|
-
August 16th, 2010, 06:36 PM
#1
Another infected PC
I've quickly come to learn that this is the best place to go when I come across an infected computer. It would be greatly appreciated if someone could take a peak at the attached hijackthis log file and give me some pointers on what to do to clean it up. Very Respectfully.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:31:31 PM, on 8/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Documents and Settings\travel\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe
C:\Program Files\Juniper Networks\Secure Application Manager\dsSamUI.exe
C:\Documents and Settings\travel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\travel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\travel\My Documents\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by L-3 Communications CSW
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ADC PlugIn - {19090308-636D-4e9b-A1CE-A647B6F794BF} - C:\Program Files\shk_v10.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\travel\Application Data\SystemProc\lsass.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://web
O15 - Trusted Zone: http://*.ils-live
O15 - Trusted Zone: http://*.ilsat
O15 - Trusted Zone: http://*.ilsbeta
O15 - Trusted Zone: http://*.ilsdev
O15 - Trusted Zone: http://*.ilsnet
O15 - Trusted Zone: http://*.ilsssc
O15 - Trusted Zone: http://*.csw.l-3com.com
O15 - Trusted Zone: http://ils-live.csw.l-3com.com
O15 - Trusted Zone: http://ilsat.csw.l-3com.com
O15 - Trusted Zone: http://ilsbeta.csw.l-3com.com
O15 - Trusted Zone: http://ilsdev.csw.l-3com.com
O15 - Trusted Zone: http://ilsnet.csw.l-3com.com
O15 - Trusted Zone: http://ilsssc.csw.l-3com.com
O15 - Trusted Zone: http://slnt12.csw.l-3com.com
O15 - Trusted Zone: http://slsql08.csw.l-3com.com
O15 - Trusted Zone: http://taw.csw.l-3com.com
O15 - Trusted Zone: http://work.csw.l-3com.com
O15 - Trusted Zone: http://*.slnt12
O15 - Trusted Zone: http://*.slsql08
O15 - Trusted Zone: http://*.taw
O15 - Trusted Zone: http://*.web
O15 - Trusted Zone: http://*.work
O15 - Trusted Zone: http://*.ils-live (HKLM)
O15 - Trusted Zone: http://*.ilsat (HKLM)
O15 - Trusted Zone: http://*.ilsbeta (HKLM)
O15 - Trusted Zone: http://*.ilsdev (HKLM)
O15 - Trusted Zone: http://*.ilsnet (HKLM)
O15 - Trusted Zone: http://*.ilsssc (HKLM)
O15 - Trusted Zone: http://*.csw.l-3com.com (HKLM)
O15 - Trusted Zone: http://ils-live.csw.l-3com.com (HKLM)
O15 - Trusted Zone: http://ilsat.csw.l-3com.com (HKLM)
O15 - Trusted Zone: http://ilsbeta.csw.l-3com.com (HKLM)
O15 - Trusted Zone: http://ilsdev.csw.l-3com.com (HKLM)
O15 - Trusted Zone: http://ilsnet.csw.l-3com.com (HKLM)
O15 - Trusted Zone: http://ilsssc.csw.l-3com.com (HKLM)
O15 - Trusted Zone: http://slnt12.csw.l-3com.com (HKLM)
O15 - Trusted Zone: http://slsql08.csw.l-3com.com (HKLM)
O15 - Trusted Zone: http://taw.csw.l-3com.com (HKLM)
O15 - Trusted Zone: http://work.csw.l-3com.com (HKLM)
O15 - Trusted Zone: http://*.slnt12 (HKLM)
O15 - Trusted Zone: http://*.slsql08 (HKLM)
O15 - Trusted Zone: http://*.taw (HKLM)
O15 - Trusted Zone: http://*.web (HKLM)
O15 - Trusted Zone: http://*.work (HKLM)
O16 - DPF: {20641312-84DA-11D4-93BD-00105AABE9D7} (Launch.LaunchProcess) - http://ilsat.csw.l-3com.com/ilsat/Downloads/Launch.cab
O16 - DPF: {229634BD-A350-11D5-93FE-00105AABE9D7} (Barcode.PrintBarCode) - http://ilsat.csw.l-3com.com/ilsat/Downloads/Barcode.cab
O16 - DPF: {22ACD16F-99EB-11D2-9BB3-00400561D975} - http://ilsat.csw.l-3com.com/ilsat/Downloads/pvcombo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1229364616321
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1229364580680
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://thebrowndomain.com:1090/bl_camera.cab
O16 - DPF: {8F55FA20-10DA-44C7-B675-CE2A290DE3B2} (ILS Data-Bound TreeView Control) - http://ilsat.csw.l-3com.com/ilsat/Downloads/ILSTree.cab
O16 - DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} (ProtoView Calendar Control) - http://ilsat.csw.l-3com.com/ilsat/Downloads/pvdtcal.cab
O16 - DPF: {B754EA80-0AC4-48AF-8CBF-12CD438ECC92} (ILS Data-Bound Grid Control) - http://ilsat.csw.l-3com.com/ilsat/Downloads/ILSGrid.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://ilsat.csw.l-3com.com/ilsat/Do...ivexviewer.cab
O16 - DPF: {CD666348-C8D4-11D5-9403-00105AABE9D7} (pILSTree2.ILSTree2) - http://ilsat.csw.l-3com.com/ilsat/Do...s/ILSTree2.cab
O16 - DPF: {D4C8F0A1-6949-496A-8FD9-975C68842F02} (pRichText.RichText) - http://ilsat.csw.l-3com.com/ilsat/Do...s/richtext.CAB
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remoteaccess.csw.l-3com.com/...erSetupSP1.cab
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} - http://ilsat.csw.l-3com.com/ilsat/Downloads/pvdt80.cab
O16 - DPF: {EEA054ED-AAC4-11D4-93C9-00105AABE9D7} (CreateClientDSN.CreateDSN) - http://ilsat.csw.l-3com.com/ilsat/Do...eClientDSN.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://remoteaccess.csw.l-3com.com/...etupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{15C017FD-0FA9-4149-853B-1265C7B98D3D}: Domain = csw.l-3com.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: AMINIT.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Quicktime update (QTUpdate) - Unknown owner - C:\Program Files\csrss.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe
--
End of file - 15110 bytes
-
August 16th, 2010, 07:48 PM
#2
-
August 16th, 2010, 10:16 PM
#3
Hi Broni,
Thanks for your help. Here's the malwarebytes log. I'll post the other logs in a bit.
Malwarebytes log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4438
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/16/2010 6:37:31 PM
mbam-log-2010-08-16 (18-37-31).txt
Scan type: Quick scan
Objects scanned: 140002
Time elapsed: 6 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 7
Files Infected: 36
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{19090308-636d-4e9b-a1ce-a647b6f794bf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{19090308-636d-4e9b-a1ce-a647b6f794bf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{19090308-636d-4e9b-a1ce-a647b6f794bf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19090308-636d-4e9b-a1ce-a647b6f794bf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Wireshark Antivirus (Rogue.WiresharkAntivirus) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\travel\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\scdata (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\travel\Start Menu\Programs\Wireshark Antivirus (Rogue.WiresharkAntivirus) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\scdata\wispex.html (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\wskinn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\i1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\i2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\i3.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\j1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\j2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\j3.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\jj1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\jj2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\jj3.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\l1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\l2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\l3.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\pix.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\t1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\t2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\Thumbs.db (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\up1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\up2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\w1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\w11.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\w2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\w3.jpg (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\word.doc (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\wt1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\wt2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\scdata\images\wt3.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\travel\Start Menu\Programs\Wireshark Antivirus\Wireshark Antivirus.lnk (Rogue.WiresharkAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\nuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\sh3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\sh4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\skynet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Wireshark Antivirus.LNK (Rogue.WiresharkAntivirus) -> Quarantined and deleted successfully.
