Sign In
Create Account
1
Uacinit.dll seems to refuse to be deleted even on reboot and it brings more and more problems in after it. Please help me with the removal of it. Thanks in advance!
Malwarebytes' Anti-Malware 1.40
Database version: 2710
Windows 5.1.2600 Service Pack 3
8/28/2009 4:02:34 PM
mbam-log-2009-08-28 (16-02-34).txt
Scan type: Quick Scan
Objects scanned: 84371
Time elapsed: 3 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:57 PM, on 8/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.206.201.8 osadwarekill.microsoft.com
O1 - Hosts: 91.206.201.8 osadwarekill.com
O1 - Hosts: 91.206.201.8 www.osadwarekill.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\lose.bat.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab
O18 - Filter hijack: text/html - {0537b63c-7bb5-41d7-b495-955ede66f1c1} - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5254 bytes
#1
Posted 28 August 2009 - 11:16 PM
-
- Members
-
- 8 posts
New Member
- Gender:Male
- Location:Ory-Gun
Back to top
#2
Posted 31 August 2009 - 03:49 PM
-
- Experts
-
- 387 posts
True Member
- Gender:Male
- Location:Manchester UK
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
- Please Read All Instructions Carefully
- If you don't understand something, stop and ask! Don't keep going on.
- Please do not run any other tools or scans whilst I am helping you
- Failure to reply within 5 days will result in the topic being closed.
- Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial
- You must download it to and run it from your Desktop
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply
- Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Quote
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
PM's for help will be ignored
#3
Posted 02 September 2009 - 07:19 PM
-
- Members
-
- 8 posts
New Member
- Gender:Male
- Location:Ory-Gun
I am at work right now, but when I get off tonight I will get that log posted up for you, thanks for your assistance 
#4
Posted 03 September 2009 - 07:45 PM
-
- Members
-
- 8 posts
New Member
- Gender:Male
- Location:Ory-Gun
Here is the log from combo fix.
ComboFix 09-09-03.02 - High Ordinator 09/03/2009 12:39.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2978 [GMT -7:00]
Running from: c:\documents and settings\High Ordinator\Desktop\AV\yoyo.bat.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\windows\system32\Data
c:\windows\system32\drivers\UACiqxjcfqpxu.sys
c:\windows\system32\UACdpmqxxtarg.dll
c:\windows\system32\UACgrcrltoblu.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmycixgkgwy.dll
c:\windows\system32\UACnridibqhky.db
c:\windows\system32\UACwvjnvrewem.dll
c:\windows\system32\UACxsaftlwowx.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.
2009-08-23 17:57 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-23 17:57 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-23 17:57 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-23 17:57 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-23 17:57 . 2009-08-23 17:57 -------- d-----w- c:\program files\Avira
2009-08-23 17:57 . 2009-08-23 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-23 17:53 . 2009-08-23 17:53 -------- d-----w- c:\program files\Trend Micro
2009-08-22 21:40 . 2009-08-22 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-08-13 18:12 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 23:44 . 2009-08-12 23:44 -------- d-----w- c:\documents and settings\High Ordinator\Local Settings\Application Data\Mozilla
2009-08-09 17:26 . 2009-08-09 17:26 -------- d-----w- c:\windows\Sun
2009-08-08 05:13 . 2009-08-08 05:13 0 ----a-w- c:\windows\nsreg.dat
2009-08-08 05:13 . 2009-08-08 05:13 -------- d-----w- c:\documents and settings\High Ordinator\Local Settings\Application Data\Flock
2009-08-08 05:13 . 2009-08-08 05:13 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Flock
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 23:49 . 2009-07-27 06:41 -------- d-----w- c:\program files\Creative
2009-08-22 21:56 . 2009-07-27 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 09:01 . 2007-07-27 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 02:01 . 2009-08-04 02:01 -------- d-----w- c:\program files\MSBuild
2009-08-04 02:01 . 2009-08-04 02:01 -------- d-----w- c:\program files\Reference Assemblies
2009-08-04 01:54 . 2009-08-04 01:54 -------- d-----w- c:\program files\JRE
2009-08-04 01:54 . 2009-08-04 01:54 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-04 01:54 . 2009-08-04 01:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-04 01:54 . 2009-08-04 01:54 -------- d-----w- c:\program files\Java
2009-08-03 20:36 . 2009-07-27 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:36 . 2009-07-27 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 05:04 . 2009-07-30 05:04 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-30 05:00 . 2009-07-27 17:57 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\vlc
2009-07-30 03:41 . 2009-07-30 03:41 -------- d-----w- c:\program files\WMV9_VCM
2009-07-27 17:56 . 2009-07-27 17:56 -------- d-----w- c:\program files\vlc-1.0.0
2009-07-27 17:54 . 2009-07-27 17:54 -------- d-----w- c:\program files\AbiSuite2
2009-07-27 17:24 . 2009-07-27 06:42 -------- d--h--w- c:\program files\Creative Installation Information
2009-07-27 08:30 . 2009-07-27 08:30 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-27 08:25 . 2009-07-27 08:25 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Malwarebytes
