removed.
------------------------------------------------------------------------------------------
Details of files deleted
------------------------------------------------------------------------------------------
C:\WINDOWS\system32\wbem\Logs\wbemcore.log 552 bytes
------------------------------------------------------------------------------------------ | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 13812
| Posted 10-4-2008 6:43 (GMT +1) | | | Nothing to worry about:
"The Wbemcore.log file contains a wide spectrum of trace messages. For example, it records logon attempts."
It´s a legal Windows file, and you´ll probably get a new one tomorrow, or when you start the computer
| |
| |