-
August 17th, 2010, 12:39 AM
#4
I couldn't get Gmer to work. It kept crashing on me. I tried several times and could never get a log created. I had to move on to DDS. So here are the two log files I gathered with DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by travel at 21:35:44.43 on Mon 08/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1186 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\travel\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://web
uWindow Title = Windows Internet Explorer provided by L-3 Communications CSW
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [AClntUsr] c:\program files\altiris\aclient\AClntUsr.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoSMBallonTip = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: ils-live
Trusted Zone: ilsat
Trusted Zone: ilsatweb
Trusted Zone: ilsbeta
Trusted Zone: ilsdev
Trusted Zone: ilsnet
Trusted Zone: ilsssc
Trusted Zone: l-3com.com\*.csw
Trusted Zone: l-3com.com\ils-live.csw
Trusted Zone: l-3com.com\ilsat.csw
Trusted Zone: l-3com.com\ilsatweb.csw
Trusted Zone: l-3com.com\ilsbeta.csw
Trusted Zone: l-3com.com\ilsdev.csw
Trusted Zone: l-3com.com\ilsnet.csw
Trusted Zone: l-3com.com\ilsssc.csw
Trusted Zone: l-3com.com\portal.csw
Trusted Zone: l-3com.com\remoteaccess.csw
Trusted Zone: l-3com.com\slcsg01.CSW
Trusted Zone: l-3com.com\slcsg02.CSW
Trusted Zone: l-3com.com\slcsg03.CSW
Trusted Zone: l-3com.com\slcsg04.CSW
Trusted Zone: l-3com.com\slcsg05.CSW
Trusted Zone: l-3com.com\slcsg06.CSW
Trusted Zone: l-3com.com\slcsg07.CSW
Trusted Zone: l-3com.com\slcsg08.CSW
Trusted Zone: l-3com.com\slcsg09.CSW
Trusted Zone: l-3com.com\slcsg10.CSW
Trusted Zone: l-3com.com\slnt12.csw
Trusted Zone: l-3com.com\slsql08.csw
Trusted Zone: l-3com.com\taw.csw
Trusted Zone: l-3com.com\work.csw
Trusted Zone: slnt12
Trusted Zone: slsql08
Trusted Zone: taw
Trusted Zone: web
Trusted Zone: work
Trusted Zone: ils-live
Trusted Zone: ilsat
Trusted Zone: ilsatweb
Trusted Zone: ilsbeta
Trusted Zone: ilsdev
Trusted Zone: ilsnet
Trusted Zone: ilsssc
Trusted Zone: l-3com.com\*.csw
Trusted Zone: l-3com.com\ils-live.csw
Trusted Zone: l-3com.com\ilsat.csw
Trusted Zone: l-3com.com\ilsatweb.csw
Trusted Zone: l-3com.com\ilsbeta.csw
Trusted Zone: l-3com.com\ilsdev.csw
Trusted Zone: l-3com.com\ilsnet.csw
Trusted Zone: l-3com.com\ilsssc.csw
Trusted Zone: l-3com.com\slcsg01.CSW
Trusted Zone: l-3com.com\slcsg02.CSW
Trusted Zone: l-3com.com\slcsg03.CSW
Trusted Zone: l-3com.com\slcsg04.CSW
Trusted Zone: l-3com.com\slcsg05.CSW
Trusted Zone: l-3com.com\slcsg06.CSW
Trusted Zone: l-3com.com\slcsg07.CSW
Trusted Zone: l-3com.com\slcsg08.CSW
Trusted Zone: l-3com.com\slcsg09.CSW
Trusted Zone: l-3com.com\slnt12.csw
Trusted Zone: l-3com.com\slsql08.csw
Trusted Zone: l-3com.com\taw.csw
Trusted Zone: l-3com.com\work.csw
Trusted Zone: slnt12
Trusted Zone: slsql08
Trusted Zone: taw
Trusted Zone: web
Trusted Zone: work
DPF: {20641312-84DA-11D4-93BD-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/Launch.cab
DPF: {229634BD-A350-11D5-93FE-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/Barcode.cab
DPF: {22ACD16F-99EB-11D2-9BB3-00400561D975} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/pvcombo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229364616321
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229364580680
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://thebrowndomain.com:1090/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8F55FA20-10DA-44C7-B675-CE2A290DE3B2} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/ILSTree.cab
DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/pvdtcal.cab
DPF: {B754EA80-0AC4-48AF-8CBF-12CD438ECC92} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/ILSGrid.cab
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/activexviewer.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CD666348-C8D4-11D5-9403-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/ILSTree2.cab
DPF: {D4C8F0A1-6949-496A-8FD9-975C68842F02} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/richtext.CAB
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remoteaccess.csw.l-3com.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/pvdt80.cab
DPF: {EEA054ED-AAC4-11D4-93C9-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/CreateClientDSN.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remoteaccess.csw.l-3com.com/dana-cached/sc/JuniperSetupClient.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: AMINIT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2009-2-4 218112]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-13 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-13 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-13 243024]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [2010-4-8 85288]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-13 308136]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-4-14 54752]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-5-14 4440064]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-6-6 1821376]
R2 WUSB54GSC;WUSB54GSC;c:\program files\linksys\wusb54gsc\WLService.exe [2009-9-21 53307]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-11 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100813.009\naveng.sys [2010-8-13 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100813.009\navex15.sys [2010-8-13 1362608]
S2 QTUpdate;Quicktime update;c:\program files\csrss.exe --> c:\program files\csrss.exe [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-6-6 116928]
=============== Created Last 30 ================
2010-08-17 01:29:04 0 d-----w- c:\docume~1\travel\applic~1\Malwarebytes
2010-08-17 01:28:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 01:28:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 01:28:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-17 01:28:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 20:05:55 0 d-----w- c:\program files\VideoLAN
2010-08-14 02:02:10 0 d-----w- c:\docume~1\alluse~1\applic~1\XoftSpySE
2010-08-14 00:39:26 0 d--h--w- C:\$AVG
2010-08-14 00:35:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-14 00:35:01 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-14 00:34:55 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-14 00:34:46 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-14 00:31:49 0 d-----w- c:\program files\AVG
2010-08-14 00:31:30 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-08-06 13:33:53 0 d-----w- c:\program files\iPod
2010-08-06 13:33:44 0 d-----w- c:\program files\iTunes
2010-08-06 13:33:44 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-06 13:26:28 0 d-----w- c:\program files\Bonjour
==================== Find3M ====================
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-08-03 21:33:14 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080320090804\index.dat
============= FINISH: 21:36:29.06 ===============
-
August 17th, 2010, 12:39 AM
#5
Here is the Attach.txt file too:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2009 1:01:48 PM
System Uptime: 8/16/2010 9:28:31 PM (0 hours ago)
Motherboard: Dell Inc. | | 0F8098
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 127.521 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 466 GiB total, 356.37 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP275: 5/19/2010 12:59:35 PM - System Checkpoint
RP276: 5/20/2010 1:47:35 PM - System Checkpoint
RP277: 5/21/2010 2:33:34 PM - System Checkpoint
RP278: 5/24/2010 11:53:45 AM - System Checkpoint
RP279: 5/25/2010 5:11:58 PM - System Checkpoint
RP280: 5/26/2010 3:00:14 AM - Software Distribution Service 3.0
RP281: 5/27/2010 7:54:42 AM - System Checkpoint
RP282: 5/28/2010 8:02:25 AM - System Checkpoint
RP283: 5/29/2010 9:50:23 AM - System Checkpoint
RP284: 5/30/2010 10:02:23 AM - System Checkpoint
RP285: 5/31/2010 10:02:46 AM - System Checkpoint
RP286: 6/1/2010 12:14:33 PM - System Checkpoint
RP287: 6/2/2010 1:02:46 PM - System Checkpoint
RP288: 6/3/2010 2:58:35 PM - System Checkpoint
RP289: 6/4/2010 4:38:47 PM - System Checkpoint
RP290: 6/5/2010 3:00:15 AM - Software Distribution Service 3.0
RP291: 6/6/2010 3:02:52 AM - System Checkpoint
RP292: 6/7/2010 5:02:46 AM - System Checkpoint
RP293: 6/8/2010 10:53:54 AM - System Checkpoint
RP294: 6/9/2010 12:19:30 PM - System Checkpoint
RP295: 6/10/2010 2:27:13 PM - System Checkpoint
RP296: 6/11/2010 2:39:13 PM - System Checkpoint
RP297: 6/12/2010 3:00:28 AM - Software Distribution Service 3.0
RP298: 6/13/2010 3:46:04 AM - System Checkpoint
RP299: 6/14/2010 4:14:31 AM - System Checkpoint