2009-07-27 08:25 . 2009-07-27 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-27 07:44 . 2009-07-27 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-27 07:20 . 2009-07-27 06:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-07-27 07:13 . 2009-07-27 07:13 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-27 07:09 . 2009-07-27 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-27 07:01 . 2009-07-27 06:07 12328 ----a-w- c:\documents and settings\High Ordinator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 06:59 . 2009-07-27 06:59 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Creative
2009-07-27 06:57 . 2009-07-27 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-07-27 06:46 . 2009-07-27 06:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-27 06:29 . 2009-07-27 06:29 -------- d-----w- c:\program files\ASUS
2009-07-27 06:29 . 2009-07-27 06:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-27 06:27 . 2009-07-27 06:27 -------- d-----w- c:\program files\Attansic
2009-07-27 06:24 . 2009-07-27 06:24 -------- d-----w- c:\program files\Realtek
2009-07-27 06:24 . 2009-07-27 06:24 315392 ----a-w- c:\windows\HideWin.exe
2009-07-27 06:15 . 2009-07-27 06:15 -------- d-----w- c:\program files\Intel
2009-07-27 06:14 . 2009-07-27 06:14 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Logitech
2009-07-27 06:13 . 2009-07-27 06:13 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-07-27 06:13 . 2009-07-27 06:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-07-27 06:13 . 2009-07-27 06:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-27 06:13 . 2009-07-27 06:12 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-27 06:12 . 2009-07-27 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-07-27 06:12 . 2009-07-27 06:12 -------- d-----w- c:\program files\Logitech
2009-07-27 02:05 . 2009-07-27 02:05 -------- d-----w- c:\program files\microsoft frontpage
2009-07-27 02:02 . 2009-07-27 02:02 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-17 19:01 . 2007-07-27 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 20:35 . 2009-07-14 20:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 20:35 . 2009-07-14 20:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 20:35 . 2009-07-14 20:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 20:35 . 2009-07-14 20:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 20:34 . 2009-07-14 20:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 20:34 . 2009-07-14 20:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 20:34 . 2009-07-14 20:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 20:34 . 2009-07-14 20:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 20:34 . 2009-07-14 20:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 20:34 . 2009-07-14 20:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 20:34 . 2009-07-14 20:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 20:34 . 2009-07-14 20:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 20:34 . 2009-07-14 20:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-14 18:54 . 2009-07-27 07:16 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-07-27 07:16 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-07-27 07:16 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2009-07-27 07:16 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 18:54 . 2009-07-27 06:10 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2007-08-13 21:14 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2007-08-13 21:14 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2007-08-13 21:14 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2007-08-13 21:14 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2007-08-13 21:14 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2007-08-13 21:14 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 06:43 . 2007-07-27 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 14:01 . 2009-07-27 06:09 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-29 16:12 . 2007-07-27 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2007-07-27 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2007-07-27 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2007-07-27 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2007-07-27 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2007-07-27 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2007-07-27 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2009-07-27 02:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2007-07-27 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2009-07-27 08:14 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-26 688128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/23/2009 10:57 AM 108289]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/26/2009 11:27 PM 38656]
S2 gdbsgzk;gdbsgzk;c:\windows\system32\drivers\fxhrrigh.sys --> c:\windows\system32\drivers\fxhrrigh.sys [?]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-CTFMON - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 12:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-03 12:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 19:44
Pre-Run: 83,131,293,696 bytes free
Post-Run: 83,437,473,792 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
213 --- E O F --- 2009-08-13 19:09
ComboFix 09-09-03.02 - High Ordinator 09/03/2009 12:39.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2978 [GMT -7:00]
Running from: c:\documents and settings\High Ordinator\Desktop\AV\yoyo.bat.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\windows\system32\Data
c:\windows\system32\drivers\UACiqxjcfqpxu.sys
c:\windows\system32\UACdpmqxxtarg.dll
c:\windows\system32\UACgrcrltoblu.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmycixgkgwy.dll
c:\windows\system32\UACnridibqhky.db
c:\windows\system32\UACwvjnvrewem.dll
c:\windows\system32\UACxsaftlwowx.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.
