Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

win32:sirefef-sm[trj] & win32:rootkit-gen[rtk] [Closed]

Started by portboy123 , May 08 2012 09:16 AM

  • This topic is locked This topic is locked
134 replies to this topic

#61 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 13 May 2012 - 07:51 PM

hi jeff ran the scan waiting for your next reply. thanks SystemLook 30.07.11 by jpshortstuff Log created at 21:30 on 13/05/2012 by Frank Administrator - Elevation successful ========== filefind ========== Searching for "*netbt.sys" C:\Documents and Settings\Frank\desktop\netbt.sys --a---- 162816 bytes [01:42 13/05/2012] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 162816 bytes [19:31 26/10/2011] [12:00 28/02/2006] 0C80E410CD2F47134407EE7DD19CC86B C:\WINDOWS\ServicePackFiles\i386\netbt.sys ------- 162816 bytes [20:01 26/10/2011] [04:51 14/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D C:\WINDOWS\system32\dllcache\netbt.sys --a--c- 162816 bytes [16:03 13/05/2012] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [16:03 13/05/2012] [19:21 13/04/2008] 74B2B2F5BEA5E9A3DC021D685551BD3D -= EOF =-

Edited by portboy123, 14 May 2012 - 05:57 AM.

    Advertisements

Register to Remove

#62 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 May 2012 - 07:05 AM

Hi,

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Boot to Safe Mode

Disable your AntiVirus and AntiSpyware applications.

Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.
---------
Posted Image
 
 

#63 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 14 May 2012 - 07:59 AM

hi jeff when i right click run as administrator it then asked for a password i dont know it, but i am the administratoy under my user profile. and i cant turn off avast

Edited by portboy123, 14 May 2012 - 08:09 AM.

#64 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 May 2012 - 08:28 AM

Hi, Just double-click to run ComboFix and don't worry about Avast...I don't thing there will be a problem. :)
Posted Image
 
 

#65 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 14 May 2012 - 10:03 AM

hi jeff i found this in my c drive ? its in a folder called TDSS KILLER-quarantine inside the folder theres 4 folders named 09.04.2012-20.20.13 second one is 16.03.2012-13.57.59 third one is12.03.2012-12.06.03 4th one is 17.03.2012-01.09.04 i tryed to copy and paste but i couldnt i scaned them with malwarebytes and here is the mbam- log here is the first log Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.13.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Frank :: FRANK-SONY [administrator] 5/14/2012 11:50:11 AM mbam-log-2012-05-14 (11-50-11).txt Scan type: Custom scan Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Memory | Startup | Registry | Heuristics/Extra Objects scanned: 4 Time elapsed: 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) here is the 2nd. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.13.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Frank :: FRANK-SONY [administrator] 5/14/2012 11:52:01 AM mbam-log-2012-05-14 (11-52-01).txt Scan type: Custom scan Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Memory | Startup | Registry | Heuristics/Extra Objects scanned: 3 Time elapsed: 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) here is the 3rd. one Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.13.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Frank :: FRANK-SONY [administrator] 5/14/2012 11:54:11 AM mbam-log-2012-05-14 (11-54-11).txt Scan type: Custom scan Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Memory | Startup | Registry | Heuristics/Extra Objects scanned: 16 Time elapsed: 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) here is the 4th. one Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.13.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Frank :: FRANK-SONY [administrator] 5/14/2012 11:55:48 AM mbam-log-2012-05-14 (11-55-48).txt Scan type: Custom scan Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Memory | Startup | Registry | Heuristics/Extra Objects scanned: 5 Time elapsed: 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

#66 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 14 May 2012 - 10:05 AM

here is the new combo fix log ComboFix 12-05-14.02 - Frank 05/14/2012 10:52:12.7.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.382 [GMT -4:00]
Running from: c:\documents and settings\Frank\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\windows\system32\dllcache\netbt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 13:52 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\mynew.sys
2012-05-09 00:42 . 2012-05-09 00:42 -------- d-----w- c:\program files\ERUNT
2012-05-08 14:56 . 2012-05-08 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-05-08 14:56 . 2012-05-08 14:56 -------- d-----w- c:\documents and settings\Frank\Application Data\SpeedMaxPc
2012-05-08 02:06 . 2012-05-08 02:06 -------- d-----w- c:\documents and settings\Frank\Application Data\DriverCure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2006-02-28 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2006-02-28 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2010-04-09 00:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 15:17 . 2011-05-16 16:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-06 23:15 . 2011-01-08 17:30 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-01-08 17:30 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-04-16 04:20 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-01-08 17:30 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-01-08 17:30 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-01-08 17:30 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-01-08 17:30 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-01-08 17:30 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-01-08 17:30 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-01-08 17:30 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
c:\documents and settings\Frank\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0cleanMFT32 -c C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23 102400 ----a-w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
2006-02-13 09:00 131072 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iIWiper]
2005-09-11 17:24 258048 ----a-w- c:\program files\iISystem Wiper\SystemWiper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 18:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 18:19 323584 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-31 22:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2010-04-01 03:34 243000 ----a-w- c:\program files\Yahoo!\Search Protection\YspService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/16/2011 12:20 AM 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/8/2011 1:30 PM 337880]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/8/2011 1:30 PM 20696]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/8/2010 8:40 PM 654408]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 10:26 AM 450848]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;c:\windows\system32\Drivers\BULKUSB.sys --> c:\windows\system32\Drivers\BULKUSB.sys [?]
S3 CA500AV;CaptureView VGA;c:\windows\system32\DRIVERS\CA500AV.SYS --> c:\windows\system32\DRIVERS\CA500AV.SYS [?]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [7/10/2003 11:09 AM 96256]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2010 8:40 PM 22344]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 8:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
int15.sys
wwsecsvc
qserver
lpds
unrealircd
stac97
pgpdisk
point32
epson_pm_rpcv2_02
jconfigd
{95808dc4-fa4a-4c74-92fe-5b863f82066b}
retinaengine
appn
stllssvr
philcam8116_xp
k750mdfl
eaglent
elosystemservice
license
db2
pctavsvc
cxavxbar
carboncopyscheduler
mrvw245
oracleorahomeclientcache
clr_optimization_v2.0.50215_32
ami0nt
lkclassads
pctspk
swnc8u51
angel2
sqlagent$pinnaclesys
aslm75
pelmouse
trackcam4
ssrtln
ctsfm2k
wmhidlo
idrivert
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-23 01:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page =
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-ITBar7Position - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-14 11:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(216)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-05-14 11:21:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-14 15:21
ComboFix2.txt 2012-05-13 15:19
ComboFix3.txt 2012-05-13 01:32
ComboFix4.txt 2012-05-12 03:28
ComboFix5.txt 2012-05-14 14:39
.
Pre-Run: 16,017,780,736 bytes free
Post-Run: 16,020,115,456 bytes free
.
- - End Of File - - 0A8D6294BAAC45BFF4C855E9EB778A4F

#67 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 May 2012 - 10:16 AM

Hi, Yes the TDSSKiller folder you see is where the files that it quarantines are held. Did you still receive the message about Zero Access?
Posted Image
 
 

#68 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 14 May 2012 - 10:20 AM

yes i did it said you are infected with Rootkit.Zero Aaccess it has infected itself into the tcp/ip stack. then i got another message , thet read Rootkit is detected.

#69 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 May 2012 - 11:35 AM

Hi,

Download the following file here
Unzip it.
Then doubleclick the XPSP3_netsvcs & allow it to merge into the Registry.

Run a new scan with ComboFix and post the new log that is made. :)
Posted Image
 
 

#70 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 14 May 2012 - 11:44 AM

hi jeff should i run combofix in safe mode, and should i disconnect from my router before i run this?

    Advertisements

Register to Remove

#71 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 May 2012 - 11:55 AM

No if you can run it in Normal that would be best.
Posted Image
 
 

