WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Unknown malware, etc.

2 posters

descriptionUnknown malware, etc. - Page 1 EmptyRe: Unknown malware, etc.17th July 2011, 5:19 pm

more_horiz
I posted, but was waiting for a response.....Any thoughts?

descriptionUnknown malware, etc. - Page 1 EmptyRe: Unknown malware, etc.17th July 2011, 10:39 pm

more_horiz
Just waiting for the Combofix log.

............................................................................................

descriptionUnknown malware, etc. - Page 1 EmptyRe: Unknown malware, etc.17th July 2011, 11:03 pm

more_horiz
Sorry, I thought that I had posted that....

Here it is:
ComboFix 11-07-13.03 - Owner 07/13/2011 15:29:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.316 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\ComboFix-2.exe
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\program files\2\autorun.inf
c:\program files\2\Bin\data\designtracker\Eula\AdskLicense.ini
c:\program files\2\Bin\data\designtracker\Eula\All Other Countries.rtf
c:\program files\2\Bin\data\designtracker\Eula\Americas All Other.rtf
c:\program files\2\Bin\data\designtracker\Eula\APac English.rtf
c:\program files\2\Bin\data\designtracker\Eula\Belgie.rtf
c:\program files\2\Bin\data\designtracker\Eula\Belgique.rtf
c:\program files\2\Bin\data\designtracker\Eula\Ceska Republika.rtf
c:\program files\2\Bin\data\designtracker\Eula\Danmark.rtf
c:\program files\2\Bin\data\designtracker\Eula\Deutschland.rtf
c:\program files\2\Bin\data\designtracker\Eula\Espana.rtf
c:\program files\2\Bin\data\designtracker\Eula\France.rtf
c:\program files\2\Bin\data\designtracker\Eula\Greece.rtf
c:\program files\2\Bin\data\designtracker\Eula\Ireland.rtf
c:\program files\2\Bin\data\designtracker\Eula\Italia.rtf
c:\program files\2\Bin\data\designtracker\Eula\Japanese.rtf
c:\program files\2\Bin\data\designtracker\Eula\Korean.rtf
c:\program files\2\Bin\data\designtracker\Eula\LA Brazil.rtf
c:\program files\2\Bin\data\designtracker\Eula\LA Spanish.rtf
c:\program files\2\Bin\data\designtracker\Eula\Luxembourg-Luxemburg.rtf
c:\program files\2\Bin\data\designtracker\Eula\Magyar.rtf
c:\program files\2\Bin\data\designtracker\Eula\Nederland.rtf
c:\program files\2\Bin\data\designtracker\Eula\Norge.rtf
c:\program files\2\Bin\data\designtracker\Eula\Oesterreich.rtf
c:\program files\2\Bin\data\designtracker\Eula\Polska.rtf
c:\program files\2\Bin\data\designtracker\Eula\Portugal.rtf
c:\program files\2\Bin\data\designtracker\Eula\Russia.rtf
c:\program files\2\Bin\data\designtracker\Eula\Schweiz.rtf
c:\program files\2\Bin\data\designtracker\Eula\Simplified Chinese.rtf
c:\program files\2\Bin\data\designtracker\Eula\Slovenska Republika.rtf
c:\program files\2\Bin\data\designtracker\Eula\Suisse.rtf
c:\program files\2\Bin\data\designtracker\Eula\Suomi.rtf
c:\program files\2\Bin\data\designtracker\Eula\Sverige.rtf
c:\program files\2\Bin\data\designtracker\Eula\Traditional Chinese.rtf
c:\program files\2\Bin\data\designtracker\Eula\Turkiye.rtf
c:\program files\2\Bin\data\designtracker\Eula\United Kingdom.rtf
c:\program files\2\Bin\data\designtracker\Eula\US Canada.rtf
c:\program files\2\Bin\data\designtracker\InventorView.msi
c:\program files\2\Bin\data\designtracker\m1.cab
c:\program files\2\Bin\data\designtracker\m10.cab
c:\program files\2\Bin\data\designtracker\m11.cab
c:\program files\2\Bin\data\designtracker\m12.cab
c:\program files\2\Bin\data\designtracker\m13.cab
c:\program files\2\Bin\data\designtracker\m14.cab
c:\program files\2\Bin\data\designtracker\m15.cab
c:\program files\2\Bin\data\designtracker\m16.cab
c:\program files\2\Bin\data\designtracker\m17.cab
c:\program files\2\Bin\data\designtracker\m18.cab
c:\program files\2\Bin\data\designtracker\m19.cab
c:\program files\2\Bin\data\designtracker\m2.cab
c:\program files\2\Bin\data\designtracker\m20.cab
c:\program files\2\Bin\data\designtracker\m21.cab
c:\program files\2\Bin\data\designtracker\m22.cab
c:\program files\2\Bin\data\designtracker\m23.cab
c:\program files\2\Bin\data\designtracker\m24.cab
c:\program files\2\Bin\data\designtracker\m3.cab
c:\program files\2\Bin\data\designtracker\m4.cab
c:\program files\2\Bin\data\designtracker\m5.cab
c:\program files\2\Bin\data\designtracker\m6.cab
c:\program files\2\Bin\data\designtracker\m7.cab
c:\program files\2\Bin\data\designtracker\m8.cab
c:\program files\2\Bin\data\designtracker\m9.cab
c:\program files\2\Bin\data\designtracker\Msi\NT\instmsi.exe
c:\program files\2\Bin\data\designtracker\Msi\WindowsInstaller-KB884016-v2-x86.exe
c:\program files\2\Bin\data\designtracker\setup.exe
c:\program files\2\Bin\data\designtracker\setup.ini
c:\program files\2\Bin\data\directx\BDA.cab
c:\program files\2\Bin\data\directx\BDANT.cab