RP300: 6/15/2010 5:26:33 AM - System Checkpoint
RP301: 6/16/2010 5:50:37 AM - System Checkpoint
RP302: 6/17/2010 6:26:33 AM - System Checkpoint
RP303: 6/18/2010 6:38:33 AM - System Checkpoint
RP304: 6/19/2010 8:38:34 AM - System Checkpoint
RP305: 6/20/2010 1:38:33 PM - System Checkpoint
RP306: 6/21/2010 2:29:37 PM - System Checkpoint
RP307: 6/22/2010 7:50:27 PM - System Checkpoint
RP308: 6/23/2010 9:32:36 PM - System Checkpoint
RP309: 6/24/2010 3:00:14 AM - Software Distribution Service 3.0
RP310: 6/25/2010 4:14:56 AM - System Checkpoint
RP311: 6/26/2010 5:26:52 AM - System Checkpoint
RP312: 6/27/2010 5:50:51 AM - System Checkpoint
RP313: 6/28/2010 7:11:20 AM - System Checkpoint
RP314: 6/29/2010 7:39:04 AM - System Checkpoint
RP315: 6/30/2010 7:51:04 AM - System Checkpoint
RP316: 7/1/2010 8:12:31 AM - System Checkpoint
RP317: 7/2/2010 8:15:04 AM - System Checkpoint
RP318: 7/3/2010 8:51:04 AM - System Checkpoint
RP319: 7/4/2010 10:03:04 AM - System Checkpoint
RP320: 7/5/2010 10:03:07 AM - System Checkpoint
RP321: 7/6/2010 10:03:15 AM - System Checkpoint
RP322: 7/7/2010 10:37:09 AM - System Checkpoint
RP323: 7/8/2010 10:44:42 AM - System Checkpoint
RP324: 7/9/2010 11:47:55 AM - System Checkpoint
RP325: 7/10/2010 12:15:35 PM - System Checkpoint
RP326: 7/11/2010 12:25:07 PM - System Checkpoint
RP327: 7/12/2010 12:36:49 PM - System Checkpoint
RP328: 7/13/2010 3:56:09 PM - System Checkpoint
RP329: 7/14/2010 4:13:10 PM - System Checkpoint
RP330: 7/15/2010 3:00:19 AM - Software Distribution Service 3.0
RP331: 7/16/2010 3:25:08 AM - System Checkpoint
RP332: 7/17/2010 4:25:07 AM - System Checkpoint
RP333: 7/18/2010 4:49:07 AM - System Checkpoint
RP334: 7/19/2010 5:25:07 AM - System Checkpoint
RP335: 7/20/2010 6:37:07 AM - System Checkpoint
RP336: 7/21/2010 6:49:08 AM - System Checkpoint
RP337: 7/22/2010 7:37:11 AM - System Checkpoint
RP338: 7/23/2010 2:07:35 PM - System Checkpoint
RP339: 7/27/2010 9:43:57 PM - System Checkpoint
RP340: 7/29/2010 2:33:49 PM - System Checkpoint
RP341: 7/30/2010 3:08:42 PM - System Checkpoint
RP342: 8/2/2010 12:03:15 PM - System Checkpoint
RP343: 8/3/2010 3:00:14 AM - Software Distribution Service 3.0
RP344: 8/4/2010 3:45:23 AM - System Checkpoint
RP345: 8/5/2010 4:21:23 AM - System Checkpoint
RP346: 8/6/2010 9:26:37 AM - System Checkpoint
RP347: 8/7/2010 9:45:23 AM - System Checkpoint
RP348: 8/9/2010 7:19:47 AM - System Checkpoint
RP349: 8/10/2010 8:45:29 AM - System Checkpoint
RP350: 8/11/2010 3:00:19 AM - Software Distribution Service 3.0
RP351: 8/12/2010 7:21:30 AM - System Checkpoint
RP352: 8/13/2010 7:48:32 AM - System Checkpoint
RP353: 8/13/2010 5:31:24 PM - Installed AVG Free 9.0
RP354: 8/14/2010 6:13:25 PM - System Checkpoint
RP355: 8/15/2010 7:37:20 PM - System Checkpoint
RP356: 8/16/2010 5:33:54 PM - Avg Update
==== Installed Programs ======================
Acrobat.com
Ad-Aware SE Plus
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Reader 9.3.3
Altiris Application Metering Agent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AVG Free 9.0
BlackBerry Desktop Software 4.3
Bonjour
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compact Wireless-G USB Network Adapter with SpeedBooster
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Google Chrome
Google Talk (remove only)
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Internet Explorer
iTunes
Java(TM) 6 Update 2
Juniper Citrix Services Client
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Juniper Terminal Services Client
Junk Mail filter update
LiveUpdate 3.1 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007 Get Started Tab
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2007 Get Started Tab
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Get Started Tab
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MOXplayer v1.1
MSVCRT
MSXML 6 Service Pack 2 (KB954459)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
OGA Notifier 2.0.0048.0
PDFCreator
PowerArchiver
PowerDVD 5.1
QuickTime
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Sonic DLA
Sonic RecordNow! Plus
Spelling Dictionaries Support For Adobe Reader 9
Sprint SmartView
Symantec AntiVirus
UltraVNC 1.0.6.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VJOcx2.0
VLC media player 1.1.2
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
8/16/2010 9:34:17 PM, error: System Error [1003] - Error code 1000007f, parameter1 00000008, parameter2 b83a0d70, parameter3 00000000, parameter4 00000000.
8/16/2010 9:34:12 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a706da0, parameter3 8a706f14, parameter4 805d2954.
8/16/2010 8:10:40 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 884c600c.
8/16/2010 6:41:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a320raid abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp iaStor ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx Symmpi sym_hi sym_u3 TosIde ultra viaagp ViaIde
8/16/2010 6:41:16 PM, error: Service Control Manager [7000] - The Quicktime update service failed to start due to the following error: The system cannot find the file specified.
8/16/2010 6:04:30 AM, error: Service Control Manager [7034] - The Quicktime update service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
-
August 17th, 2010, 12:46 AM
#6
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
===============================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
August 17th, 2010, 05:59 PM
#7
MBRCheck log:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d
Kernel Drivers (total 200):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB85AC000 aliide.sys
0xB85AE000 cmdide.sys
0xB85B0000 toside.sys
0xB85B2000 viaide.sys
0xB85B4000 intelide.sys
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85B6000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB84BC000 cpqarray.sys
0xB7F0B000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB7E43000 iaStor.sys
0xB7E2B000 atapi.sys
0xB84C0000 aha154x.sys
0xB8338000 sparrow.sys
0xB84C4000 symc810.sys
0xB80D8000 aic78xx.sys
0xB84C8000 dac960nt.sys
0xB80E8000 ql10wnt.sys
0xB84CC000 amsint.sys
0xB8340000 asc.sys
0xB84D0000 asc3550.sys
0xB8348000 mraid35x.sys
0xB8350000 i2omp.sys
0xB84D4000 ini910u.sys
0xB80F8000 ql1240.sys
0xB8108000 aic78u2.sys
0xB8358000 symc8xx.sys
0xB8360000 sym_hi.sys
0xB8368000 sym_u3.sys
0xB8370000 ABP480N5.SYS
0xB8378000 asc3350p.sys
0xB85B8000 cd20xrnt.sys
0xB8118000 ultra.sys
0xB7E12000 adpu160m.sys
0xB8380000 dpti2o.sys
0xB8128000 ql1080.sys
0xB8138000 ql12160.sys
0xB8148000 ql1280.sys
0xB8388000 perc2.sys
0xB85BA000 perc2hib.sys
0xB8390000 hpn.sys
0xB84D8000 cbidf2k.sys
0xB7DE6000 dac2w2k.sys
0xB7DCD000 symmpi.sys
0xB7D93000 a320raid.sys
0xB8158000 disk.sys
0xB8168000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7D73000 fltmgr.sys
0xB7D61000 sr.sys
0xB7D4C000 drvmcdb.sys
0xB8398000 PxHelp20.sys
0xB7D35000 KSecDD.sys
0xB7CA8000 Ntfs.sys
0xB7C7B000 NDIS.sys
0xB8178000 viaagp.sys
0xB8188000 sisagp.sys
0xB7C61000 Mup.sys
0xB8198000 alim1541.sys
0xB81A8000 amdagp.sys
0xB81B8000 agp440.sys
0xB81C8000 agpCPQ.sys
0xB7BD0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB73DD000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB73C9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB739E000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB8450000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB737A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8458000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7346000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB7323000 \SystemRoot\system32\DRIVERS\ks.sys
0xB7224000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB717D000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB8460000 \SystemRoot\System32\Drivers\Modem.SYS
0xB713D000 \SystemRoot\system32\drivers\smwdm.sys
0xB7119000 \SystemRoot\system32\drivers\portcls.sys
0xB7BC0000 \SystemRoot\system32\drivers\drmk.sys
0xB7066000 \SystemRoot\system32\drivers\senfilt.sys
0xB8468000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB7052000 \SystemRoot\system32\DRIVERS\parport.sys
0xB7BB0000 \SystemRoot\system32\DRIVERS\serial.sys
0xB858C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB7BA0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB85E4000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xB7B90000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB7B80000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8470000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8715000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB85E6000 \SystemRoot\System32\Drivers\RootMdm.sys
0xB7B70000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8594000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB703B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB7B60000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB7B50000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8478000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB702A000 \SystemRoot\system32\DRIVERS\psched.sys
0xB7B40000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8480000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8488000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8490000 \SystemRoot\system32\DRIVERS\pctnullport.sys
0xB8498000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB6FFA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB84A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85EA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6E84000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C35000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB6E50000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0xB8208000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8228000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85F0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8564000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB857C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB4A83000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xB4A61000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB4A4D000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xB8588000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB83C8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB860E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB7C29000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB8704000 \SystemRoot\System32\Drivers\Null.SYS
0xB861A000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83F0000 \SystemRoot\system32\drivers\ssrtln.sys
0xB4CE0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8400000 \SystemRoot\System32\drivers\vga.sys
0xB861E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8620000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8408000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8410000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4CD4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3BB1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3B58000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB3B40000 \??\C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS
0xB3B1A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB6FC2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB3AE1000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB3AA7000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB3A7F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB3A5D000 \SystemRoot\System32\drivers\afd.sys
0xB6FB2000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB39FB000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xB39D0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB3960000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB6F92000 \SystemRoot\System32\Drivers\Fips.SYS
0xB3902000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB38E5000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB38D1000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0xB6F22000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB389D000 \SystemRoot\System32\Drivers\avgldx86.sys
0xB3879000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB3861000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB862A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3C04000 \SystemRoot\System32\drivers\Dxapi.sys
0xB6F1A000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB87FB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xB8298000 \SystemRoot\system32\drivers\drvnddm.sys
0xB877B000 \SystemRoot\system32\dla\tfsndres.sys
0xB34BB000 \SystemRoot\system32\dla\tfsnifs.sys
0xB7C19000 \SystemRoot\system32\dla\tfsnopio.sys
0xB863C000 \SystemRoot\system32\dla\tfsnpool.sys
0xB6F0A000 \SystemRoot\system32\dla\tfsnboio.sys
0xB6F42000 \SystemRoot\system32\dla\tfsncofs.sys
0xB87B0000 \SystemRoot\system32\dla\tfsndrct.sys
0xB33DA000 \SystemRoot\system32\dla\tfsnudf.sys
0xB33C1000 \SystemRoot\system32\dla\tfsnudfa.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB34E5000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB35B9000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xB34E1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2E6C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB2D13000 \SystemRoot\System32\Drivers\HTTP.sys
0xB2E2C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB2C1C000 \SystemRoot\system32\DRIVERS\srv.sys
0xB2757000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2854000 \SystemRoot\system32\drivers\sysaudio.sys
0xB27DC000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xB24A5000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100813.009\navex15.sys
0xB2491000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100813.009\naveng.sys
0xB2359000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB1F2F000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xAF919000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 60):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
688 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
776 C:\WINDOWS\system32\lsass.exe
992 C:\WINDOWS\system32\nvsvc32.exe
1040 C:\WINDOWS\system32\ati2evxx.exe
1060 C:\WINDOWS\system32\svchost.exe
1144 svchost.exe
1308 C:\WINDOWS\system32\svchost.exe
1332 C:\WINDOWS\system32\ati2evxx.exe
1340 C:\Program Files\AVG\AVG9\avgchsvx.exe
1348 C:\Program Files\AVG\AVG9\avgrsx.exe
1428 svchost.exe
1484 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1576 svchost.exe
1832 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1872 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
556 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
628 C:\WINDOWS\system32\spoolsv.exe
1424 svchost.exe
1500 alg.exe
1512 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1572 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1764 C:\Program Files\Bonjour\mDNSResponder.exe
1936 C:\Program Files\Symantec AntiVirus\DefWatch.exe
376 C:\WINDOWS\system32\svchost.exe
436 C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
1200 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1892 C:\Program Files\AVG\AVG9\avgnsx.exe
2236 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2556 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2624 wmpnetwk.exe
2744 C:\WINDOWS\system32\searchindexer.exe
2884 C:\Program Files\Linksys\WUSB54GSC\WLService.exe
2920 C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
3084 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
840 C:\WINDOWS\system32\wscntfy.exe
1816 C:\WINDOWS\explorer.exe
3504 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3592 C:\WINDOWS\system32\dla\tfswctrl.exe
3600 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3608 C:\PROGRA~1\SYMANT~1\VPTray.exe
3668 C:\WINDOWS\system32\rundll32.exe
2088 C:\Program Files\Google\Google Talk\googletalk.exe
3164 C:\Program Files\Citrix\ICA Client\concentr.exe
2056 C:\Program Files\iTunes\iTunesHelper.exe
3308 C:\PROGRA~1\AVG\AVG9\avgtray.exe
208 C:\WINDOWS\system32\ctfmon.exe
3316 C:\Program Files\Windows Media Player\wmpnscfg.exe
2596 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
3844 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
2400 C:\Program Files\iPod\bin\iPodService.exe
3208 C:\Documents and Settings\travel\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
2640 C:\Program Files\Internet Explorer\iexplore.exe
5832 C:\Program Files\Internet Explorer\iexplore.exe
4544 C:\WINDOWS\system32\searchprotocolhost.exe
4508 C:\Documents and Settings\travel\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST3160828AS, Rev: 8.04
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BBF289AC40BA09F2CC1797655D4799D2AB148CB5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.
Done!
-
August 17th, 2010, 06:08 PM
#8
I didn't ask to enter anything, but fortunately, you did fine.
Reboot and post new MBRCheck log.
-
August 17th, 2010, 06:26 PM
#9
oh, woops. I'll go ahead and do another MBRCheck log. In the meantime, here's the combofix log.
ComboFix 10-08-17.02 - travel 08/17/2010 15:19:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1221 [GMT -7:00]
Running from: c:\documents and settings\travel\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\data
.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.
2010-08-17 21:09 . 2010-08-17 21:09 -------- d-----w- c:\documents and settings\travel\Application Data\Sonic
2010-08-17 01:29 . 2010-08-17 01:29 -------- d-----w- c:\documents and settings\travel\Application Data\Malwarebytes
2010-08-17 01:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 01:28 . 2010-08-17 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-17 01:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 01:28 . 2010-08-17 01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 20:06 . 2010-08-16 20:08 -------- d-----w- c:\documents and settings\travel\Application Data\vlc
2010-08-16 20:05 . 2010-08-16 20:05 -------- d-----w- c:\program files\VideoLAN
2010-08-14 02:02 . 2010-08-14 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2010-08-14 00:39 . 2010-08-14 00:39 -------- d-----w- C:\$AVG
2010-08-14 00:35 . 2010-08-14 00:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-14 00:35 . 2010-08-14 00:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-14 00:34 . 2010-08-14 00:34 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-14 00:34 . 2010-08-14 00:34 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-14 00:34 . 2010-08-17 16:24 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-14 00:31 . 2010-08-14 00:31 -------- d-----w- c:\program files\AVG
2010-08-14 00:31 . 2010-08-14 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-10 01:21 . 2010-08-11 07:26 -------- d-----w- c:\documents and settings\travel\Local Settings\Application Data\Temp
2010-08-10 01:21 . 2010-08-10 01:21 -------- d-----w- c:\documents and settings\travel\Local Settings\Application Data\Deployment
2010-08-06 13:33 . 2010-08-06 13:33 -------- d-----w- c:\program files\iPod
2010-08-06 13:33 . 2010-08-06 13:34 -------- d-----w- c:\program files\iTunes
2010-08-06 13:33 . 2010-08-06 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-06 13:29 . 2010-08-06 13:30 -------- d-----w- c:\program files\QuickTime
2010-08-06 13:26 . 2010-08-06 13:26 -------- d-----w- c:\program files\Bonjour
2010-08-06 13:16 . 2010-08-06 13:16 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-23 20:13 . 2010-07-23 20:13 292704 ----a-w- c:\documents and settings\travel\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 22:09 . 2009-08-03 20:04 -------- d-----w- c:\program files\Symantec AntiVirus
2010-08-11 10:11 . 2008-10-07 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-06 13:33 . 2009-12-11 14:44 -------- d-----w- c:\program files\Common Files\Apple
2010-07-31 02:37 . 2009-12-11 14:47 -------- d-----w- c:\documents and settings\travel\Application Data\Apple Computer
2010-07-23 21:14 . 2009-08-24 22:45 -------- d-----w- c:\documents and settings\travel\Application Data\Juniper Networks
2010-07-06 21:01 . 2010-07-06 21:01 230408 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-06 21:00 . 2010-07-06 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-02-17 20:19 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-24 13:47 . 2009-08-24 22:45 37464 ----a-w- c:\documents and settings\travel\Application Data\Juniper Networks\Setup\uninstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-30 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-08-04 18968]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-14 2065760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBallonTip"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-14 00:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\AMInit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 14:04 53248 -c--a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-10 01:21 136176 ----atw- c:\documents and settings\travel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2/4/2009 4:46 PM 218112]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/13/2010 5:34 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/13/2010 5:35 PM 243024]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [4/8/2010 1:44 PM 85288]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8/13/2010 5:33 PM 308136]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [5/14/2009 8:01 AM 4440064]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [9/21/2009 5:56 PM 53307]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/11/2010 8:02 PM 102448]
S2 QTUpdate;Quicktime update;c:\program files\csrss.exe --> c:\program files\csrss.exe [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/6/2007 2:24 PM 116928]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GTNDIS5
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708106416-1552605257-2064745200-1004Core.job
- c:\documents and settings\travel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-10 01:21]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708106416-1552605257-2064745200-1004UA.job
- c:\documents and settings\travel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-10 01:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ils-live
Trusted Zone: ilsat
Trusted Zone: ilsatweb
Trusted Zone: ilsbeta
Trusted Zone: ilsdev
Trusted Zone: ilsnet
Trusted Zone: ilsssc
Trusted Zone: l-3com.com\*.csw
Trusted Zone: l-3com.com\ils-live.csw
Trusted Zone: l-3com.com\ilsat.csw
Trusted Zone: l-3com.com\ilsatweb.csw
Trusted Zone: l-3com.com\ilsbeta.csw
Trusted Zone: l-3com.com\ilsdev.csw
Trusted Zone: l-3com.com\ilsnet.csw
Trusted Zone: l-3com.com\ilsssc.csw
Trusted Zone: l-3com.com\portal.csw
Trusted Zone: l-3com.com\remoteaccess.csw
Trusted Zone: l-3com.com\slcsg01.CSW
Trusted Zone: l-3com.com\slcsg02.CSW
Trusted Zone: l-3com.com\slcsg03.CSW
Trusted Zone: l-3com.com\slcsg04.CSW
Trusted Zone: l-3com.com\slcsg05.CSW
Trusted Zone: l-3com.com\slcsg06.CSW
Trusted Zone: l-3com.com\slcsg07.CSW
Trusted Zone: l-3com.com\slcsg08.CSW
Trusted Zone: l-3com.com\slcsg09.CSW
Trusted Zone: l-3com.com\slcsg10.CSW
Trusted Zone: l-3com.com\slnt12.csw
Trusted Zone: l-3com.com\slsql08.csw
Trusted Zone: l-3com.com\taw.csw
Trusted Zone: l-3com.com\work.csw
Trusted Zone: slnt12
Trusted Zone: slsql08
Trusted Zone: taw
Trusted Zone: web
Trusted Zone: work
Trusted Zone: ils-live
Trusted Zone: ilsat
Trusted Zone: ilsatweb
Trusted Zone: ilsbeta
Trusted Zone: ilsdev
Trusted Zone: ilsnet
Trusted Zone: ilsssc
Trusted Zone: l-3com.com\*.csw
Trusted Zone: l-3com.com\ils-live.csw
Trusted Zone: l-3com.com\ilsat.csw
Trusted Zone: l-3com.com\ilsatweb.csw
Trusted Zone: l-3com.com\ilsbeta.csw
Trusted Zone: l-3com.com\ilsdev.csw
Trusted Zone: l-3com.com\ilsnet.csw
Trusted Zone: l-3com.com\ilsssc.csw
Trusted Zone: l-3com.com\slcsg01.CSW
Trusted Zone: l-3com.com\slcsg02.CSW
Trusted Zone: l-3com.com\slcsg03.CSW
Trusted Zone: l-3com.com\slcsg04.CSW
Trusted Zone: l-3com.com\slcsg05.CSW
Trusted Zone: l-3com.com\slcsg06.CSW
Trusted Zone: l-3com.com\slcsg07.CSW
Trusted Zone: l-3com.com\slcsg08.CSW
Trusted Zone: l-3com.com\slcsg09.CSW
Trusted Zone: l-3com.com\slnt12.csw
Trusted Zone: l-3com.com\slsql08.csw
Trusted Zone: l-3com.com\taw.csw
Trusted Zone: l-3com.com\work.csw
Trusted Zone: slnt12
Trusted Zone: slsql08
Trusted Zone: taw
Trusted Zone: web
Trusted Zone: work
DPF: {20641312-84DA-11D4-93BD-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/Launch.cab
DPF: {229634BD-A350-11D5-93FE-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/Barcode.cab
DPF: {22ACD16F-99EB-11D2-9BB3-00400561D975} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/pvcombo.cab
DPF: {8F55FA20-10DA-44C7-B675-CE2A290DE3B2} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/ILSTree.cab
DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/pvdtcal.cab
DPF: {B754EA80-0AC4-48AF-8CBF-12CD438ECC92} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/ILSGrid.cab
DPF: {CD666348-C8D4-11D5-9403-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/ILSTree2.cab
DPF: {D4C8F0A1-6949-496A-8FD9-975C68842F02} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/richtext.CAB
DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/pvdt80.cab
DPF: {EEA054ED-AAC4-11D4-93C9-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/CreateClientDSN.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remoteaccess.csw.l-3com.com/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKLM-Run-AClntUsr - c:\program files\Altiris\AClient\AClntUsr.EXE
AddRemove-{92F2A534-C3E4-4B18-BEBD-329F5E848C8B} - c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 15:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\AMINIT.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\AMINIT.dll
- - - - - - - > 'explorer.exe'(2104)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-17 15:24:14
ComboFix-quarantined-files.txt 2010-08-17 22:24
Pre-Run: 136,857,231,360 bytes free
Post-Run: 137,764,458,496 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - F14F4A430C597DF72905F6E493C2B6AA
-
August 17th, 2010, 06:35 PM
#10
Here's another MBRCheck log:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d
Kernel Drivers (total 198):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB85AC000 aliide.sys
0xB85AE000 cmdide.sys
0xB85B0000 toside.sys
0xB85B2000 viaide.sys
0xB85B4000 intelide.sys
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85B6000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB84BC000 cpqarray.sys
0xB7F0B000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB7E43000 iaStor.sys
0xB7E2B000 atapi.sys
0xB84C0000 aha154x.sys
0xB8338000 sparrow.sys
0xB84C4000 symc810.sys
0xB80D8000 aic78xx.sys
0xB84C8000 dac960nt.sys
0xB80E8000 ql10wnt.sys
0xB84CC000 amsint.sys
0xB8340000 asc.sys
0xB84D0000 asc3550.sys
0xB8348000 mraid35x.sys
0xB8350000 i2omp.sys
0xB84D4000 ini910u.sys
0xB80F8000 ql1240.sys
0xB8108000 aic78u2.sys
0xB8358000 symc8xx.sys
0xB8360000 sym_hi.sys
0xB8368000 sym_u3.sys
0xB8370000 ABP480N5.SYS
0xB8378000 asc3350p.sys
0xB85B8000 cd20xrnt.sys
0xB8118000 ultra.sys
0xB7E12000 adpu160m.sys
0xB8380000 dpti2o.sys
0xB8128000 ql1080.sys
0xB8138000 ql12160.sys
0xB8148000 ql1280.sys