2009-08-23 17:57 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-23 17:57 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-23 17:57 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-23 17:57 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-23 17:57 . 2009-08-23 17:57 -------- d-----w- c:\program files\Avira
2009-08-23 17:57 . 2009-08-23 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-23 17:53 . 2009-08-23 17:53 -------- d-----w- c:\program files\Trend Micro
2009-08-22 21:40 . 2009-08-22 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-08-13 18:12 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 23:44 . 2009-08-12 23:44 -------- d-----w- c:\documents and settings\High Ordinator\Local Settings\Application Data\Mozilla
2009-08-09 17:26 . 2009-08-09 17:26 -------- d-----w- c:\windows\Sun
2009-08-08 05:13 . 2009-08-08 05:13 0 ----a-w- c:\windows\nsreg.dat
2009-08-08 05:13 . 2009-08-08 05:13 -------- d-----w- c:\documents and settings\High Ordinator\Local Settings\Application Data\Flock
2009-08-08 05:13 . 2009-08-08 05:13 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Flock
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 23:49 . 2009-07-27 06:41 -------- d-----w- c:\program files\Creative
2009-08-22 21:56 . 2009-07-27 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 09:01 . 2007-07-27 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 02:01 . 2009-08-04 02:01 -------- d-----w- c:\program files\MSBuild
2009-08-04 02:01 . 2009-08-04 02:01 -------- d-----w- c:\program files\Reference Assemblies
2009-08-04 01:54 . 2009-08-04 01:54 -------- d-----w- c:\program files\JRE
2009-08-04 01:54 . 2009-08-04 01:54 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-04 01:54 . 2009-08-04 01:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-04 01:54 . 2009-08-04 01:54 -------- d-----w- c:\program files\Java
2009-08-03 20:36 . 2009-07-27 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:36 . 2009-07-27 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 05:04 . 2009-07-30 05:04 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-30 05:00 . 2009-07-27 17:57 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\vlc
2009-07-30 03:41 . 2009-07-30 03:41 -------- d-----w- c:\program files\WMV9_VCM
2009-07-27 17:56 . 2009-07-27 17:56 -------- d-----w- c:\program files\vlc-1.0.0
2009-07-27 17:54 . 2009-07-27 17:54 -------- d-----w- c:\program files\AbiSuite2
2009-07-27 17:24 . 2009-07-27 06:42 -------- d--h--w- c:\program files\Creative Installation Information
2009-07-27 08:30 . 2009-07-27 08:30 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-27 08:25 . 2009-07-27 08:25 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Malwarebytes
2009-07-27 08:25 . 2009-07-27 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-27 07:44 . 2009-07-27 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-27 07:20 . 2009-07-27 06:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-27 07:16 . 2009-07-27 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-07-27 07:13 . 2009-07-27 07:13 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-27 07:09 . 2009-07-27 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-27 07:01 . 2009-07-27 06:07 12328 ----a-w- c:\documents and settings\High Ordinator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 06:59 . 2009-07-27 06:59 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Creative
2009-07-27 06:57 . 2009-07-27 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-07-27 06:46 . 2009-07-27 06:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-27 06:29 . 2009-07-27 06:29 -------- d-----w- c:\program files\ASUS
2009-07-27 06:29 . 2009-07-27 06:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-27 06:27 . 2009-07-27 06:27 -------- d-----w- c:\program files\Attansic
2009-07-27 06:24 . 2009-07-27 06:24 -------- d-----w- c:\program files\Realtek
2009-07-27 06:24 . 2009-07-27 06:24 315392 ----a-w- c:\windows\HideWin.exe
2009-07-27 06:15 . 2009-07-27 06:15 -------- d-----w- c:\program files\Intel
2009-07-27 06:14 . 2009-07-27 06:14 -------- d-----w- c:\documents and settings\High Ordinator\Application Data\Logitech
2009-07-27 06:13 . 2009-07-27 06:13 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-07-27 06:13 . 2009-07-27 06:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-07-27 06:13 . 2009-07-27 06:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-27 06:13 . 2009-07-27 06:12 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-27 06:12 . 2009-07-27 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-07-27 06:12 . 2009-07-27 06:12 -------- d-----w- c:\program files\Logitech
2009-07-27 02:05 . 2009-07-27 02:05 -------- d-----w- c:\program files\microsoft frontpage
2009-07-27 02:02 . 2009-07-27 02:02 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-17 19:01 . 2007-07-27 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 20:35 . 2009-07-14 20:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 20:35 . 2009-07-14 20:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 20:35 . 2009-07-14 20:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 20:35 . 2009-07-14 20:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 20:34 . 2009-07-14 20:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 20:34 . 2009-07-14 20:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 20:34 . 2009-07-14 20:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 20:34 . 2009-07-14 20:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 20:34 . 2009-07-14 20:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 20:34 . 2009-07-14 20:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 20:34 . 2009-07-14 20:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 20:34 . 2009-07-14 20:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 20:34 . 2009-07-14 20:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-14 18:54 . 2009-07-27 07:16 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-07-27 07:16 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-07-27 07:16 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2009-07-27 07:16 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 18:54 . 2009-07-27 06:10 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2007-08-13 21:14 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2007-08-13 21:14 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2007-08-13 21:14 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2007-08-13 21:14 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2007-08-13 21:14 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2007-08-13 21:14 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 06:43 . 2007-07-27 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 14:01 . 2009-07-27 06:09 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-29 16:12 . 2007-07-27 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2007-07-27 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2007-07-27 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2007-07-27 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2007-07-27 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2007-07-27 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2007-07-27 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2009-07-27 02:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2007-07-27 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2009-07-27 08:14 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-23 101136]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-26 688128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/23/2009 10:57 AM 108289]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/26/2009 11:27 PM 38656]
S2 gdbsgzk;gdbsgzk;c:\windows\system32\drivers\fxhrrigh.sys --> c:\windows\system32\drivers\fxhrrigh.sys [?]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-CTFMON - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 12:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-03 12:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 19:44
Pre-Run: 83,131,293,696 bytes free
Post-Run: 83,437,473,792 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
213 --- E O F --- 2009-08-13 19:09
#5
Posted 03 September 2009 - 09:45 PM
-
- Experts
-
- 387 posts
True Member
- Gender:Male
- Location:Manchester UK
----------------------------------------------------------------------------------------
Step 1
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
----------------------------------------------------------------------------------------
Step 2
Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Step 1
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
Quote
O1 - Hosts: 91.206.201.8 osadwarekill.microsoft.com
O1 - Hosts: 91.206.201.8 osadwarekill.com
O1 - Hosts: 91.206.201.8 www.osadwarekill.com
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O18 - Filter hijack: text/html - {0537b63c-7bb5-41d7-b495-955ede66f1c1} - (no file)
O1 - Hosts: 91.206.201.8 osadwarekill.com
O1 - Hosts: 91.206.201.8 www.osadwarekill.com
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O18 - Filter hijack: text/html - {0537b63c-7bb5-41d7-b495-955ede66f1c1} - (no file)
Now click Fix checked
Click yes to any prompts
Close HijackThis
----------------------------------------------------------------------------------------
Step 2
Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following
- Start MalwareBytes AntiMalware
- Update Malwarebytes' Anti-Malware
- Select the Update tab
- Click Update
- Update Malwarebytes' Anti-Malware
- When the update is complete, select the Scanner tab
- Select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
- If you accidently close it, the log file is saved here and will be named like this:
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
- A fresh HJT log
- MawareBytes Log
- C:\Qoobox\Add-Remove Programs.txt
- How are things running now ?
PM's for help will be ignored
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