#72 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 14 May 2012 - 01:57 PM

hi jeff i ran combofix and i did get the warning of zero access and malware detected and when the computer rebooted my netbt was missing again heres the log ComboFix 12-05-14.03 - Frank 05/14/2012 14:52:55.8.1 - x86
Running from: c:\documents and settings\Frank\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\windows\system32\dllcache\netbt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 19:06 . 2008-04-13 19:21 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-05-09 00:42 . 2012-05-09 00:42 -------- d-----w- c:\program files\ERUNT
2012-05-08 14:56 . 2012-05-08 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-05-08 14:56 . 2012-05-08 14:56 -------- d-----w- c:\documents and settings\Frank\Application Data\SpeedMaxPc
2012-05-08 02:06 . 2012-05-08 02:06 -------- d-----w- c:\documents and settings\Frank\Application Data\DriverCure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2006-02-28 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2006-02-28 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2010-04-09 00:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 15:17 . 2011-05-16 16:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-06 23:15 . 2011-01-08 17:30 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-01-08 17:30 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-04-16 04:20 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-01-08 17:30 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-01-08 17:30 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-01-08 17:30 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-01-08 17:30 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-01-08 17:30 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-01-08 17:30 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-01-08 17:30 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-09-05 20:27 203776 --sha-w- c:\windows\system32\unrar.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-12_03.20.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-14 19:10 . 2012-05-14 19:10 16384 c:\windows\temp\usgthrsvc\Perflib_Perfdata_280.dat
+ 2012-05-12 13:22 . 2012-05-12 13:22 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2012-05-12 01:53 . 2012-05-12 01:53 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-05-12 13:24 . 2012-05-12 13:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-05-14 19:10 . 2009-10-07 06:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2012-04-06 03:13 . 2012-04-06 03:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2011-12-22 20:50 . 2011-12-22 20:50 256000 c:\windows\Installer\219a5bc.msp
+ 2012-05-14 10:49 . 2012-05-14 10:49 180224 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000002\UsrClass.dat
+ 2012-05-14 10:49 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-14-2012\ERDNT.EXE
+ 2012-05-13 14:16 . 2012-05-13 14:16 180224 c:\windows\ERDNT\AutoBackup\5-13-2012\Users\00000002\UsrClass.dat
+ 2012-05-13 14:16 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-13-2012\ERDNT.EXE
+ 2012-05-12 13:30 . 2012-05-12 13:30 180224 c:\windows\ERDNT\AutoBackup\5-12-2012\Users\00000002\UsrClass.dat
+ 2012-05-12 13:30 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-12-2012\ERDNT.EXE
+ 2012-05-12 13:23 . 2012-05-12 13:23 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
- 2009-04-15 13:48 . 2009-04-15 13:48 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-12 13:17 . 2012-05-12 13:17 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-11 19:57 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2012-04-05 02:38 . 2012-04-05 02:38 2831360 c:\windows\Installer\219a5cb.msp
+ 2011-08-17 13:49 . 2011-08-17 13:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2012-05-14 10:49 . 2012-05-14 10:49 8355840 c:\windows\ERDNT\AutoBackup\5-14-2012\Users\00000001\ntuser.dat
+ 2012-05-13 14:16 . 2012-05-13 14:16 8318976 c:\windows\ERDNT\AutoBackup\5-13-2012\Users\00000001\ntuser.dat
+ 2012-05-12 13:30 . 2012-05-12 13:30 8318976 c:\windows\ERDNT\AutoBackup\5-12-2012\Users\00000001\ntuser.dat
+ 2007-08-29 17:57 . 2012-05-12 13:12 55656824 c:\windows\system32\MRT.exe
+ 2012-04-06 06:12 . 2012-04-06 06:12 15709696 c:\windows\Installer\219a5c3.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
c:\documents and settings\Frank\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0cleanMFT32 -c C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23 102400 ----a-w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
2006-02-13 09:00 131072 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iIWiper]
2005-09-11 17:24 258048 ----a-w- c:\program files\iISystem Wiper\SystemWiper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 18:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 18:19 323584 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-31 22:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2010-04-01 03:34 243000 ----a-w- c:\program files\Yahoo!\Search Protection\YspService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/16/2011 12:20 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/8/2011 1:30 PM 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/8/2011 1:30 PM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/8/2010 8:40 PM 654408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 10:26 AM 450848]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2010 8:40 PM 22344]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;c:\windows\system32\Drivers\BULKUSB.sys --> c:\windows\system32\Drivers\BULKUSB.sys [?]
S3 CA500AV;CaptureView VGA;c:\windows\system32\DRIVERS\CA500AV.SYS --> c:\windows\system32\DRIVERS\CA500AV.SYS [?]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [7/10/2003 11:09 AM 96256]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 8:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-23 01:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page =
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-ITBar7Position - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-14 15:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1424)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-05-14 15:18:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-14 19:18
ComboFix2.txt 2012-05-14 15:21
ComboFix3.txt 2012-05-13 15:19
ComboFix4.txt 2012-05-13 01:32
ComboFix5.txt 2012-05-14 18:23
.
Pre-Run: 15,458,156,544 bytes free
Post-Run: 15,448,125,440 bytes free
.
- - End Of File - - 013E5FCCBCAC57FE468325363B112C53

#73 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 May 2012 - 02:23 PM

Hi,
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    ClearJavaCache::

Driver::
int15.sys
wwsecsvc
qserver
lpds
unrealircd
stac97
pgpdisk
point32
epson_pm_rpcv2_02
jconfigd
{95808dc4-fa4a-4c74-92fe-5b863f82066b}
retinaengine
appn
stllssvr
philcam8116_xp
k750mdfl
eaglent
elosystemservice
license
db2
pctavsvc
cxavxbar
carboncopyscheduler
mrvw245
oracleorahomeclientcache
clr_optimization_v2.0.50215_32
ami0nt
lkclassads
pctspk
swnc8u51
angel2
sqlagent$pinnaclesys
aslm75
pelmouse
trackcam4
ssrtln
ctsfm2k
wmhidlo
idrivert
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
Posted Image
 
 

#74 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 14 May 2012 - 02:30 PM

what is script blocking ? and how do i turn it off? and should i turn off my firewall?

Edited by portboy123, 14 May 2012 - 02:58 PM.

#75 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 14 May 2012 - 03:03 PM

It is just referring to your antivirus and firewall. :)
Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·