0xB8388000 perc2.sys
0xB85BA000 perc2hib.sys
0xB8390000 hpn.sys
0xB84D8000 cbidf2k.sys
0xB7DE6000 dac2w2k.sys
0xB7DCD000 symmpi.sys
0xB7D93000 a320raid.sys
0xB8158000 disk.sys
0xB8168000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7D73000 fltmgr.sys
0xB7D61000 sr.sys
0xB7D4C000 drvmcdb.sys
0xB8398000 PxHelp20.sys
0xB7D35000 KSecDD.sys
0xB7CA8000 Ntfs.sys
0xB7C7B000 NDIS.sys
0xB8178000 viaagp.sys
0xB8188000 sisagp.sys
0xB7C61000 Mup.sys
0xB8198000 alim1541.sys
0xB81A8000 amdagp.sys
0xB81B8000 agp440.sys
0xB81C8000 agpCPQ.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB73DD000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB73C9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB739E000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB8450000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB737A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8458000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7346000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB7323000 \SystemRoot\system32\DRIVERS\ks.sys
0xB7224000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB717D000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB8460000 \SystemRoot\System32\Drivers\Modem.SYS
0xB713D000 \SystemRoot\system32\drivers\smwdm.sys
0xB7119000 \SystemRoot\system32\drivers\portcls.sys
0xB82D8000 \SystemRoot\system32\drivers\drmk.sys
0xB7066000 \SystemRoot\system32\drivers\senfilt.sys
0xB8468000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB7052000 \SystemRoot\system32\DRIVERS\parport.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8580000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB85E2000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xB8308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8470000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB86EE000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB85E6000 \SystemRoot\System32\Drivers\RootMdm.sys
0xB7BD0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8588000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB703B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB7BC0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB7BB0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8478000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB702A000 \SystemRoot\system32\DRIVERS\psched.sys
0xB7BA0000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8480000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8488000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8490000 \SystemRoot\system32\DRIVERS\pctnullport.sys
0xB8498000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB6FB0000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB7B90000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB84A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85EC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6E3A000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C39000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB6E06000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0xB7B50000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB81E8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8560000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB8570000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB47C3000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xB47A1000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB478D000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xB4641000
0xB462D000
0xB6FAC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8288000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB83C8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB6FA4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB6F98000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8600000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87E3000 \SystemRoot\System32\Drivers\Null.SYS
0xB8602000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83D8000 \SystemRoot\system32\drivers\ssrtln.sys
0xB83E0000 \SystemRoot\System32\drivers\vga.sys
0xB860C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB860E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6F8C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB45FA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB45A1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4589000 \??\C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS
0xB4563000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB452A000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB44F0000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB44C8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB44A6000 \SystemRoot\System32\drivers\afd.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB4444000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xB4419000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB43A9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB6F68000 \SystemRoot\System32\Drivers\Fips.SYS
0xB434B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB432E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB431A000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0xB8410000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB42E6000 \SystemRoot\System32\Drivers\avgldx86.sys
0xB6F48000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB42A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8612000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB4AF3000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8428000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8753000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xB4B21000 \SystemRoot\system32\drivers\drvnddm.sys
0xB86FC000 \SystemRoot\system32\dla\tfsndres.sys
0xB3F14000 \SystemRoot\system32\dla\tfsnifs.sys
0xB4042000 \SystemRoot\system32\dla\tfsnopio.sys
0xB862A000 \SystemRoot\system32\dla\tfsnpool.sys
0xB8438000 \SystemRoot\system32\dla\tfsnboio.sys
0xB6F78000 \SystemRoot\system32\dla\tfsncofs.sys
0xB874B000 \SystemRoot\system32\dla\tfsndrct.sys
0xB3E33000 \SystemRoot\system32\dla\tfsnudf.sys
0xB3E1A000 \SystemRoot\system32\dla\tfsnudfa.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3F46000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB3FE2000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xB3F42000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3865000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3A12000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3822000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xB33AA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3111000 \SystemRoot\System32\Drivers\HTTP.sys
0xB30ED000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB3192000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB2F2E000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 60):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
688 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
968 C:\WINDOWS\system32\nvsvc32.exe
1024 C:\WINDOWS\system32\ati2evxx.exe
1044 C:\WINDOWS\system32\svchost.exe
1116 svchost.exe
1284 C:\WINDOWS\system32\svchost.exe
1308 C:\WINDOWS\system32\ati2evxx.exe
1320 svchost.exe
1332 C:\Program Files\AVG\AVG9\avgchsvx.exe
1384 C:\Program Files\AVG\AVG9\avgrsx.exe
1480 svchost.exe
1588 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1596 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1800 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
532 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
624 C:\WINDOWS\system32\spoolsv.exe
1528 C:\WINDOWS\explorer.exe
136 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
164 C:\Program Files\Analog Devices\Core\smax4pnp.exe
172 C:\WINDOWS\system32\dla\tfswctrl.exe
240 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
408 C:\PROGRA~1\SYMANT~1\VPTray.exe
1760 C:\Program Files\Google\Google Talk\googletalk.exe
1100 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
2252 C:\Program Files\Citrix\ICA Client\concentr.exe
2348 C:\Program Files\iTunes\iTunesHelper.exe
2244 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2692 C:\Program Files\Windows Media Player\wmpnscfg.exe
4008 svchost.exe
320 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
1976 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
2020 alg.exe
2248 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3440 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1340 C:\Program Files\Symantec AntiVirus\DoScan.exe
2688 C:\Program Files\Bonjour\mDNSResponder.exe
2908 C:\Program Files\Symantec AntiVirus\DefWatch.exe
3908 C:\WINDOWS\system32\svchost.exe
3360 C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
392 C:\Program Files\AVG\AVG9\avgnsx.exe
1356 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2600 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
3080 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3168 wmpnetwk.exe
3308 C:\WINDOWS\system32\searchindexer.exe
3460 C:\Program Files\Linksys\WUSB54GSC\WLService.exe
3484 C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
3692 C:\WINDOWS\system32\wuauclt.exe
2076 wmiprvse.exe
2096 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2488 C:\WINDOWS\system32\searchprotocolhost.exe
2496 C:\Program Files\iPod\bin\iPodService.exe
3512 searchfilterhost.exe
3260 C:\Documents and Settings\travel\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST3160828AS, Rev: 8.04
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BBF289AC40BA09F2CC1797655D4799D2AB148CB5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
-
August 17th, 2010, 06:42 PM
#11
Our fix didn't work, so we have to try another solution...
Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.
You should get a black screen with a C:\> prompt. Type with an Enter after each line:
fixmbr
(If it asks you if you are sure then say "Y".)
exit
Reboot computer.
Post fresh MBRCheck log.
-
August 17th, 2010, 06:55 PM
#12
I get the feeling it worked this time. MBRCheck didn't tell me that I had a nonstandard master boot record this time. Here's the new log:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d
Kernel Drivers (total 200):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB85AC000 aliide.sys
0xB85AE000 cmdide.sys
0xB85B0000 toside.sys
0xB85B2000 viaide.sys
0xB85B4000 intelide.sys
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85B6000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB84BC000 cpqarray.sys
0xB7F0B000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB7E43000 iaStor.sys
0xB7E2B000 atapi.sys
0xB84C0000 aha154x.sys
0xB8338000 sparrow.sys
0xB84C4000 symc810.sys
0xB80D8000 aic78xx.sys
0xB84C8000 dac960nt.sys
0xB80E8000 ql10wnt.sys
0xB84CC000 amsint.sys
0xB8340000 asc.sys
0xB84D0000 asc3550.sys
0xB8348000 mraid35x.sys
0xB8350000 i2omp.sys
0xB84D4000 ini910u.sys
0xB80F8000 ql1240.sys
0xB8108000 aic78u2.sys
0xB8358000 symc8xx.sys
0xB8360000 sym_hi.sys
0xB8368000 sym_u3.sys
0xB8370000 ABP480N5.SYS
0xB8378000 asc3350p.sys
0xB85B8000 cd20xrnt.sys
0xB8118000 ultra.sys
0xB7E12000 adpu160m.sys
0xB8380000 dpti2o.sys
0xB8128000 ql1080.sys
0xB8138000 ql12160.sys
0xB8148000 ql1280.sys
0xB8388000 perc2.sys
0xB85BA000 perc2hib.sys
0xB8390000 hpn.sys
0xB84D8000 cbidf2k.sys
0xB7DE6000 dac2w2k.sys
0xB7DCD000 symmpi.sys
0xB7D93000 a320raid.sys
0xB8158000 disk.sys
0xB8168000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7D73000 fltmgr.sys
0xB7D61000 sr.sys
0xB7D4C000 drvmcdb.sys
0xB8398000 PxHelp20.sys
0xB7D35000 KSecDD.sys
0xB7CA8000 Ntfs.sys
0xB7C7B000 NDIS.sys
0xB8178000 viaagp.sys
0xB8188000 sisagp.sys
0xB7C61000 Mup.sys
0xB8198000 alim1541.sys
0xB81A8000 amdagp.sys
0xB81B8000 agp440.sys
0xB81C8000 agpCPQ.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB73DD000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB73C9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB739E000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB8438000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB737A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8440000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7346000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB7323000 \SystemRoot\system32\DRIVERS\ks.sys
0xB7224000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB717D000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB8448000 \SystemRoot\System32\Drivers\Modem.SYS
0xB713D000 \SystemRoot\system32\drivers\smwdm.sys
0xB7119000 \SystemRoot\system32\drivers\portcls.sys
0xB82C8000 \SystemRoot\system32\drivers\drmk.sys
0xB7066000 \SystemRoot\system32\drivers\senfilt.sys
0xB8450000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB7052000 \SystemRoot\system32\DRIVERS\parport.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8574000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB85DC000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8308000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8458000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB86BD000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB85DE000 \SystemRoot\System32\Drivers\RootMdm.sys
0xB8318000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB857C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB703B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB7BD0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB7BC0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8460000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB702A000 \SystemRoot\system32\DRIVERS\psched.sys
0xB7BB0000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8468000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8470000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8478000 \SystemRoot\system32\DRIVERS\pctnullport.sys
0xB8480000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB6F1C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB7B70000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8490000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8498000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6E2C000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C3D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB6DF8000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0xB81E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8208000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85EE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB7BE4000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xB84B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB8570000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB476B000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xB4749000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB4735000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xB6F68000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB83A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB6F64000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB6F5C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB85F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87B1000 \SystemRoot\System32\Drivers\Null.SYS
0xB85FC000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83E0000 \SystemRoot\system32\drivers\ssrtln.sys
0xB83E8000 \SystemRoot\System32\drivers\vga.sys
0xB8604000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8606000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83F0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83F8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6F4C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB457A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB4521000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4509000 \??\C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS
0xB44E3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB6FEA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB44AA000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB4470000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB4448000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB4426000 \SystemRoot\System32\drivers\afd.sys
0xB6FDA000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB43C4000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xB4399000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB4329000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB6FBA000 \SystemRoot\System32\Drivers\Fips.SYS
0xB42CB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB42AE000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB429A000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0xB8418000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB4266000 \SystemRoot\System32\Drivers\avgldx86.sys
0xB6F8A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB424E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8622000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB4C1A000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8420000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86EC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xB8258000 \SystemRoot\system32\drivers\drvnddm.sys
0xB872E000 \SystemRoot\system32\dla\tfsndres.sys
0xB27F8000 \SystemRoot\system32\dla\tfsnifs.sys
0xB45C5000 \SystemRoot\system32\dla\tfsnopio.sys
0xB8662000 \SystemRoot\system32\dla\tfsnpool.sys
0xB6EAA000 \SystemRoot\system32\dla\tfsnboio.sys
0xB4BB3000 \SystemRoot\system32\dla\tfsncofs.sys
0xB8777000 \SystemRoot\system32\dla\tfsndrct.sys
0xB2717000 \SystemRoot\system32\dla\tfsnudf.sys
0xB26FE000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB2822000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB28B6000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB281E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2171000 \SystemRoot\system32\drivers\wdmaud.sys
0xB232E000 \SystemRoot\system32\drivers\sysaudio.sys
0xB1EE3000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xB1C66000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB1A1D000 \SystemRoot\System32\Drivers\HTTP.sys
0xB19A9000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB1A66000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB1812000 \SystemRoot\system32\DRIVERS\srv.sys
0xB04D6000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100813.009\navex15.sys
0xB04C2000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100813.009\naveng.sys
0xB06FA000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xB0307000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 60):
0 System Idle Process
4 System
644 C:\WINDOWS\system32\smss.exe
692 csrss.exe
716 C:\WINDOWS\system32\winlogon.exe
760 C:\WINDOWS\system32\services.exe
772 C:\WINDOWS\system32\lsass.exe
976 C:\WINDOWS\system32\nvsvc32.exe
1032 C:\WINDOWS\system32\ati2evxx.exe
1052 C:\WINDOWS\system32\svchost.exe
1124 svchost.exe
1248 C:\WINDOWS\system32\svchost.exe
1312 C:\WINDOWS\system32\ati2evxx.exe
1320 C:\Program Files\AVG\AVG9\avgchsvx.exe
1328 C:\Program Files\AVG\AVG9\avgrsx.exe
1412 svchost.exe
1460 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1696 svchost.exe
1812 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1852 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
536 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
584 C:\WINDOWS\system32\spoolsv.exe
1600 C:\WINDOWS\explorer.exe
2032 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
2044 C:\Program Files\Analog Devices\Core\smax4pnp.exe
132 C:\WINDOWS\system32\dla\tfswctrl.exe
136 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
156 C:\PROGRA~1\SYMANT~1\VPTray.exe
196 C:\WINDOWS\system32\rundll32.exe
1220 C:\Program Files\Google\Google Talk\googletalk.exe
4020 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
2080 C:\Program Files\Citrix\ICA Client\concentr.exe
2184 C:\Program Files\iTunes\iTunesHelper.exe
3720 svchost.exe
3792 C:\PROGRA~1\AVG\AVG9\avgtray.exe
400 C:\Program Files\Windows Media Player\wmpnscfg.exe
296 C:\WINDOWS\system32\ctfmon.exe
1984 alg.exe
2328 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2440 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
2984 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
2980 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2120 C:\Program Files\Bonjour\mDNSResponder.exe
2700 C:\Program Files\Symantec AntiVirus\DefWatch.exe
3396 C:\WINDOWS\system32\svchost.exe
3620 C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
3768 C:\Program Files\AVG\AVG9\avgnsx.exe
3876 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1980 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2468 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2596 wmpnetwk.exe
2748 C:\WINDOWS\system32\searchindexer.exe
3072 C:\Program Files\Linksys\WUSB54GSC\WLService.exe
3108 C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
3208 C:\WINDOWS\system32\wuauclt.exe
4064 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1180 C:\Program Files\iPod\bin\iPodService.exe
1964 wmiprvse.exe
4404 C:\WINDOWS\system32\wscntfy.exe
4484 C:\Documents and Settings\travel\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST3160828AS, Rev: 8.04
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
-
August 17th, 2010, 07:02 PM
#13
Very good 
Please, re-run Combofix and post fresh log.
-
August 17th, 2010, 08:10 PM
#14
I think it's still infected. AVG Antivirus had flagged two more files as infected before I did this combofix again. I did disable AVG Antivirus and Norton Antivirus before rerunning combofix though. Here's the new Combofix log:
ComboFix 10-08-17.02 - travel 08/17/2010 16:59:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1255 [GMT -7:00]
Running from: c:\documents and settings\travel\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.