c:\program files\2\Bin\data\directx\BDAXP.cab
c:\program files\2\Bin\data\directx\DirectX.cab
c:\program files\2\Bin\data\directx\directx_9c_redist.exe
c:\program files\2\Bin\data\directx\DSETUP.dll
c:\program files\2\Bin\data\directx\dsetup32.dll
c:\program files\2\Bin\data\directx\dxnt.cab
c:\program files\2\Bin\data\directx\ManagedDX.CAB
c:\program files\2\Bin\data\mastercamx\0x0409.ini
c:\program files\2\Bin\data\mastercamx\Apps.cab
c:\program files\2\Bin\data\mastercamx\Autorun.inf
c:\program files\2\Bin\data\mastercamx\CD_Com~1.cab
c:\program files\2\Bin\data\mastercamx\Chooks.cab
c:\program files\2\Bin\data\mastercamx\Config.cab
c:\program files\2\Bin\data\mastercamx\Contro~1.cab
c:\program files\2\Bin\data\mastercamx\CoreFi~1.cab
c:\program files\2\Bin\data\mastercamx\Design~1.cab
c:\program files\2\Bin\data\mastercamx\Design~2.cab
c:\program files\2\Bin\data\mastercamx\Docume~1.cab
c:\program files\2\Bin\data\mastercamx\Engrave.cab
c:\program files\2\Bin\data\mastercamx\FileCo~1.cab
c:\program files\2\Bin\data\mastercamx\Fonts.cab
c:\program files\2\Bin\data\mastercamx\FZT.cab
c:\program files\2\Bin\data\mastercamx\GetXVe~1.cab
c:\program files\2\Bin\data\mastercamx\HaspPr~1.cab
c:\program files\2\Bin\data\mastercamx\Help.cab
c:\program files\2\Bin\data\mastercamx\InchFi~1.cab
c:\program files\2\Bin\data\mastercamx\instmsia.exe
c:\program files\2\Bin\data\mastercamx\instmsiw.exe
c:\program files\2\Bin\data\mastercamx\ISScript11.Msi
c:\program files\2\Bin\data\mastercamx\LatheI~1.cab
c:\program files\2\Bin\data\mastercamx\LatheM~1.cab
c:\program files\2\Bin\data\mastercamx\Master~1.cab
c:\program files\2\Bin\data\mastercamx\Master~2.cab
c:\program files\2\Bin\data\mastercamx\Mastercam X.msi
c:\program files\2\Bin\data\mastercamx\MCEd.cab
c:\program files\2\Bin\data\mastercamx\Metric~1.cab
c:\program files\2\Bin\data\mastercamx\MillIn~1.cab
c:\program files\2\Bin\data\mastercamx\MillMe~1.cab
c:\program files\2\Bin\data\mastercamx\Pfe.cab
c:\program files\2\Bin\data\mastercamx\PRM.cab
c:\program files\2\Bin\data\mastercamx\Resour~1.cab
c:\program files\2\Bin\data\mastercamx\Router~1.cab
c:\program files\2\Bin\data\mastercamx\Router~2.cab
c:\program files\2\Bin\data\mastercamx\Sample~1.cab
c:\program files\2\Bin\data\mastercamx\setup.exe
c:\program files\2\Bin\data\mastercamx\Setup.ini
c:\program files\2\Bin\data\mastercamx\setup.isn
c:\program files\2\Bin\data\mastercamx\System~1.cab
c:\program files\2\Bin\data\mastercamx\update~1.cab
c:\program files\2\Bin\data\mastercamx\WinRoot\mcamx\documentation\Introducing Mastercam X.avi
c:\program files\2\Bin\data\mastercamx\Zip2Go.cab
c:\program files\2\Bin\data\netframework\dotnetfx.exe
c:\program files\2\Bin\data\nethaspmonitor\readme.txt
c:\program files\2\Bin\data\nethaspserver\lmsetup.exe
c:\program files\2\Bin\data\nethaspserver\nhsrv.ini
c:\program files\2\Bin\data\nethaspserver\readme.txt
c:\program files\2\Bin\demo32.exe
c:\program files\2\Bin\demo32.exe.manifest
c:\program files\2\Bin\ensharpendecoder_win.exe
c:\program files\2\Bin\Mastercamx.dbd
c:\program files\2\Bin\Tscc.exe
c:\program files\2\Crack\install.txt
c:\program files\2\setup.exe
c:\program files\2\setup.exe.manifest
c:\program files\2\setup.ini
c:\windows\system32\Thumbs.db
c:\windows\Update.bat
c:\documents and settings\Default User\WINDOWS . . . . Failed to delete
c:\documents and settings\LogMeInRemoteUser\WINDOWS . . . . Failed to delete
c:\documents and settings\Owner\WINDOWS . . . . Failed to delete
c:\program files\2 . . . . Failed to delete
c:\windows\system32\config\systemprofile\WINDOWS . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-09 16:48 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-09 16:48 . 2011-07-09 17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-09 16:48 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 16:01 . 2011-03-26 01:03 15592 ----a-w- c:\windows\system32\roboot.exe
2011-06-29 17:15 . 2011-06-29 17:18 -------- dc-h--w- c:\windows\ie8
2011-06-24 23:20 . 2011-06-24 23:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-06-24 23:20 . 2011-06-24 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-24 19:36 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-24 19:33 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-06-24 19:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-24 19:33 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-24 19:32 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-24 19:28 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-06-24 16:49 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-06-24 16:49 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-06-24 16:49 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-06-24 16:49 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-06-24 16:49 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-06-21 03:46 . 2011-07-13 23:28 -------- d-----w- c:\documents and settings\LogMeInRemoteUser