2010-08-17 21:09 . 2010-08-17 21:09 -------- d-----w- c:\documents and settings\travel\Application Data\Sonic
2010-08-17 01:29 . 2010-08-17 01:29 -------- d-----w- c:\documents and settings\travel\Application Data\Malwarebytes
2010-08-17 01:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 01:28 . 2010-08-17 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-17 01:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 01:28 . 2010-08-17 01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 20:06 . 2010-08-16 20:08 -------- d-----w- c:\documents and settings\travel\Application Data\vlc
2010-08-16 20:05 . 2010-08-16 20:05 -------- d-----w- c:\program files\VideoLAN
2010-08-14 02:02 . 2010-08-14 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2010-08-14 00:39 . 2010-08-14 00:39 -------- d-----w- C:\$AVG
2010-08-14 00:35 . 2010-08-14 00:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-14 00:35 . 2010-08-14 00:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-14 00:34 . 2010-08-14 00:34 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-14 00:34 . 2010-08-14 00:34 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-14 00:34 . 2010-08-17 16:24 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-14 00:31 . 2010-08-14 00:31 -------- d-----w- c:\program files\AVG
2010-08-14 00:31 . 2010-08-14 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-10 01:21 . 2010-08-11 07:26 -------- d-----w- c:\documents and settings\travel\Local Settings\Application Data\Temp
2010-08-10 01:21 . 2010-08-10 01:21 -------- d-----w- c:\documents and settings\travel\Local Settings\Application Data\Deployment
2010-08-06 13:33 . 2010-08-06 13:33 -------- d-----w- c:\program files\iPod
2010-08-06 13:33 . 2010-08-06 13:34 -------- d-----w- c:\program files\iTunes
2010-08-06 13:33 . 2010-08-06 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-06 13:29 . 2010-08-06 13:30 -------- d-----w- c:\program files\QuickTime
2010-08-06 13:26 . 2010-08-06 13:26 -------- d-----w- c:\program files\Bonjour
2010-08-06 13:16 . 2010-08-06 13:16 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-23 20:13 . 2010-07-23 20:13 292704 ----a-w- c:\documents and settings\travel\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 23:57 . 2009-08-03 20:04 -------- d-----w- c:\program files\Symantec AntiVirus
2010-08-11 10:11 . 2008-10-07 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-06 13:33 . 2009-12-11 14:44 -------- d-----w- c:\program files\Common Files\Apple
2010-07-31 02:37 . 2009-12-11 14:47 -------- d-----w- c:\documents and settings\travel\Application Data\Apple Computer
2010-07-23 21:14 . 2009-08-24 22:45 -------- d-----w- c:\documents and settings\travel\Application Data\Juniper Networks
2010-07-06 21:01 . 2010-07-06 21:01 230408 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-06 21:00 . 2010-07-06 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-02-17 20:19 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-24 13:47 . 2009-08-24 22:45 37464 ----a-w- c:\documents and settings\travel\Application Data\Juniper Networks\Setup\uninstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-30 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-08-04 18968]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-14 2065760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBallonTip"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-14 00:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\AMInit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 14:04 53248 -c--a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-10 01:21 136176 ----atw- c:\documents and settings\travel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2/4/2009 4:46 PM 218112]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/13/2010 5:34 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/13/2010 5:35 PM 243024]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [4/8/2010 1:44 PM 85288]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8/13/2010 5:33 PM 308136]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [5/14/2009 8:01 AM 4440064]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [9/21/2009 5:56 PM 53307]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/11/2010 8:02 PM 102448]
S2 QTUpdate;Quicktime update;c:\program files\csrss.exe --> c:\program files\csrss.exe [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/6/2007 2:24 PM 116928]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GTNDIS5
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708106416-1552605257-2064745200-1004Core.job
- c:\documents and settings\travel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-10 01:21]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708106416-1552605257-2064745200-1004UA.job
- c:\documents and settings\travel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-10 01:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ils-live
Trusted Zone: ilsat
Trusted Zone: ilsatweb
Trusted Zone: ilsbeta
Trusted Zone: ilsdev
Trusted Zone: ilsnet
Trusted Zone: ilsssc
Trusted Zone: l-3com.com\*.csw
Trusted Zone: l-3com.com\ils-live.csw
Trusted Zone: l-3com.com\ilsat.csw
Trusted Zone: l-3com.com\ilsatweb.csw
Trusted Zone: l-3com.com\ilsbeta.csw
Trusted Zone: l-3com.com\ilsdev.csw
Trusted Zone: l-3com.com\ilsnet.csw
Trusted Zone: l-3com.com\ilsssc.csw
Trusted Zone: l-3com.com\portal.csw
Trusted Zone: l-3com.com\remoteaccess.csw
Trusted Zone: l-3com.com\slcsg01.CSW
Trusted Zone: l-3com.com\slcsg02.CSW
Trusted Zone: l-3com.com\slcsg03.CSW
Trusted Zone: l-3com.com\slcsg04.CSW
Trusted Zone: l-3com.com\slcsg05.CSW
Trusted Zone: l-3com.com\slcsg06.CSW
Trusted Zone: l-3com.com\slcsg07.CSW
Trusted Zone: l-3com.com\slcsg08.CSW
Trusted Zone: l-3com.com\slcsg09.CSW
Trusted Zone: l-3com.com\slcsg10.CSW
Trusted Zone: l-3com.com\slnt12.csw
Trusted Zone: l-3com.com\slsql08.csw
Trusted Zone: l-3com.com\taw.csw
Trusted Zone: l-3com.com\work.csw
Trusted Zone: slnt12
Trusted Zone: slsql08
Trusted Zone: taw
Trusted Zone: web
Trusted Zone: work
Trusted Zone: ils-live
Trusted Zone: ilsat
Trusted Zone: ilsatweb
Trusted Zone: ilsbeta
Trusted Zone: ilsdev
Trusted Zone: ilsnet
Trusted Zone: ilsssc
Trusted Zone: l-3com.com\*.csw
Trusted Zone: l-3com.com\ils-live.csw
Trusted Zone: l-3com.com\ilsat.csw
Trusted Zone: l-3com.com\ilsatweb.csw
Trusted Zone: l-3com.com\ilsbeta.csw
Trusted Zone: l-3com.com\ilsdev.csw
Trusted Zone: l-3com.com\ilsnet.csw
Trusted Zone: l-3com.com\ilsssc.csw
Trusted Zone: l-3com.com\slcsg01.CSW
Trusted Zone: l-3com.com\slcsg02.CSW
Trusted Zone: l-3com.com\slcsg03.CSW
Trusted Zone: l-3com.com\slcsg04.CSW
Trusted Zone: l-3com.com\slcsg05.CSW
Trusted Zone: l-3com.com\slcsg06.CSW
Trusted Zone: l-3com.com\slcsg07.CSW
Trusted Zone: l-3com.com\slcsg08.CSW
Trusted Zone: l-3com.com\slcsg09.CSW
Trusted Zone: l-3com.com\slnt12.csw
Trusted Zone: l-3com.com\slsql08.csw
Trusted Zone: l-3com.com\taw.csw
Trusted Zone: l-3com.com\work.csw
Trusted Zone: slnt12
Trusted Zone: slsql08
Trusted Zone: taw
Trusted Zone: web
Trusted Zone: work
DPF: {20641312-84DA-11D4-93BD-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/Launch.cab
DPF: {229634BD-A350-11D5-93FE-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/Barcode.cab
DPF: {22ACD16F-99EB-11D2-9BB3-00400561D975} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/pvcombo.cab
DPF: {8F55FA20-10DA-44C7-B675-CE2A290DE3B2} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/ILSTree.cab
DPF: {B5805B24-2D86-11D0-ADA6-00400520799C} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/pvdtcal.cab
DPF: {B754EA80-0AC4-48AF-8CBF-12CD438ECC92} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/ILSGrid.cab
DPF: {CD666348-C8D4-11D5-9403-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/ILSTree2.cab
DPF: {D4C8F0A1-6949-496A-8FD9-975C68842F02} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/richtext.CAB
DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/pvdt80.cab
DPF: {EEA054ED-AAC4-11D4-93C9-00105AABE9D7} - hxxp://ilsat.csw.l-3com.com/ilsat/Downloads/CreateClientDSN.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remoteaccess.csw.l-3com.com/dana-cached/sc/JuniperSetupClient.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 17:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\AMInit.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\AMInit.dll
- - - - - - - > 'explorer.exe'(5796)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-17 17:05:32
ComboFix-quarantined-files.txt 2010-08-18 00:05
ComboFix2.txt 2010-08-17 22:24
Pre-Run: 137,780,645,888 bytes free
Post-Run: 137,763,078,144 bytes free
- - End Of File - - 588F8952E8574C784FE89336C3CEE5F3
-
August 17th, 2010, 08:17 PM
#15
I did disable AVG Antivirus and Norton Antivirus before rerunning combofix though.
When you run to antivirus together like that, you are looking for big time trouble.
I strongly suggest getting rid of Nortons so download the Norton Removal Tool and use it.
http://www.symantec.com/norton/suppo...080710133834EN
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