2011-06-18 22:52 . 2011-06-18 22:52 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn
2011-06-18 22:51 . 2011-06-08 20:05 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-06-18 22:51 . 2011-06-08 20:05 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-06-18 22:51 . 2011-06-08 20:05 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-06-18 22:51 . 2011-01-12 02:04 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-06-18 22:51 . 2011-01-12 02:04 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2011-06-18 22:50 . 2011-06-08 20:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-18 22:49 . 2011-07-13 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2011-06-18 22:48 . 2011-06-21 03:24 -------- d-----w- c:\program files\LogMeIn
2011-06-18 00:23 . 2011-06-18 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spotmau
2011-06-18 00:22 . 2011-06-18 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\pc health check
2011-06-18 00:22 . 2011-06-18 00:22 -------- d-----w- c:\documents and settings\Owner\Application Data\spotmau
2011-06-18 00:22 . 2011-07-09 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp360
2011-06-18 00:22 . 2011-07-07 16:35 -------- d-----w- c:\program files\TuneUp360
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 18:19 . 2006-06-21 09:45 23552 ----a-w- c:\windows\system32\drivers\abp480n5.sys
2011-06-13 01:03 . 2011-06-13 01:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2006-06-17 09:23 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2006-06-17 09:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-06-17 09:23 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-06-17 09:23 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-06-17 09:23 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2006-06-17 09:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2006-06-17 09:23 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2006-06-17 09:23 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2006-06-17 09:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-06-17 09:23 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-06-17 09:23 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2007-01-06 03:56 . 2007-01-06 03:56 359112 -c--a-w- c:\program files\LimeWireWin.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-03 30192]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2005-12-15 2490368]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV&inst=NzctNjE1NTcyNzQxLVQ1LUJBKzEtWEwrMS1GUDkyKzYtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsyLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzAtTFNEKzI&prod=90&ver=10.0.1390" [?]
"SymLnch"="c:\documents and settings\Owner\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" [2007-08-27 687976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-01-29 05:29 13672 ----a-w- c:\program files\Citrix\GoToAssist\607\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-08 20:05 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24829:TCP"= 24829:TCP:BitComet 24829 TCP
"24829:UDP"= 24829:UDP:BitComet 24829 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6/8/2011 1:04 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 7:04 PM 12856]
S2 gupdate1ca28f5461350d0;Google Update Service (gupdate1ca28f5461350d0);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2009 3:08 PM 133104]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [7/25/2005 11:32 PM 348352]
S3 ATHFMWDL;802.11 USB Wireless Adapter Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/19/2006 12:50 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/29/2009 3:08 PM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/9/2011 9:48 AM 39984]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-07-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 22:08]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 22:08]
.
2011-07-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-07-13 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bfdeng.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-13 17:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\607\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\zHotkey.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-07-13 18:10:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-14 01:10
.
Pre-Run: 88,304,910,336 bytes free
Post-Run: 89,936,650,240 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B29E25635D5643078FA14A89E84E3CA1

descriptionUnknown malware, etc. - Page 1 EmptyRe: Unknown malware, etc.17th July 2011, 11:21 pm

more_horiz
What was this for c:\program files\2\Crack\install.txt ?

............................................................................................

descriptionUnknown malware, etc. - Page 1 EmptyRe: Unknown malware, etc.18th July 2011, 12:20 am

more_horiz
I have no idea. I do not use pirated software, but rather buy what I need. This program sure sounds like a code or password cracker...
Mike

descriptionUnknown malware, etc. - Page 1 EmptyRe: Unknown malware, etc.18th July 2011, 12:50 am

more_horiz
How are things now.It all looks fine to me.?

............................................................................................

descriptionUnknown malware, etc. - Page 1 EmptyRe: Unknown malware, etc.18th July 2011, 2:06 am

more_horiz
Yes, I think things are much better, is there anything that I should do about the crack file or folder that you had mentioned?
Thanks for your help.

Mike

descriptionUnknown malware, etc. - Page 1 EmptyRe: Unknown malware, etc.18th July 2011, 3:16 am

more_horiz
Combofix has removed that crack file so all is well...

Ok.All done.I see no more malware.Log looks good! All those detections are either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.


ComboFix /uninstall






Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================



............................................................................................

descriptionUnknown malware, etc. - Page 1 EmptyRe: Unknown malware, etc.

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum